Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32:evo-gen, win7 infected explorer.exe files, NGINX?


  • This topic is locked This topic is locked
21 replies to this topic

#1 Hdeleon

Hdeleon

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 28 February 2016 - 04:43 PM

Hi,

 

New to the forum and in seek of help. While I can usually clean up the spyware and virii myself, this infection seems particularly deep rooted and persistent. If someone could provide assistance, it would be very much appreciated.

 

 

-I have several computers that I use from home/work.

-I run dropbox, mozilla thunerbird, and on occasion, chrome desktop viewer between them.

-Use Chrome as main browser, but also use IE, Firefox, and Iron (I have multiple ebay, amazon, and paypal accounts).

 

 

-Was getting "modified system file" warnings on virus scans from Avira for past few months on home computer, but thought they were being taken care of (were being ignored apparently)

-Few days ago find "WinPcap" on main work computer (didn't install it, don't use any of the normal programs associated with it). Uninstall it.

-Few days after that, find "WinPcap" on main Home computer. Uninstall it.

-Try to go to Paypal in ie on home computer, but after login get NGINX screen.

-Try avira scan, housecall, adaware, malwarebytes, spybot, spyblaster,avast, adwcleaner, tdsskiller, mini toolbox, farbar, combofix, etc.

 

-Work computer (which uses win7 32 bit, chrome beta, and avast) seems to get cleaned

-Home computer (win 7 64 bit, chrome, avira) still claiming infected and suspicious files in aswMBR

 

06:38:19.821    File: C:\Windows\SysWOW64\explorer.exe  **INFECTED** Win32:Evo-gen [Susp]
07:08:02.950    File: C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.19135_none_ba1a821dc4cc4ada\explorer.exe  **INFECTED** Win32:Evo-gen [Susp]
07:08:03.153    File: C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23338_none_baa721acdde733d0\explorer.exe  **INFECTED** Win32:Evo-gen [Susp]
 
-Rebooting takes about 23 MINUTES from the "windows is starting" screen to get to the point where I am taken to the desktop and can open programs

 

Thanks in advance

 

FRST reports:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
Ran by Hd (administrator) on HOMER-I5 (28-02-2016 13:36:28)
Running from D:\Anime
Loaded Profiles: Hd (Available Profiles: Hd)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-26] (AVAST Software)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-306691007-2615865444-313156792-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-26] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exeaswBoot.exe /A:C: /A:* STARTUP /L:1033 /heur:80 /RA:fix /pup /archives /IA:0 /KBD:2 /wow /dir:C:\Program
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D0975A8E-E49E-43BF-904D-49530FB7A18A}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Hd (2016-02-28 13:36:46)
Running from D:\Anime
Windows 7 Professional Service Pack 1 (X64) (2009-10-23 11:03:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-306691007-2615865444-313156792-500 - Administrator - Disabled)
Guest (S-1-5-21-306691007-2615865444-313156792-501 - Limited - Enabled)
Hd (S-1-5-21-306691007-2615865444-313156792-1001 - Administrator - Enabled) => C:\Users\Hd
HomeGroupUser$ (S-1-5-21-306691007-2615865444-313156792-1006 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
"Nero SoundTrax Help (x32 Version: 4.0.15.0 - Nero AG) Hidden
60 Seconds! (HKLM-x32\...\Steam App 368360) (Version:  - Robot Gentleman)
Able2Extract Professional 8.0 (HKLM-x32\...\{C894CC24-0DEC-4340-BCC9-DD4310DF3BED}_is1) (Version: 8.0 - Investintech.com Inc.)
Ad-Aware Antivirus (HKLM\...\{50E2E8FE-1F8B-4F21-BE9F-F9152D3EA5B1}_AdAwareUpdater) (Version: 11.10.767.8917 - Lavasoft)
AdAwareUpdater (Version: 11.10.767.8917 - Lavasoft) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Alpha Protocol (HKLM-x32\...\Steam App 34010) (Version:  - Obsidian Entertainment)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
AntimalwareEngine (Version: 3.0.99.0 - Lavasoft) Hidden
ASUS Utility (x32 Version: 1.00.0000 - ASUSTek) Hidden
ASUS VGA Driver (x32 Version: 3.0.0.1 - ASUSTek) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Avery Template - U_0087_01_PlateauLines_0805_01_en (HKLM-x32\...\{A760067A-C07E-1033-0000-A764AC000002}) (Version: 1.0.0.0 - Avery)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Bionic Commando Rearmed (HKLM-x32\...\Steam App 21680) (Version:  - Capcom)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bully Scholarship Edition (HKLM-x32\...\InstallShield_{A724605D-B399-4304-B8C7-33B3EF7D4677}) (Version: 1.00.0200 - Rockstar Games)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414) (Version:  - )
Catalyst Control Center Next Localization BR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden

Edited by Hdeleon, 28 February 2016 - 05:10 PM.


BC AdBot (Login to Remove)

 


#2 Hdeleon

Hdeleon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 28 February 2016 - 04:55 PM

The logs look different than what I thought I posted. Trying again:
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
Ran by Hd (administrator) on HOMER-I5 (28-02-2016 13:36:28)
Running from D:\Anime
Loaded Profiles: Hd (Available Profiles: Hd)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-26] (AVAST Software)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-306691007-2615865444-313156792-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-26] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exeaswBoot.exe /A:C: /A:* STARTUP /L:1033 /heur:80 /RA:fix /pup /archives /IA:0 /KBD:2 /wow /dir:C:\Program
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D0975A8E-E49E-43BF-904D-49530FB7A18A}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-306691007-2615865444-313156792-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-306691007-2615865444-313156792-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-306691007-2615865444-313156792-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-306691007-2615865444-313156792-1001 -> DefaultScope {BABC918B-EED6-4031-9FC5-4782AAEC1C34} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-306691007-2615865444-313156792-1001 -> {82D18110-AE87-4D08-8247-E9ADB2C70E20} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGLL_en
SearchScopes: HKU\S-1-5-21-306691007-2615865444-313156792-1001 -> {BABC918B-EED6-4031-9FC5-4782AAEC1C34} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-26] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-26] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-306691007-2615865444-313156792-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Hd\AppData\Roaming\Mozilla\Firefox\Profiles\zya50jdq.default
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-03] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [No File]
FF Plugin-x32: @stamps.com/Web client plug-in,version=1.1.0.41 -> C:\Program Files (x86)\Stamps.com Web Postage Plug-in\npsdcwc.dll [2012-06-12] (Stamps.com, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin HKU\S-1-5-21-306691007-2615865444-313156792-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Hd\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-07] (Citrix Online)
FF Plugin HKU\S-1-5-21-306691007-2615865444-313156792-1001: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-06-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-06-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-06-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-06-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-06-06] (Apple Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-27]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Hd\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (QQ2013 Firefox Plugin) - C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll => No File
CHR Plugin: (QQ2013 Chrome Plugin for Chrome V23.0.1271.64 or latest version) - C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll => No File
CHR Plugin: (Tencent SSO Platform) - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.250.18) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 8 U25) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Stamps.com Web Client NPAPI Plug-in) - C:\Program Files (x86)\Stamps.com Web Postage Plug-in\npsdcwc.dll (Stamps.com, Inc.)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Hd\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll => No File
CHR Profile: C:\Users\Hd\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Hd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Hd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Hd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Hd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-02-10]
CHR Extension: (Avast Online Security) - C:\Users\Hd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-27]
CHR Extension: (Kami (formerly Notable PDF)) - C:\Users\Hd\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljojpiodmlhoehoecppliohmplbgeij [2015-10-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Hd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-26]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD External Events Utility; C:\Windows\SysWOW64\atiesrxx.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-26] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-07-07] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-08-21] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2013-06-29] (Creative Labs) [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [11075816 2015-10-16] (DisplayLink Corp.)
S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
S3 VSS; C:\Windows\SysWOW64\vssvc.exe [0 2014-04-26] () <==== ATTENTION (zero byte File/Folder)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [1311616 2009-08-17] (NXP Semiconductors Germany GmbH)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-02-27] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-26] (AVAST Software)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.9.630.0.sys [58640 2015-11-30] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-01-09] (Duplex Secure Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-28] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-12-09] (BitDefender S.R.L.)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-06-26] (Acronis)
S3 aswVmm; \??\C:\Users\Hd\AppData\Local\Temp\aswVmm.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DualCoreCenter; \??\C:\Program Files (x86)\MSI\DualCoreCenter\NTGLM7X64.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 VIAHdAudAddService; system32\drivers\viahduaa.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-28 12:39 - 2016-02-28 12:43 - 00213210 _____ C:\TDSSKiller.3.1.0.9_28.02.2016_12.39.27_log.txt
2016-02-28 12:36 - 2016-02-28 12:36 - 00026033 _____ C:\ComboFix.txt
2016-02-28 12:05 - 2016-02-28 12:39 - 00000000 ____D C:\Users\Hd\Desktop\New folder
2016-02-28 11:56 - 2016-02-28 11:56 - 00001028 _____ C:\Users\Hd\Desktop\JRT.txt
2016-02-28 11:22 - 2016-02-28 12:42 - 00241074 _____ C:\Windows\ntbtlog.txt
2016-02-27 15:02 - 2016-02-28 11:37 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-02-27 15:02 - 2016-02-28 05:17 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-27 14:55 - 2015-12-24 05:03 - 00316168 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-02-27 12:45 - 2016-02-27 12:58 - 00213128 _____ C:\TDSSKiller.3.1.0.9_27.02.2016_12.45.20_log.txt
2016-02-27 12:43 - 2016-02-27 12:43 - 00000000 ____D C:\$WINDOWS.~BT
2016-02-27 12:42 - 2016-02-27 12:42 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-27 12:42 - 2016-02-26 14:02 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-02-27 11:13 - 2016-02-27 11:14 - 00000288 _____ C:\Users\Hd\Documents\cc_20160227_111311.reg
2016-02-26 14:11 - 2016-02-26 14:11 - 00000000 ____D C:\Users\Hd\AppData\Roaming\AVAST Software
2016-02-26 14:03 - 2016-02-27 12:42 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-02-26 14:03 - 2016-02-27 12:42 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-02-26 14:03 - 2016-02-26 14:07 - 00001930 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-02-26 14:03 - 2016-02-26 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-02-26 14:03 - 2016-02-26 14:02 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-02-26 14:03 - 2016-02-26 14:02 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-02-26 14:03 - 2016-02-26 14:02 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-02-26 14:03 - 2016-02-26 14:02 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-02-26 14:03 - 2016-02-26 14:02 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-02-26 14:03 - 2016-02-26 14:02 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-26 14:02 - 2016-02-26 14:02 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-26 14:01 - 2016-02-26 14:01 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-26 14:01 - 2016-02-26 14:01 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-26 11:59 - 2016-02-27 15:47 - 00000136 _____ C:\Users\Hd\Desktop\clean.txt
2016-02-25 14:54 - 2016-02-25 14:54 - 00000000 ____D C:\Users\Hd\AppData\Roaming\LavasoftStatistics
2016-02-25 14:47 - 2016-02-25 14:47 - 00000750 _____ C:\Users\Hd\Documents\cc_20160225_144742.reg
2016-02-25 11:32 - 2016-02-25 11:32 - 00000218 _____ C:\Users\Hd\AppData\Local\recently-used.xbel
2016-02-25 10:52 - 2016-02-25 10:52 - 00000000 ____D C:\Program Files\Lavasoft
2016-02-25 10:51 - 2016-02-25 10:51 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2016-02-25 10:15 - 2016-02-27 16:58 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-02-25 10:15 - 2016-02-25 10:15 - 00003880 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-02-25 10:14 - 2016-02-25 10:14 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-25 10:14 - 2016-02-25 10:14 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-25 10:12 - 2016-02-25 10:12 - 00000612 _____ C:\Users\Hd\Documents\cc_20160225_101218.reg
2016-02-25 10:08 - 2016-02-28 12:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-25 10:08 - 2016-02-25 10:10 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-25 10:08 - 2016-02-25 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-25 10:08 - 2016-02-25 10:08 - 00000830 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-25 10:07 - 2016-02-25 11:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-25 10:07 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-25 10:07 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-25 10:07 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-25 09:42 - 2016-02-25 09:59 - 00001087 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2016-02-25 09:34 - 2016-02-25 09:34 - 00004202 _____ C:\Users\Hd\Documents\cc_20160225_093420.reg
2016-02-25 09:34 - 2016-02-25 09:34 - 00000162 _____ C:\Users\Hd\Documents\cc_20160225_093444.reg
2016-02-25 09:33 - 2016-02-25 09:34 - 00002350 _____ C:\Users\Hd\Documents\cc_20160225_093353.reg
2016-02-21 13:42 - 2016-02-27 11:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-19 02:57 - 2016-02-19 02:58 - 00000000 ____D C:\Users\Hd\Documents\SEGA Genesis Classics
2016-02-09 22:32 - 2016-02-06 02:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-09 22:32 - 2016-02-06 02:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-09 22:32 - 2016-02-06 02:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-09 22:32 - 2016-02-06 02:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-09 22:32 - 2016-02-06 02:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-09 22:32 - 2016-02-06 02:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-09 22:32 - 2016-02-06 01:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-09 22:32 - 2016-02-06 01:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-09 22:32 - 2016-02-06 01:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-09 22:32 - 2016-02-06 01:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-09 22:32 - 2016-02-06 01:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-09 22:32 - 2016-02-06 01:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-09 22:32 - 2016-02-06 01:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-09 22:32 - 2016-02-06 00:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-09 22:32 - 2016-01-22 12:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-09 22:32 - 2016-01-22 12:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-09 22:32 - 2016-01-21 22:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-09 22:32 - 2016-01-21 22:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-09 22:32 - 2016-01-21 22:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-09 22:32 - 2016-01-21 22:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-09 22:32 - 2016-01-21 22:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-09 22:32 - 2016-01-21 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-09 22:32 - 2016-01-21 22:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-09 22:32 - 2016-01-21 22:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-09 22:32 - 2016-01-21 22:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-09 22:32 - 2016-01-21 22:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-09 22:32 - 2016-01-21 22:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-09 22:32 - 2016-01-21 22:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-09 22:32 - 2016-01-21 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-09 22:32 - 2016-01-21 22:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-09 22:32 - 2016-01-21 22:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-09 22:32 - 2016-01-21 22:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-09 22:32 - 2016-01-21 22:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-09 22:32 - 2016-01-21 22:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-09 22:32 - 2016-01-21 22:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-09 22:32 - 2016-01-21 22:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-09 22:32 - 2016-01-21 22:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-09 22:32 - 2016-01-21 22:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-09 22:32 - 2016-01-21 22:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-09 22:32 - 2016-01-21 22:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-09 22:32 - 2016-01-21 22:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-09 22:32 - 2016-01-21 21:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-09 22:32 - 2016-01-21 21:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-09 22:32 - 2016-01-21 21:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-09 22:32 - 2016-01-21 21:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-09 22:32 - 2016-01-21 21:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-09 22:32 - 2016-01-21 21:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-09 22:32 - 2016-01-21 21:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-09 22:32 - 2016-01-21 21:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-09 22:32 - 2016-01-21 21:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-09 22:32 - 2016-01-21 21:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-09 22:32 - 2016-01-21 21:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-09 22:32 - 2016-01-21 21:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-09 22:32 - 2016-01-21 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-09 22:32 - 2016-01-21 21:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-09 22:32 - 2016-01-21 21:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-09 22:32 - 2016-01-21 21:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-09 22:32 - 2016-01-21 21:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-09 22:32 - 2016-01-21 21:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-09 22:32 - 2016-01-21 21:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-09 22:32 - 2016-01-21 21:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-09 22:32 - 2016-01-21 21:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-09 22:32 - 2016-01-21 21:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-09 22:32 - 2016-01-21 21:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-09 22:32 - 2016-01-21 21:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-09 22:32 - 2016-01-21 21:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-09 22:32 - 2016-01-16 11:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-09 22:32 - 2016-01-16 10:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-09 22:32 - 2016-01-11 06:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-09 22:32 - 2016-01-11 06:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-09 22:32 - 2016-01-11 06:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-09 22:32 - 2016-01-11 06:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-09 22:32 - 2016-01-11 06:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-09 22:32 - 2016-01-06 11:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-09 22:32 - 2016-01-06 11:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-09 22:32 - 2016-01-06 10:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-09 22:31 - 2016-01-16 11:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-09 22:31 - 2016-01-16 10:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-09 22:31 - 2016-01-11 11:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-09 22:31 - 2016-01-11 11:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-09 22:31 - 2016-01-11 11:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-09 22:31 - 2016-01-11 10:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-09 22:31 - 2016-01-11 10:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-09 22:31 - 2016-01-11 10:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-09 22:31 - 2016-01-11 10:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-09 22:31 - 2016-01-11 10:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-09 22:31 - 2016-01-11 10:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-09 22:31 - 2016-01-11 10:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-09 22:31 - 2016-01-11 10:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-09 22:31 - 2016-01-11 10:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-09 22:31 - 2016-01-11 10:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-09 22:31 - 2016-01-11 10:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-09 22:31 - 2016-01-11 10:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-09 22:31 - 2016-01-11 10:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-09 22:31 - 2016-01-07 09:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-09 22:31 - 2016-01-07 09:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-09 22:31 - 2015-12-20 10:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-09 22:31 - 2015-12-20 10:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-09 22:31 - 2015-12-20 06:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-09 22:30 - 2016-01-21 22:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-09 22:30 - 2016-01-21 22:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-09 22:30 - 2016-01-21 22:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-09 22:30 - 2016-01-21 22:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-09 22:30 - 2016-01-21 22:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-09 22:30 - 2016-01-21 22:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-09 22:30 - 2016-01-21 22:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-09 22:30 - 2016-01-21 22:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-09 22:30 - 2016-01-21 22:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-09 22:30 - 2016-01-21 22:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-09 22:30 - 2016-01-21 22:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-09 22:30 - 2016-01-21 22:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-09 22:30 - 2016-01-21 22:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-09 22:30 - 2016-01-21 22:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-09 22:30 - 2016-01-21 22:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-09 22:30 - 2016-01-21 22:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-09 22:30 - 2016-01-21 22:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-09 22:30 - 2016-01-21 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-09 22:30 - 2016-01-21 22:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-09 22:30 - 2016-01-21 22:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-09 22:30 - 2016-01-21 22:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-09 22:30 - 2016-01-21 22:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-09 22:30 - 2016-01-21 22:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-09 22:30 - 2016-01-21 22:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-09 22:30 - 2016-01-21 22:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-09 22:30 - 2016-01-21 22:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-09 22:30 - 2016-01-21 22:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-09 22:30 - 2016-01-21 22:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-09 22:30 - 2016-01-21 22:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-09 22:30 - 2016-01-21 22:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-09 22:30 - 2016-01-21 22:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-09 22:30 - 2016-01-21 22:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-09 22:30 - 2016-01-21 22:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-09 22:30 - 2016-01-21 22:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-09 22:30 - 2016-01-21 22:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-09 22:30 - 2016-01-21 22:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 22:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-09 22:30 - 2016-01-21 22:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-09 22:30 - 2016-01-21 22:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-09 22:30 - 2016-01-21 22:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-09 22:30 - 2016-01-21 22:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-09 22:30 - 2016-01-21 22:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-09 22:30 - 2016-01-21 22:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-09 22:30 - 2016-01-21 22:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-09 22:30 - 2016-01-21 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-09 22:30 - 2016-01-21 22:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-09 22:30 - 2016-01-21 22:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-09 22:30 - 2016-01-21 22:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-09 22:30 - 2016-01-21 22:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-09 22:30 - 2016-01-21 22:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-09 22:30 - 2016-01-21 22:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-09 22:30 - 2016-01-21 22:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-09 22:30 - 2016-01-21 22:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-09 22:30 - 2016-01-21 22:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-09 22:30 - 2016-01-21 22:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-09 22:30 - 2016-01-21 22:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-09 22:30 - 2016-01-21 22:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-09 22:30 - 2016-01-21 22:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 21:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-09 22:30 - 2016-01-21 21:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-09 22:30 - 2016-01-21 21:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-09 22:30 - 2016-01-21 21:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-09 22:30 - 2016-01-21 21:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-09 22:30 - 2016-01-21 21:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-09 22:30 - 2016-01-21 20:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-09 22:30 - 2016-01-21 20:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-09 22:30 - 2016-01-21 20:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-09 22:30 - 2016-01-21 20:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-09 22:30 - 2016-01-21 20:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-09 22:30 - 2016-01-21 20:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-09 22:30 - 2016-01-21 20:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-09 22:30 - 2016-01-21 20:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-09 22:30 - 2016-01-21 20:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-09 22:30 - 2016-01-21 20:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-09 22:30 - 2016-01-21 20:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 20:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 20:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 22:30 - 2016-01-21 20:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-06 02:28 - 2015-12-10 06:10 - 00192552 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuFdDisk.sys
2016-02-06 02:28 - 2015-12-10 06:10 - 00060968 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eubakup.sys
2016-02-06 02:28 - 2015-12-10 06:10 - 00048168 _____ C:\Windows\system32\Drivers\EUBKMON.sys
2016-02-06 02:28 - 2015-12-10 06:10 - 00018472 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eudskacs.sys
2016-02-04 23:15 - 2012-03-13 16:54 - 36595712 _____ C:\Users\Hd\Documents\Disk_Copy.iso
2016-02-02 05:37 - 2016-02-02 05:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack 64bit
2016-02-02 05:36 - 2016-02-02 05:37 - 00000000 ____D C:\Program Files\Combined Community Codec Pack 64bit
2016-02-01 18:44 - 2016-02-01 18:44 - 00006273 _____ C:\Users\Hd\Downloads\WDkwFzmJTk0.swf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-28 13:36 - 2015-10-17 14:04 - 00000000 ____D C:\FRST
2016-02-28 13:21 - 2009-07-13 20:45 - 00013792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-28 13:21 - 2009-07-13 20:45 - 00013792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-28 13:15 - 2009-07-13 21:13 - 00006222 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-28 13:09 - 2014-01-16 19:14 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-28 13:08 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-28 12:36 - 2015-06-16 04:36 - 00000000 ____D C:\Qoobox
2016-02-28 12:31 - 2015-06-16 04:35 - 00000000 ____D C:\Windows\erdnt
2016-02-28 12:31 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2016-02-28 12:06 - 2015-07-21 05:09 - 00000000 ____D C:\AdwCleaner
2016-02-28 11:22 - 2014-09-06 02:23 - 02991104 ___SH C:\Users\Hd\Desktop\Thumbs.db
2016-02-28 11:20 - 2013-06-17 01:51 - 00062308 _____ C:\Windows\system32\BMXState-{00000006-00000000-00000000-00001102-0000000B-00411102}.rfx
2016-02-28 11:20 - 2013-06-17 01:51 - 00000820 _____ C:\Windows\system32\DVCState-{00000006-00000000-00000000-00001102-0000000B-00411102}.rfx
2016-02-28 11:20 - 2011-06-30 23:52 - 00062308 _____ C:\Windows\system32\BMXStateBkp-{00000006-00000000-00000000-00001102-0000000B-00411102}.rfx
2016-02-28 10:54 - 2014-01-16 19:14 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-28 04:50 - 2009-10-23 05:43 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-02-28 04:36 - 2011-08-13 20:12 - 20423462 _____ C:\Users\Hd\AppData\Local\census.cache
2016-02-28 04:29 - 2011-08-13 20:07 - 00140200 _____ C:\Users\Hd\AppData\Local\ars.cache
2016-02-27 20:15 - 2015-01-08 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stamps.com
2016-02-27 15:01 - 2014-09-17 01:41 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-02-27 15:01 - 2009-12-16 20:35 - 00000000 ____D C:\ProgramData\TEMP
2016-02-27 14:49 - 2015-05-29 00:13 - 00000000 ____D C:\Users\Hd\AppData\Roaming\MPC-HC
2016-02-27 12:43 - 2009-10-23 03:50 - 00000000 ____D C:\Windows\Panther
2016-02-27 11:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-02-27 11:36 - 2015-06-20 13:24 - 00000000 ____D C:\Users\Hd\AppData\Local\Dropbox
2016-02-27 11:35 - 2009-10-23 05:46 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-02-27 11:33 - 2013-02-10 21:02 - 00000000 ____D C:\Users\Hd\AppData\Roaming\Dropbox
2016-02-27 11:33 - 2009-11-20 18:02 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-26 14:03 - 2015-09-09 05:40 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-26 13:50 - 2014-09-11 00:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-26 11:46 - 2009-10-24 06:14 - 00000000 ____D C:\Users\Hd\AppData\Local\ElevatedDiagnostics
2016-02-26 11:09 - 2014-08-24 21:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-02-26 03:36 - 2014-03-26 00:06 - 00000010 _____ C:\Users\Hd\AppData\Local\sponge.last.runtime.cache
2016-02-26 03:20 - 2010-05-16 22:48 - 00000000 ___RD C:\Users\Hd\Documents\Scanned Documents
2016-02-25 11:31 - 2014-09-06 12:07 - 00000000 ____D C:\Users\Hd\AppData\Roaming\deluge
2016-02-25 11:30 - 2009-10-24 13:52 - 00007621 _____ C:\Users\Hd\AppData\Local\Resmon.ResmonCfg
2016-02-25 10:15 - 2009-10-23 03:55 - 00000000 ____D C:\Users\Hd\AppData\Local\Adobe
2016-02-25 09:59 - 2014-09-17 01:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2016-02-25 09:47 - 2015-11-17 02:36 - 00000000 ____D C:\Users\Hd\.oracle_jre_usage
2016-02-25 09:45 - 2015-04-30 00:42 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-25 09:45 - 2015-04-30 00:42 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-25 09:43 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-02-25 09:26 - 2014-12-21 00:37 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-24 22:22 - 2013-02-10 21:04 - 00000000 ___RD C:\Users\Hd\Dropbox
2016-02-16 23:55 - 2016-01-22 01:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-02-16 21:26 - 2014-12-21 23:25 - 00000000 ____D C:\Users\Hd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-02-14 07:50 - 2011-02-09 23:28 - 00000000 ____D C:\ProgramData\Trend Micro
2016-02-10 15:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-02-10 13:26 - 2009-07-13 20:45 - 05048040 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-10 10:02 - 2015-04-30 02:52 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-10 10:02 - 2014-04-23 21:48 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-10 10:02 - 2009-07-13 23:47 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 09:46 - 2013-07-26 02:00 - 00000000 ____D C:\Windows\system32\MRT
2016-02-10 07:32 - 2009-10-23 03:25 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-10 04:51 - 2009-07-13 18:34 - 00000478 _____ C:\Windows\win.ini
2016-02-06 02:25 - 2010-08-17 08:06 - 00000000 ____D C:\Program Files (x86)\EASEUS
2016-02-04 22:15 - 2009-10-24 02:35 - 00000000 ____D C:\Users\Hd\Documents\My Received Files
2016-01-31 16:53 - 2013-11-18 21:33 - 00000000 ____D C:\ProgramData\Oracle
2016-01-31 12:49 - 2014-01-16 19:14 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-31 12:49 - 2014-01-16 19:14 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2009-10-23 07:36 - 2012-04-23 23:38 - 0000185 _____ () C:\Users\Hd\AppData\Roaming\default.rss
2011-08-13 20:07 - 2016-02-28 04:29 - 0140200 _____ () C:\Users\Hd\AppData\Local\ars.cache
2011-08-13 20:12 - 2016-02-28 04:36 - 20423462 _____ () C:\Users\Hd\AppData\Local\census.cache
2009-11-29 00:39 - 2009-11-29 00:39 - 0000036 _____ () C:\Users\Hd\AppData\Local\housecall.guid.cache
2016-02-25 11:32 - 2016-02-25 11:32 - 0000218 _____ () C:\Users\Hd\AppData\Local\recently-used.xbel
2009-10-24 13:52 - 2016-02-25 11:30 - 0007621 _____ () C:\Users\Hd\AppData\Local\Resmon.ResmonCfg
2014-03-26 00:06 - 2016-02-26 03:36 - 0000010 _____ () C:\Users\Hd\AppData\Local\sponge.last.runtime.cache
2010-01-22 03:34 - 2010-06-08 12:13 - 0001626 _____ () C:\ProgramData\afl.log
2011-02-23 22:57 - 2011-02-23 22:57 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\atieclxx.exe
C:\Windows\SysWOW64\atiesrxx.exe
C:\Windows\SysWOW64\audiodg.exe
C:\Windows\SysWOW64\conhost.exe
C:\Windows\SysWOW64\consent.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\PrintIsolationHost.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\VSSVC.exe
C:\Windows\SysWOW64\winlogon.exe
C:\Windows\SysWOW64\ZSHP1020.EXE
C:\Windows\System32\aticfx32.dll
C:\Windows\System32\atidxx32.dll
C:\Windows\System32\atiu9pag.dll
C:\Windows\System32\atiumdag.dll
C:\Windows\System32\atiumdva.dll
C:\Windows\System32\atiuxpag.dll
C:\Windows\System32\MSVBVM60.DLL
C:\Windows\System32\olepro32.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-28 07:37
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Hd (2016-02-28 13:36:46)
Running from D:\Anime
Windows 7 Professional Service Pack 1 (X64) (2009-10-23 11:03:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-306691007-2615865444-313156792-500 - Administrator - Disabled)
Guest (S-1-5-21-306691007-2615865444-313156792-501 - Limited - Enabled)
Hd (S-1-5-21-306691007-2615865444-313156792-1001 - Administrator - Enabled) => C:\Users\Hd
HomeGroupUser$ (S-1-5-21-306691007-2615865444-313156792-1006 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
"Nero SoundTrax Help (x32 Version: 4.0.15.0 - Nero AG) Hidden
60 Seconds! (HKLM-x32\...\Steam App 368360) (Version:  - Robot Gentleman)
Able2Extract Professional 8.0 (HKLM-x32\...\{C894CC24-0DEC-4340-BCC9-DD4310DF3BED}_is1) (Version: 8.0 - Investintech.com Inc.)
Ad-Aware Antivirus (HKLM\...\{50E2E8FE-1F8B-4F21-BE9F-F9152D3EA5B1}_AdAwareUpdater) (Version: 11.10.767.8917 - Lavasoft)
AdAwareUpdater (Version: 11.10.767.8917 - Lavasoft) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Alpha Protocol (HKLM-x32\...\Steam App 34010) (Version:  - Obsidian Entertainment)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
AntimalwareEngine (Version: 3.0.99.0 - Lavasoft) Hidden
ASUS Utility (x32 Version: 1.00.0000 - ASUSTek) Hidden
ASUS VGA Driver (x32 Version: 3.0.0.1 - ASUSTek) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Avery Template - U_0087_01_PlateauLines_0805_01_en (HKLM-x32\...\{A760067A-C07E-1033-0000-A764AC000002}) (Version: 1.0.0.0 - Avery)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Bionic Commando Rearmed (HKLM-x32\...\Steam App 21680) (Version:  - Capcom)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bully Scholarship Edition (HKLM-x32\...\InstallShield_{A724605D-B399-4304-B8C7-33B3EF7D4677}) (Version: 1.00.0200 - Rockstar Games)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414) (Version:  - )
Catalyst Control Center Next Localization BR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{1B1BF50E-ACE8-4481-B362-89544FB1CD4B}) (Version: 1.0.357 - Citrix)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
CPUID CPU-Z 1.72.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative 3DMIDI Player (HKLM-x32\...\3DMIDI) (Version: 1.11 - Creative Technology Limited)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Diagnostics (HKLM-x32\...\Diagnostics 4_5) (Version: 5.11 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version:  - )
Deponia (HKLM-x32\...\Deponia) (Version: 2.0 - Daedalic Entertainment)
DisplayLink Core Software (HKLM\...\{DF3F0788-16F0-4894-9748-677409D69100}) (Version: 7.9.630.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{2B3CC359-0B1C-4C84-B914-0B3BE0907EC2}) (Version: 7.9.658.0 - DisplayLink Corp.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.0.34 - DivX, LLC)
DmC Devil May Cry (HKLM-x32\...\Steam App 220440) (Version:  - Ninja Theory)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
EASEUS Data Recovery Wizard 5.0.1 (HKLM-x32\...\EASEUS Data Recovery Wizard 5.0.1_is1) (Version:  - EASEUS)
Empire Earth III (HKLM-x32\...\{2BDED1CF-50B0-406F-AE5C-53FD91236F45}) (Version: 1.00.0000 - Rebellion)
Enemy Mind (HKLM-x32\...\Steam App 285840) (Version:  - Schell Games)
Eternal Senia (HKLM-x32\...\Steam App 351640) (Version:  - Holy Priest)
FINAL FANTASY V (HKLM-x32\...\Steam App 382890) (Version:  - SQUARE ENIX)
Flame Over (HKLM-x32\...\Steam App 345080) (Version:  - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Game of Thrones - A Telltale Games Series (HKLM-x32\...\Steam App 330840) (Version:  - Telltale Games)
Gods Will Be Watching (HKLM-x32\...\Steam App 274290) (Version:  - Deconstructeam)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hell Yeah! (HKLM-x32\...\Steam App 205230) (Version:  - Arkedo)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HuniePop (HKLM-x32\...\Steam App 339800) (Version:  - HuniePot)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Jet Set Radio (HKLM-x32\...\Steam App 205950) (Version:  - Blit Software)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version:  - DONTNOD Entertainment)
LISA (HKLM-x32\...\Steam App 335670) (Version:  - Dingaling)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Lost Planet 3 (HKLM-x32\...\Steam App 226720) (Version:  - Spark Unlimited)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Menu Templates - Starter Kit (x32 Version: 9.0.4.0 - Nero AG) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Movie Templates - Starter Kit (x32 Version: 9.0.4.0 - Nero AG) Hidden
Mozilla Thunderbird 38.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.6.0 (x86 en-US)) (Version: 38.6.0 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version:  - Telltale Games)
Poker Night at the Inventory (HKLM-x32\...\Steam App 31280) (Version:  - Telltale Games)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Remember Me (HKLM-x32\...\Steam App 228300) (Version:  - DONTNOD Entertainment)
resident evil 4 / biohazard 4 (HKLM-x32\...\Steam App 254700) (Version:  - Capcom)
Saints Row 2 (HKLM-x32\...\Steam App 9480) (Version:  - Volition)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Seagate DiscWizard (HKLM-x32\...\{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}) (Version: 13.0.14387 - Seagate)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version:  - Sega)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SoundTrax (x32 Version: 4.0.18.0 - Nero AG) Hidden
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
SpywareBlaster 5.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC)
Stamps.com (HKLM-x32\...\Stamps.com) (Version:  - Stamps.com, Inc.)
Stamps.com (x32 Version: 12.1.1.2876 - Stamps.com, Inc.) Hidden
Stamps.com Web Postage Plug-in (HKLM-x32\...\Stamps.com Web Postage Plug-in) (Version:  - Stamps.com, Inc.)
Stamps.com Web Postage Plug-in (x32 Version: 1.1.0.41 - Stamps.com) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Strider (HKLM-x32\...\Steam App 235210) (Version:  - Double Helix Games)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Legend of Heroes: Trails in the Sky SC (HKLM-x32\...\Steam App 251290) (Version:  - Nihon Falcom)
The Sims™ 3 (HKLM-x32\...\Steam App 47890) (Version:  - The Sims Studio)
The Walking Dead (HKLM-x32\...\The Walking Dead) (Version: 1.0.0.15 - Telltale Games)
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version:  - Telltale Games)
This War of Mine (HKLM-x32\...\Steam App 282070) (Version:  - 11 bit studios)
Ultra Street Fighter IV (HKLM-x32\...\Steam App 45760) (Version:  - Capcom)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Way of the Samurai 4 (HKLM-x32\...\Steam App 312780) (Version:  - ACQUIRE Corp.)
Windows Media Center Edition MPEG Codec Plug-in (HKLM\...\{94F3D243-2006-4B2D-9160-C2A33F74BB84}) (Version:  - )
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Ys I (HKLM-x32\...\Steam App 223810) (Version:  - Nihon Falcom)
Ys II (HKLM-x32\...\Steam App 223870) (Version:  - Nihon Falcom)
Ys Origin (HKLM-x32\...\Steam App 207350) (Version:  - Nihon Falcom)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0ECF48AB-5802-4FF7-982D-5BE2E4A4E2D0} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {4E9D5479-C2FF-4A53-9C42-A714C48F29E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {69247929-0439-40F4-B5CF-2465F3FA8C93} - System32\Tasks\ASUS UEFI => C:\Program Files (x86)\ASUS\UEFI\ASUS UEFI.exe
Task: {80636722-467E-40F7-8249-1A19B6B482DA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe [2016-02-25] (Adobe Systems Incorporated)
Task: {8D30D667-B2B9-4F55-A569-512DCC4E547E} - System32\Tasks\AdobeAAMUpdater-1.0-Homer-i5-Hd => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {B94AF479-9587-4375-9065-976A49F3C15F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {E461BADB-F3D8-41AD-BC78-B59B4379CEB5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-26] (AVAST Software)
Task: {E91D6D94-1CEA-4522-9FD3-4992EBC6F041} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-12-04] (Advanced Micro Devices, Inc.)
Task: {F46F7E2C-AC49-477C-AEFE-702EACF4B1A7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F4F8ACA3-E49D-4D72-94A4-6ED3B135AABD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-16 05:41 - 2015-10-16 05:41 - 01613032 _____ () C:\Program Files\DisplayLink Core Software\AddOnApi64.dll
2013-01-21 22:56 - 2012-09-18 15:27 - 00192512 _____ () C:\Windows\System32\ZLhp1020.DLL
2013-01-21 22:56 - 2012-09-18 15:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-02-26 14:02 - 2016-02-26 14:02 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-26 14:02 - 2016-02-26 14:02 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-28 04:40 - 2016-02-28 04:40 - 02835456 _____ () C:\Program Files\AVAST Software\Avast\defs\16022800\algo.dll
2016-02-26 14:02 - 2016-02-26 14:02 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-28 13:12 - 2016-02-28 13:12 - 02835456 _____ () C:\Program Files\AVAST Software\Avast\defs\16022801\algo.dll
2016-02-26 14:02 - 2016-02-26 14:02 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-02-19 16:56 - 2016-02-17 20:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-19 16:56 - 2016-02-17 20:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
2013-01-23 08:29 - 2013-01-23 08:29 - 00000000 _____ () C:\Windows\system32\aticfx32.dll
2013-01-23 08:29 - 2013-01-23 08:29 - 00000000 _____ () C:\Windows\system32\atiuxpag.dll
2013-01-23 08:29 - 2013-01-23 08:29 - 00000000 _____ () C:\Windows\system32\atidxx32.dll
2016-02-19 16:56 - 2016-02-17 20:15 - 16808600 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:888AFB86
AlternateDataStreams: C:\Users\Hd\AppData\Local\Temp:b1Y0hDUtHGpFBr9xgYSc3f7
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7867 more sites.
 
IE restricted site: HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-306691007-2615865444-313156792-1001\...\1-2005-search.com -> www.1-2005-search.com
 
There are 12682 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-06-16 04:50 - 2016-02-27 20:14 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-306691007-2615865444-313156792-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{E21438A6-6664-4794-8A1C-3B5C63658D3D}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{5E0636A0-6CD1-455F-8F96-70D12E3B40EA}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{DF038D06-67D3-4232-89DE-425B3D230ADC}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{AAE15E65-D268-4C46-AC39-684B36FE9062}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{BE10ECAB-F913-467C-AD1C-A3EE8222E913}] => (Allow) C:\Users\Hd\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B9BBFEE2-3BDC-4605-98FE-0C843890BA87}] => (Allow) C:\Users\Hd\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{B112FA13-91A1-452A-96B7-E06DB2A7DAA7}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{9AF941FC-0626-4077-88F6-B167210F8F87}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{7066689D-E946-456E-AC5D-1DEE70BA7C8D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F0E5B607-8F9D-4CCA-B9B1-D9E4C3092F78}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{30E2FEA9-46C4-4D68-AE76-5EA2247DD2DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World in Conflict\wic.exe
FirewallRules: [{D22E54FF-E8D5-43D4-A70F-5FDDE80ECC61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World in Conflict\wic.exe
FirewallRules: [{827DCC0E-1E67-4203-9F89-FE4274F4AD74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{D509917D-39CF-4100-88E0-D16A88366144}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{C45709DA-7BC7-4553-973D-778892117B7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARMA Cold War Assault\ColdWarAssault.exe
FirewallRules: [{9C5AE6EB-AFEB-456E-B1F5-19868BB915D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARMA Cold War Assault\ColdWarAssault.exe
FirewallRules: [{2DC2CDC6-5A93-4E49-9D89-2F95E8DE772E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Last Remnant\Binaries\TLR.exe
FirewallRules: [{47F6C299-DFAD-4785-882E-7D65048E9C6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Last Remnant\Binaries\TLR.exe
FirewallRules: [{D7526A6C-4D8F-4443-9947-7B2F48981D35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Ship\ship.exe
FirewallRules: [{120AA4F9-9C26-4E52-A4D4-4984491444F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Ship\ship.exe
FirewallRules: [{AA03972D-F769-43CD-B234-699F5097DE6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Guild II\GuildII.exe
FirewallRules: [{2DBBE26E-2F7D-4720-8022-392EACC7D394}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Guild II\GuildII.exe
FirewallRules: [{EACC866B-58FA-4CC2-B2C2-56E7685D99AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\HitmanBloodMoney.exe
FirewallRules: [{B12D89C0-6261-41F2-BB2D-388E3235AA6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\HitmanBloodMoney.exe
FirewallRules: [{7BC02D13-CE7A-442A-A102-4253748909BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\configure.exe
FirewallRules: [{19A232F6-2EA3-4CBD-9440-9657787A58EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\configure.exe
FirewallRules: [{A6B9B566-58B3-45A2-89EA-0E5058DF1F4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\King's Bounty - The Legend\KB.exe
FirewallRules: [{ED84EDBF-8BD1-42CC-801C-42E8DAEF463A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\King's Bounty - The Legend\KB.exe
FirewallRules: [{818CA6E5-9FAF-4C28-8456-CCA4FDF9791F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\King's Bounty - The Legend\save_fixer.exe
FirewallRules: [{D4F20F38-41E2-4ADE-9DA1-3662B68D5F75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\King's Bounty - The Legend\save_fixer.exe
FirewallRules: [{E53EE032-8639-469A-9526-75C4E33A7634}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{364D6090-FFF1-4A6E-8186-5E8C5C1576F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{FC3B8D4D-1DD8-45E4-B592-4888D7E6B6C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Pirates!\Pirates!.exe
FirewallRules: [{0F3DB62B-9D2B-48AA-9E80-2F61CCCF2F1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Pirates!\Pirates!.exe
FirewallRules: [{BEF0F02F-1EFE-4DF4-84E0-39C99A7D2238}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{E6AE4255-AA34-4A9B-8013-FDBF76FC9571}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{A14DE3C0-07B8-4917-8EF6-ECEB0B3C3D0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Ship Single Player\ship.exe
FirewallRules: [{3B27AB1D-937E-4CF0-84EB-5BB3F73A1F4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Ship Single Player\ship.exe
FirewallRules: [{E4C82F6E-CB92-45DC-8DC8-072E6511FC02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Ship Tutorial\ship.exe
FirewallRules: [{5C47BEB7-46E6-4D04-9CD1-19D6E1B0400F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Ship Tutorial\ship.exe
FirewallRules: [{E8C0E314-2850-4C55-A05A-DC7F3E6A0D5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky FC\ed6_win.exe
FirewallRules: [{61FB310D-2D4C-4CE7-B8BD-496BA7469956}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky FC\ed6_win.exe
FirewallRules: [{EEB28C36-CAFE-4C7C-92AF-D58705AD6409}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky FC\Config.exe
FirewallRules: [{D4D8DA72-0492-4AF6-B1C6-01110569B99A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky FC\Config.exe
FirewallRules: [{F60D795D-337B-41D8-BDB5-8C3DD283575F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rainbow Six Lockdown\lockdown.exe
FirewallRules: [{02416B5D-FEBE-446F-B5E9-55CA0969508F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rainbow Six Lockdown\lockdown.exe
FirewallRules: [{5393994D-DA01-499B-BEE5-885D853F7161}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\R.U.S.E\Ruse.exe
FirewallRules: [{56C12C4A-47B8-4A92-9657-028245CD09C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\R.U.S.E\Ruse.exe
FirewallRules: [{9A819B0A-877C-4DAA-A376-431AD2138A79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\L.A.Noire\LANLauncher.exe
FirewallRules: [{345D1724-059D-4D0A-AC17-F5BA79168344}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\L.A.Noire\LANLauncher.exe
FirewallRules: [{C8ED2DB7-5558-4BBF-A071-C35ECB2A840D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{557396D3-1B10-4FCE-8EC6-BDF1D0A1E04B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{6EB16C76-32F5-435A-AB24-D276A7AA2272}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divekick\DivekickD3D11.exe
FirewallRules: [{1B9A8665-2647-4651-BBE1-913F2677614F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divekick\DivekickD3D11.exe
FirewallRules: [{737FADF1-CDC4-4B19-9E64-39DB57E32D2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
FirewallRules: [{1D986464-BBDF-414E-8880-276C52289374}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
FirewallRules: [{1592A9A4-37B1-4403-8934-87278426C013}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Agarest Generations of War\Agarest.exe
FirewallRules: [{3A38C0D6-5A5C-4CF5-9471-049E1115A4DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Agarest Generations of War\Agarest.exe
FirewallRules: [{FEE11496-9BB0-49ED-9159-9F731A209E10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Recettear\recettear.exe
FirewallRules: [{B25096E5-A046-47AD-8B5C-8C8A695401C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Recettear\recettear.exe
FirewallRules: [{EAF8CF45-4571-49A1-B8AF-6C0FD45D8AFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Recettear\custom.exe
FirewallRules: [{326FE40A-E666-40D2-9A37-1C7A4DCE2113}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Recettear\custom.exe
FirewallRules: [{00727CC6-3152-47DD-8E88-1B1C9B0E766A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3530062B-6DB4-4C0A-816A-B9825365E633}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{13D6D330-75B0-4825-B8E3-EE5C09F0C93B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{38C8D6E3-2D4F-4C23-932D-B3E22C6C4333}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{5149A83F-8B99-4698-A54A-3065E317CA5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{0FD2BCD8-CE63-4873-9F3A-56AF2C8AF7F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{622E54CF-DF3D-4865-8307-AE667F954D22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
FirewallRules: [{6FD34C2A-C1A6-4F6C-A333-D2658E3FD0C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
FirewallRules: [{6E15FFE6-58C2-4EE9-9265-306584941486}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{07D1E6F4-874A-46E3-A602-49D74A098B82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{B2A8D49C-767E-4BC8-BCA9-FBE83DCDCB66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{F4B4EFA1-72D6-4F01-B345-A973684AC81E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{D86D243B-A4BE-4796-8D56-0906D7696E28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{F5A6BE1E-B896-4456-BEC0-0B2FBFC368D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{298E8A9E-AF83-4015-8E73-AFFFCD1C63FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\Game.exe
FirewallRules: [{165EF9B6-8E04-4E26-8E5B-6FBAC32D3335}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\Game.exe
FirewallRules: [{EBA289F6-5F08-4947-9313-97A8531D6A1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe
FirewallRules: [{8A0B495C-A5B5-4502-87C6-EF152AE5EA35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe
FirewallRules: [{112DA6F1-74D1-49BA-A554-8BA311326C31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gods Will Be Watching\gwbw.exe
FirewallRules: [{9EE9E240-F828-4E88-B034-07DBA99C9467}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gods Will Be Watching\gwbw.exe
FirewallRules: [{B47B3392-F6C4-4583-B5BD-EE70A7F6D436}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game of Thrones\Thrones.exe
FirewallRules: [{5889B83A-5ED2-4B48-B154-3B263713C7B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game of Thrones\Thrones.exe
FirewallRules: [{2163E085-90BC-4192-80B5-55E6D11FF3F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alpha Protocol\APLauncher.exe
FirewallRules: [{CEEA2072-F41F-42E3-8D45-4DEDD3E00448}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alpha Protocol\APLauncher.exe
FirewallRules: [{AD6DF69C-F270-4F50-B43F-DFA02884DC73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys Origin\yso_win.exe
FirewallRules: [{B36E4EFE-ED37-45E8-8ABD-B02970479C0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys Origin\yso_win.exe
FirewallRules: [{F55ECD00-3919-4799-AEAE-8AAC0E6F802A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys Origin\config.exe
FirewallRules: [{1D9A9FC2-9CB2-4C13-8072-ACC9B3FB8D7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys Origin\config.exe
FirewallRules: [{A85CB386-F42A-44F2-8953-167CD7DF5424}] => (Allow) D:\SteamLibrary\steamapps\common\Ys II\ys2plus.exe
FirewallRules: [{BFBB65E5-4610-4809-82D6-B4721511E995}] => (Allow) D:\SteamLibrary\steamapps\common\Ys II\ys2plus.exe
FirewallRules: [{2C64EE59-7C26-42FC-9F38-450534A2F2BF}] => (Allow) D:\SteamLibrary\steamapps\common\Ys II\config.exe
FirewallRules: [{EE7091AC-0DCF-4AA5-B3D3-516AE893F2CD}] => (Allow) D:\SteamLibrary\steamapps\common\Ys II\config.exe
FirewallRules: [{0C9B0231-BFBE-4A83-B1CC-2D919775AD2E}] => (Allow) D:\SteamLibrary\steamapps\common\Ys I\ys1plus.exe
FirewallRules: [{8D2FF4E9-1B25-40E2-B967-3EE38DBF333A}] => (Allow) D:\SteamLibrary\steamapps\common\Ys I\ys1plus.exe
FirewallRules: [{4BEEFB8E-89AA-4D10-9C2F-837DEC772B77}] => (Allow) D:\SteamLibrary\steamapps\common\Ys I\config.exe
FirewallRules: [{13AD11F0-5E4B-4877-8B18-F8A400EBEF68}] => (Allow) D:\SteamLibrary\steamapps\common\Ys I\config.exe
FirewallRules: [{02EDD38C-5C0E-4FAA-BBA8-2336A8956B0E}] => (Allow) D:\SteamLibrary\steamapps\common\Way of the Samurai 4\WayOfTheSamurai4.exe
FirewallRules: [{2647D751-09E9-46E9-922D-79DDD5790AED}] => (Allow) D:\SteamLibrary\steamapps\common\Way of the Samurai 4\WayOfTheSamurai4.exe
FirewallRules: [{AE84E0BE-5365-44B0-8437-1AD18976A5D5}] => (Allow) D:\SteamLibrary\steamapps\common\Flame Over\FlameOver.exe
FirewallRules: [{D7FE4F3F-A74E-4122-9305-79952448336D}] => (Allow) D:\SteamLibrary\steamapps\common\Flame Over\FlameOver.exe
FirewallRules: [{D2785B60-AAF7-4CD1-9F30-FBAF0A096012}] => (Allow) D:\SteamLibrary\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{9896E6EF-90E2-45D4-B0CB-7F8D66CE657C}] => (Allow) D:\SteamLibrary\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{C987AD67-B35E-4AB5-81DD-6C2B3708C039}] => (Allow) D:\SteamLibrary\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{D1B59953-06D2-4927-B060-B9A63752EFD1}] => (Allow) D:\SteamLibrary\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{A01DF7A7-8BFF-4F73-B177-A1B24D7CE87E}] => (Allow) D:\SteamLibrary\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe
FirewallRules: [{38ACC90B-879E-45A9-A40F-E4A8DB50AE18}] => (Allow) D:\SteamLibrary\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe
FirewallRules: [{5B1B74A8-4D80-4477-993D-1178FF96FC5F}] => (Allow) D:\SteamLibrary\steamapps\common\Saints Row 2\SR2_pc.exe
FirewallRules: [{C54EB576-E739-4957-8EE9-C95BEFD01397}] => (Allow) D:\SteamLibrary\steamapps\common\Saints Row 2\SR2_pc.exe
FirewallRules: [{955DDD75-6F3F-4EBE-B365-2A51BDE69536}] => (Allow) D:\SteamLibrary\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{684BBC65-E13F-4043-8139-1C6859618F1C}] => (Allow) D:\SteamLibrary\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{1684987D-58B9-4AC7-97AC-1B4A4B6C1BB1}] => (Allow) D:\SteamLibrary\steamapps\common\FINAL FANTASY V\FFV_Launcher.exe
FirewallRules: [{EAB57BA7-7B1B-422C-A982-377C8F2FB330}] => (Allow) D:\SteamLibrary\steamapps\common\FINAL FANTASY V\FFV_Launcher.exe
FirewallRules: [{5153E6FE-C3FC-4C58-B15F-E99C9401765F}] => (Allow) D:\SteamLibrary\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{FFBCAF18-34AB-4AFD-A2E3-843E0341BBD3}] => (Allow) D:\SteamLibrary\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{1DCE0FA6-1A6E-4C4A-A566-3226D8E45D04}] => (Allow) D:\SteamLibrary\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{5009E9FC-2800-41F2-89C7-AE21B4D05E74}] => (Allow) D:\SteamLibrary\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{8AEA4089-0A67-43D9-B666-C7CC6F015F4A}] => (Allow) D:\SteamLibrary\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{70CC61B1-BE7D-4873-86C1-6CB44082F985}] => (Allow) D:\SteamLibrary\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{5610101A-4E2E-42AA-A9A6-24BEE6C3F0BF}] => (Allow) D:\SteamLibrary\steamapps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{9655B282-E996-4F3F-BD6F-601DE9FA6149}] => (Allow) D:\SteamLibrary\steamapps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{02315D67-7678-4613-BAE8-415F133AC48C}] => (Allow) D:\SteamLibrary\steamapps\common\Strider\Strider.exe
FirewallRules: [{0CF04DC4-83C0-474E-A722-13FE7472715F}] => (Allow) D:\SteamLibrary\steamapps\common\Strider\Strider.exe
FirewallRules: [{BD73479B-45FC-427B-952B-07417D7F7499}] => (Allow) D:\SteamLibrary\steamapps\common\Bionic Commando Rearmed\bcr.exe
FirewallRules: [{59F33E45-B35F-4F17-AEA6-732C28B81981}] => (Allow) D:\SteamLibrary\steamapps\common\Bionic Commando Rearmed\bcr.exe
FirewallRules: [{3A9251E2-4554-46A5-A8AC-2AE94EDD2055}] => (Allow) D:\SteamLibrary\steamapps\common\Lost Planet 3\Binaries\Win32\LP3Launcher.exe
FirewallRules: [{A1667AE3-E164-45AC-8555-674E985984BE}] => (Allow) D:\SteamLibrary\steamapps\common\Lost Planet 3\Binaries\Win32\LP3Launcher.exe
FirewallRules: [{577383B6-A42D-499D-933A-66E781F1F319}] => (Allow) D:\SteamLibrary\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe
FirewallRules: [{DE175E65-E814-4D91-B24F-22CC88E09026}] => (Allow) D:\SteamLibrary\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe
FirewallRules: [{847A0702-79E6-4FFB-AC7C-F3CB745FF734}] => (Allow) D:\SteamLibrary\steamapps\common\Trails in the Sky SC\ed6_win2.exe
FirewallRules: [{2D0E8D72-5F65-4CB3-A4A3-2DBB1620D7A0}] => (Allow) D:\SteamLibrary\steamapps\common\Trails in the Sky SC\ed6_win2.exe
FirewallRules: [{CEDF7B5D-3B08-4496-ACE3-CAF44F8CF9AF}] => (Allow) D:\SteamLibrary\steamapps\common\Trails in the Sky SC\Config2.exe
FirewallRules: [{93ECC514-E69C-45E1-9123-7D4D75B6A1D3}] => (Allow) D:\SteamLibrary\steamapps\common\Trails in the Sky SC\Config2.exe
FirewallRules: [{3CA6E731-0705-45F1-A618-984A10F10854}] => (Allow) D:\SteamLibrary\steamapps\common\EnemyMind\EnemyMind.exe
FirewallRules: [{27969B72-ED4C-429B-ABB8-593089D35F6A}] => (Allow) D:\SteamLibrary\steamapps\common\EnemyMind\EnemyMind.exe
FirewallRules: [{20FD92F2-3249-4C5D-A16F-3D81141173E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{BE439E2F-41C1-4AFF-85D7-56B108E769F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{FD86801A-FBA8-4D61-B619-DD5C01C09F74}] => (Allow) D:\SteamLibrary\steamapps\common\Eternal Senia\Game.exe
FirewallRules: [{36015583-0AEC-45A7-B948-3B8499D243A4}] => (Allow) D:\SteamLibrary\steamapps\common\Eternal Senia\Game.exe
FirewallRules: [{131EF6D2-1307-42D8-BDE3-BE799032FF83}] => (Allow) D:\SteamLibrary\steamapps\common\Poker Night at the Inventory\CelebrityPoker.exe
FirewallRules: [{09DDA69E-7652-49E9-BE34-AE91805D5E35}] => (Allow) D:\SteamLibrary\steamapps\common\Poker Night at the Inventory\CelebrityPoker.exe
FirewallRules: [{00A98016-3BB9-4A57-9809-63B8603028D2}] => (Allow) D:\SteamLibrary\steamapps\common\Poker Night 2\PokerNight2.exe
FirewallRules: [{BB5BBEA5-5C3C-43A0-9639-546B03C8A7D1}] => (Allow) D:\SteamLibrary\steamapps\common\Poker Night 2\PokerNight2.exe
FirewallRules: [{06273BDD-7A4D-412D-9F52-CAA3A57E2D28}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E568FF77-2E8F-4A0A-8942-4FE18948A97A}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{37B9E2B5-4AC9-4BFE-8BF0-0E690C0F62C1}] => (Allow) D:\SteamLibrary\steamapps\common\60 Seconds!\60Seconds.exe
FirewallRules: [{D71C7606-4B92-4825-BE21-BF82AE6BF5F6}] => (Allow) D:\SteamLibrary\steamapps\common\60 Seconds!\60Seconds.exe
FirewallRules: [{76DEBDC9-7847-40E8-9CBD-BF8AC87007F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{7C7714D4-8D7D-4711-BFB1-8F160B8FFB54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{18159E8B-FA16-4D28-86EF-F175049D7D7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\JOYFUL\Game.exe
FirewallRules: [{B5DF1C78-6CBE-4DB1-8CD9-EECBC577B6D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\JOYFUL\Game.exe
FirewallRules: [{ADB18DBF-75DA-4A80-86B8-08877C29788C}] => (Allow) D:\SteamLibrary\steamapps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{27EB2D0F-60F7-47A2-A39C-412478A9CF37}] => (Allow) D:\SteamLibrary\steamapps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{3F1D27A2-C6E7-4217-B8BC-473E1C2FEFC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{F8BEA1C1-59E0-4C33-925A-7BA2F73FE46E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{14A7B99F-F441-4F9C-931A-0737B179D0FF}] => (Allow) D:\SteamLibrary\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{8A51F429-8CEA-434E-8EC5-62C50F92408E}] => (Allow) D:\SteamLibrary\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{23FCA68A-BC70-4A08-9EA3-ABDD113100CF}] => (Allow) D:\SteamLibrary\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{45B7AD47-4B31-4BB6-8489-F80B27C18FE8}] => (Allow) D:\SteamLibrary\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{12E73960-B45F-4264-909E-4CB01A1576D3}] => (Allow) D:\SteamLibrary\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{28ABEA53-CB46-46B1-8863-1456EF3F8D5B}] => (Allow) D:\SteamLibrary\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{464C5A13-006E-498F-8972-0CE6A8CC31CB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/28/2016 01:15:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (02/28/2016 01:15:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (02/28/2016 12:24:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.
 
 
Operation:
   Instantiating VSS server
 
Error: (02/28/2016 12:24:11 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
 
 
Operation:
   Instantiating VSS server
 
Error: (02/28/2016 12:04:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.
 
 
Operation:
   Instantiating VSS server
 
Error: (02/28/2016 12:04:31 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
 
 
Operation:
   Instantiating VSS server
 
Error: (02/28/2016 12:03:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.
 
 
Operation:
   Instantiating VSS server
 
Error: (02/28/2016 12:03:49 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
 
 
Operation:
   Instantiating VSS server
 
Error: (02/28/2016 12:01:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.
 
 
Operation:
   Instantiating VSS server
 
Error: (02/28/2016 12:01:21 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
 
 
Operation:
   Instantiating VSS server
 
 
System errors:
=============
Error: (02/28/2016 01:09:23 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (02/28/2016 01:08:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
Lbd
SBRE
 
Error: (02/28/2016 12:39:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (02/28/2016 12:36:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (02/28/2016 12:36:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (02/28/2016 12:36:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (02/28/2016 12:36:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (02/28/2016 12:36:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (02/28/2016 12:36:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (02/28/2016 12:36:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
CodeIntegrity:
===================================
  Date: 2016-02-26 11:31:33.093
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-26 11:31:33.031
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-26 11:31:32.968
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-26 11:31:32.875
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-26 03:49:04.390
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-26 03:49:04.328
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-26 03:49:04.265
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-26 03:49:04.171
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-09-13 05:44:37.261
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-09-13 05:44:37.246
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 22%
Total physical RAM: 12279.05 MB
Available physical RAM: 9536.19 MB
Total Virtual: 24556.32 MB
Available Virtual: 21496.34 MB
 
==================== Drives ================================
 
Drive c: (Programs) (Fixed) (Total:326.2 GB) (Free:23.31 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Media) (Fixed) (Total:1536.81 GB) (Free:236.11 GB) NTFS
Drive e: (USB20FD) (Removable) (Total:119.19 GB) (Free:115.75 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: A1BA08B6)
Partition 1: (Active) - (Size=326.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1536.8 GB) - (Type=05)
 
========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: 89F5033B)
Partition 1: (Not Active) - (Size=119.2 GB) - (Type=0B)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.
 
==================== End of Addition.txt ============================


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 29 February 2016 - 10:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-306691007-2615865444-313156792-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-306691007-2615865444-313156792-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
Toolbar: HKU\S-1-5-21-306691007-2615865444-313156792-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [No File]
FF Plugin HKU\S-1-5-21-306691007-2615865444-313156792-1001: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Hd\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (QQ2013 Firefox Plugin) - C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll => No File
CHR Plugin: (QQ2013 Chrome Plugin for Chrome V23.0.1271.64 or latest version) - C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll => No File
CHR Plugin: (Tencent SSO Platform) - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.250.18) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java Platform SE 8 U25) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll => No File
CHR Extension: (Avast Online Security) - C:\Users\Hd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-26]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
R2 AMD External Events Utility; C:\Windows\SysWOW64\atiesrxx.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
S3 VSS; C:\Windows\SysWOW64\vssvc.exe [0 2014-04-26] () <==== ATTENTION (zero byte File/Folder)
S3 aswVmm; \??\C:\Users\Hd\AppData\Local\Temp\aswVmm.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DualCoreCenter; \??\C:\Program Files (x86)\MSI\DualCoreCenter\NTGLM7X64.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 VIAHdAudAddService; system32\drivers\viahduaa.sys [X]
C:\Windows\SysWOW64\atieclxx.exe
C:\Windows\SysWOW64\atiesrxx.exe
C:\Windows\SysWOW64\audiodg.exe
C:\Windows\SysWOW64\conhost.exe
C:\Windows\SysWOW64\consent.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\PrintIsolationHost.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\VSSVC.exe
C:\Windows\SysWOW64\winlogon.exe
C:\Windows\SysWOW64\ZSHP1020.EXE
C:\Windows\System32\aticfx32.dll
C:\Windows\System32\atidxx32.dll
C:\Windows\System32\atiu9pag.dll
C:\Windows\System32\atiumdag.dll
C:\Windows\System32\atiumdva.dll
C:\Windows\System32\atiuxpag.dll
C:\Windows\System32\MSVBVM60.DLL
C:\Windows\System32\olepro32.
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:888AFB86
AlternateDataStreams: C:\Users\Hd\AppData\Local\Temp:b1Y0hDUtHGpFBr9xgYSc3f7

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#4 Hdeleon

Hdeleon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 01 March 2016 - 02:10 PM

Hello and thank you for your assistance!

 

I followed your instructions, but unfortunately, the computer is still taking 23-25 minutes to boot up, and aswMBR is still detecting suspicious files when I run a non-quick scan:

 

Here is the aswMBR log (not sure if I am supposed to post it without being prompted to):

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-02-28 05:23:52
-----------------------------
05:23:52.177    OS Version: Windows x64 6.1.7601 Service Pack 1
05:23:52.177    Number of processors: 4 586 0x1E05
05:23:52.177    ComputerName: HOMER-I5  UserName: Hd
05:24:00.492    Initialize success
05:25:25.257    VM: initialized successfully
05:25:25.273    VM: Intel CPU supported virtualized 
05:25:29.689    VM: disk I/O atapi.sys
05:25:32.376    AVAST engine defs: 16022800
05:25:43.501    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-8
05:25:43.501    Disk 0 Vendor: WDC_WD20EADS-14R6B0 01.00A01 Size: 1907729MB BusType: 3
05:25:43.564    Disk 0 MBR read successfully
05:25:43.564    Disk 0 MBR scan
05:25:43.564    Disk 0 Windows 7 default MBR code
05:25:43.580    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       334031 MB offset 63
05:25:43.580    Disk 0 default boot code
05:25:43.595    Disk 0 Partition - 00     05     Extended           1573697 MB offset 684095895
05:25:43.767    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1573695 MB offset 684095958
05:25:43.814    Disk 0 scanning C:\Windows\system32\drivers
05:26:26.094    Service scanning
05:26:45.750    Modules scanning
05:26:45.750    Disk 0 trace - called modules:
05:26:45.813    ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt53.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll >>UNKNOWN [0xfffffa800a6e1760]<<sptd.sys atapi.sys 
05:26:45.813    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800af1f060]
05:26:45.813    3 CLASSPNP.SYS[fffff880013cf43f] -> nt!IofCallDriver -> [0xfffffa800ad05930]
05:26:45.829    5 vsflt53.sys[fffff880011accfd] -> nt!IofCallDriver -> [0xfffffa800abc5580]
05:26:45.829    7 ACPI.sys[fffff8800112f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-8[0xfffffa800abc8060]
05:26:45.829    \Driver\atapi[0xfffffa800ab8dc60] -> IRP_MJ_CREATE -> 0xfffffa800a6e12c0
05:26:46.579    AVAST engine scan C:\
06:38:19.821    File: C:\Windows\SysWOW64\explorer.exe  **INFECTED** Win32:Evo-gen [Susp]
07:08:02.950    File: C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.19135_none_ba1a821dc4cc4ada\explorer.exe  **INFECTED** Win32:Evo-gen [Susp]
07:08:03.153    File: C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23338_none_baa721acdde733d0\explorer.exe  **INFECTED** Win32:Evo-gen [Susp]
07:16:53.097    Disk 0 statistics 39128535/0/0 @ 3.57 MB/s
07:16:53.113    Scan finished successfully
11:14:21.714    Verifying
11:14:31.729    Disk 0 Windows 601 MBR fixed successfully
11:14:35.326    Verifying
11:14:45.326    Disk 0 Windows 601 MBR fixed successfully
11:16:31.297    Disk 0 MBR has been saved successfully to "D:\Anime\MBR.dat"
11:16:31.297    The log file has been saved successfully to "D:\Anime\aswMBR.txt"
 
 
aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2016-02-29 22:58:56
-----------------------------
22:58:56.868    OS Version: Windows x64 6.1.7601 Service Pack 1
22:58:56.869    Number of processors: 4 586 0x1E05
22:58:56.870    ComputerName: HOMER-I5  UserName: Hd
 
 
Here is the requested Fixlog.txt as well. Any help you can provide would be much appreciated. Thanks!
 
Fix result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Hd (2016-02-29 21:30:52) Run:1
Running from D:\Anime
Loaded Profiles: Hd (Available Profiles: Hd)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-306691007-2615865444-313156792-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-306691007-2615865444-313156792-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
Toolbar: HKU\S-1-5-21-306691007-2615865444-313156792-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [No File]
FF Plugin HKU\S-1-5-21-306691007-2615865444-313156792-1001: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Hd\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (QQ2013 Firefox Plugin) - C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll => No File
CHR Plugin: (QQ2013 Chrome Plugin for Chrome V23.0.1271.64 or latest version) - C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll => No File
CHR Plugin: (Tencent SSO Platform) - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.250.18) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java Platform SE 8 U25) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll => No File
CHR Extension: (Avast Online Security) - C:\Users\Hd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-26]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
R2 AMD External Events Utility; C:\Windows\SysWOW64\atiesrxx.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-05-23] () <==== ATTENTION (zero byte File/Folder)
S3 VSS; C:\Windows\SysWOW64\vssvc.exe [0 2014-04-26] () <==== ATTENTION (zero byte File/Folder)
S3 aswVmm; \??\C:\Users\Hd\AppData\Local\Temp\aswVmm.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DualCoreCenter; \??\C:\Program Files (x86)\MSI\DualCoreCenter\NTGLM7X64.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 VIAHdAudAddService; system32\drivers\viahduaa.sys [X]
C:\Windows\SysWOW64\atieclxx.exe
C:\Windows\SysWOW64\atiesrxx.exe
C:\Windows\SysWOW64\audiodg.exe
C:\Windows\SysWOW64\conhost.exe
C:\Windows\SysWOW64\consent.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\PrintIsolationHost.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\VSSVC.exe
C:\Windows\SysWOW64\winlogon.exe
C:\Windows\SysWOW64\ZSHP1020.EXE
C:\Windows\System32\aticfx32.dll
C:\Windows\System32\atidxx32.dll
C:\Windows\System32\atiu9pag.dll
C:\Windows\System32\atiumdag.dll
C:\Windows\System32\atiumdva.dll
C:\Windows\System32\atiuxpag.dll
C:\Windows\System32\MSVBVM60.DLL
C:\Windows\System32\olepro32.
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:888AFB86
AlternateDataStreams: C:\Users\Hd\AppData\Local\Temp:b1Y0hDUtHGpFBr9xgYSc3f7
 
End
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\Machine => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-306691007-2615865444-313156792-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-306691007-2615865444-313156792-1001\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-306691007-2615865444-313156792-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npchrome" => key removed successfully
"HKU\S-1-5-21-306691007-2615865444-313156792-1001\Software\MozillaPlugins\@doubletwist.com/NPPodcast" => key removed successfully
C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll => not found.
C:\Users\Hd\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => not found.
C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll => not found.
C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll => not found.
C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll => not found.
C:\Users\Hd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => key removed successfully
AMD External Events Utility => service removed successfully
EFS => service removed successfully
KeyIso => Service stopped successfully.
KeyIso => service removed successfully
Netlogon => service removed successfully
ProtectedStorage => service removed successfully
SamSs => Unable to stop service.
SamSs => service removed successfully
Spooler => service removed successfully
VaultSvc => Service stopped successfully.
VaultSvc => service removed successfully
VSS => service removed successfully
aswVmm => service could not remove
catchme => service removed successfully
DualCoreCenter => service removed successfully
Lbd => service removed successfully
NVHDA => service removed successfully
SBRE => service removed successfully
VIAHdAudAddService => service removed successfully
C:\Windows\SysWOW64\atieclxx.exe => moved successfully
C:\Windows\SysWOW64\atiesrxx.exe => moved successfully
C:\Windows\SysWOW64\audiodg.exe => moved successfully
C:\Windows\SysWOW64\conhost.exe => moved successfully
C:\Windows\SysWOW64\consent.exe => moved successfully
C:\Windows\SysWOW64\csrss.exe => moved successfully
C:\Windows\SysWOW64\dwm.exe => moved successfully
C:\Windows\SysWOW64\lsass.exe => moved successfully
C:\Windows\SysWOW64\lsm.exe => moved successfully
C:\Windows\SysWOW64\PrintIsolationHost.exe => moved successfully
C:\Windows\SysWOW64\services.exe => moved successfully
C:\Windows\SysWOW64\smss.exe => moved successfully
C:\Windows\SysWOW64\spoolsv.exe => moved successfully
C:\Windows\SysWOW64\taskhost.exe => moved successfully
C:\Windows\SysWOW64\VSSVC.exe => moved successfully
C:\Windows\SysWOW64\winlogon.exe => moved successfully
C:\Windows\SysWOW64\ZSHP1020.EXE => moved successfully
C:\Windows\System32\aticfx32.dll => moved successfully
C:\Windows\System32\atidxx32.dll => moved successfully
C:\Windows\System32\atiu9pag.dll => moved successfully
C:\Windows\System32\atiumdag.dll => moved successfully
C:\Windows\System32\atiumdva.dll => moved successfully
C:\Windows\System32\atiuxpag.dll => moved successfully
C:\Windows\System32\MSVBVM60.DLL => moved successfully
"C:\Windows\System32\olepro32." => not found.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\ProgramData\TEMP => ":888AFB86" ADS removed successfully.
C:\Users\Hd\AppData\Local\Temp => ":b1Y0hDUtHGpFBr9xgYSc3f7" ADS removed successfully.
EmptyTemp: => 221.2 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-02-29 21:57:27)
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 21:57:27 ====


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 01 March 2016 - 02:54 PM

If not already done, please run the AdwMBR tool and select the Fix MBR button.


Restart the computer normally.

Run the AdwMBR tool normally and post a fresh log.

===

If the problem remains, continue:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :filefind
    explorer.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
===

#6 Hdeleon

Hdeleon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 02 March 2016 - 03:17 PM

Thanks for your continued assistance! 

 

It looks like I am still getting warnings from awsMBR and systemlook found a whole lot of explrorer.exe's.

If you can, please advise of any next steps you think I can take after reviewing the logs. 

 

Thanks in advance.

 

I ran the aswmbr twice since I wasn't sure if I did quickscan or full scan the first time:

 

04:56:00.545    Disk 0 default boot code
04:56:00.545    Disk 0 Partition - 00     05       Extended           1573697 MB offset 684095895
04:56:00.592    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS      1573695 MB offset 684095958
04:56:00.717    Disk 0 scanning C:\Windows\system32\drivers
04:56:39.289    Service scanning
04:56:58.156    Modules scanning
04:56:58.156    Disk 0 trace - called modules:
04:56:58.281    ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt53.sys ACPI.sys >>UNKNOWN [0xfffffa8009d212c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
04:56:58.296    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800af24060]
04:56:58.296    3 CLASSPNP.SYS[fffff8800158543f] -> nt!IofCallDriver -> [0xfffffa800ad23b50]
04:56:58.312    5 vsflt53.sys[fffff88001011cfd] -> nt!IofCallDriver -> [0xfffffa800abe2520]
04:56:58.328    7 ACPI.sys[fffff8800117c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-8[0xfffffa800abe8060]
04:56:58.328    \Driver\atapi[0xfffffa800abbea20] -> IRP_MJ_CREATE -> 0xfffffa8009d212c0
04:56:59.210    AVAST engine scan C:\Windows
04:57:41.704    AVAST engine scan C:\Windows\system32
05:10:21.135    AVAST engine scan C:\Windows\system32\drivers
05:11:54.163    AVAST engine scan C:\Users\Hd
05:50:47.598    AVAST engine scan C:\ProgramData
05:58:21.495    Disk 0 statistics 4077143/0/0 @ 0.54 MB/s
05:58:21.510    Scan finished successfully
06:46:23.230    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-8
06:46:23.246    Disk 0 Vendor: WDC_WD20EADS-14R6B0 01.00A01 Size: 1907729MB BusType: 3
06:46:23.339    Disk 0 MBR read successfully
06:46:23.355    Disk 0 MBR scan
06:46:23.371    Disk 0 Windows 7 default MBR code
06:46:23.417    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS       334031 MB offset 63
06:46:23.464    Disk 0 default boot code
06:46:23.480    Disk 0 Partition - 00     05       Extended           1573697 MB offset 684095895
06:46:23.542    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS      1573695 MB offset 684095958
06:46:23.699    Disk 0 scanning C:\Windows\system32\drivers
06:47:24.281    Service scanning
06:47:43.592    Modules scanning
06:47:43.608    Disk 0 trace - called modules:
06:47:43.639    ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt53.sys ACPI.sys >>UNKNOWN [0xfffffa8009d212c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
06:47:43.655    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800af24060]
06:47:43.655    3 CLASSPNP.SYS[fffff8800158543f] -> nt!IofCallDriver -> [0xfffffa800ad23b50]
06:47:43.670    5 vsflt53.sys[fffff88001011cfd] -> nt!IofCallDriver -> [0xfffffa800abe2520]
06:47:43.670    7 ACPI.sys[fffff8800117c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-8[0xfffffa800abe8060]
06:47:43.686    \Driver\atapi[0xfffffa800abbea20] -> IRP_MJ_CREATE -> 0xfffffa8009d212c0
06:47:44.749    AVAST engine scan C:\
09:17:08.410    Disk 0 statistics 42913665/0/0 @ 1.84 MB/s
09:17:08.785    Scan finished successfully
10:17:51.351    Verifying
10:18:01.351    Disk 0 Windows 601 MBR fixed successfully
10:18:12.914    Disk 0 MBR has been saved successfully to "D:\Anime\MBR.dat"
10:18:12.914    The log file has been saved successfully to "D:\Anime\aswMBR.txt"
 
 
and here is the systemlookup logs:
 
SystemLook 30.07.11 by jpshortstuff
Log created at 12:10 on 02/03/2016 by Hd
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "explorer.exe"
C:\Windows\explorer.exe --a---- 3231232 bytes [06:30 10/02/2016] [05:19 22/01/2016] 9D77CC4A36FEEA644D002CFB9B2D42C0
C:\Windows\erdnt\cache86\explorer.exe --a---- 3231232 bytes [12:56 16/06/2015] [05:19 22/01/2016] 9D77CC4A36FEEA644D002CFB9B2D42C0
C:\Windows\SysWOW64\explorer.exe --a---- 2973184 bytes [06:30 10/02/2016] [05:12 22/01/2016] 2A156D5EBF221EF2A6AE7CE452324DAC
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe --a---- 2868224 bytes [23:56 13/07/2009] [01:39 14/07/2009] C235A51CB740E45FFA0EBFB9BAFCDA64
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe --a---- 2870272 bytes [20:20 27/04/2011] [06:23 26/02/2011] 0862495E0C825893DB75EF44FAEA8E93
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe --a---- 2870784 bytes [20:20 27/04/2011] [06:26 26/02/2011] E38899074D4951D31B4040E994DD7C8D
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe --a---- 2872320 bytes [11:25 01/03/2011] [13:24 20/11/2010] AC4C51EB24AA95B77F705AB159189E24
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe --a---- 2871808 bytes [20:20 27/04/2011] [06:19 25/02/2011] 332FEAB1435662FC6C672E25BEB37BE3
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.19135_none_afc5d7cb906b88df\explorer.exe --a---- 3231232 bytes [06:30 10/02/2016] [05:19 22/01/2016] 9D77CC4A36FEEA644D002CFB9B2D42C0
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe --a---- 2871808 bytes [20:20 27/04/2011] [06:14 26/02/2011] 3B69712041F3D63605529BD66DC00C48
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23338_none_b052775aa98671d5\explorer.exe --a---- 3231232 bytes [06:30 10/02/2016] [06:27 22/01/2016] 20DBEE43BF607324BFC79A02F3467DCD
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe --a---- 2613248 bytes [23:41 13/07/2009] [01:14 14/07/2009] 15BC38A7492BEFE831966ADB477CF76F
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe --a---- 2614784 bytes [20:20 27/04/2011] [05:33 26/02/2011] 2AF58D15EDC06EC6FDACCE1F19482BBF
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe --a---- 2614784 bytes [20:20 27/04/2011] [05:51 26/02/2011] 255CF508D7CFB10E0794D6AC93280BD8
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe --a---- 2616320 bytes [11:24 01/03/2011] [12:17 20/11/2010] 40D777B7A95E00593EB1568C68514493
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe --a---- 2616320 bytes [20:20 27/04/2011] [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.19135_none_ba1a821dc4cc4ada\explorer.exe --a---- 2973184 bytes [06:30 10/02/2016] [05:12 22/01/2016] 2A156D5EBF221EF2A6AE7CE452324DAC
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe --a---- 2616320 bytes [20:20 27/04/2011] [05:19 26/02/2011] 0FB9C74046656D1579A64660AD67B746
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23338_none_baa721acdde733d0\explorer.exe --a---- 2973696 bytes [06:30 10/02/2016] [06:07 22/01/2016] CEA6C2000AEC6CAF3CD6F3F73848E40A
 
-= EOF =-
 
 
THANKS!


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 03 March 2016 - 08:22 AM

06:47:43.639 ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt53.sys ACPI.sys >>UNKNOWN [0xfffffa8009d212c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
05:26:45.813 ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt53.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll >>UNKNOWN [0xfffffa800a6e1760]<<sptd.sys atapi.sys


The problem seems to be related to these drivers.

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-01-09] (Duplex Secure Ltd.)
05:25:29.689 VM: disk I/O atapi.sys

Possible ROOTKIT infection.

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know.
===


--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Let me know what problem persists.

#8 Hdeleon

Hdeleon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 03 March 2016 - 05:39 PM

Aaaargh. This thing is super glued to my computer or something.

 

Anyway, I attempted to download MB anti-root kit. The download "failed" (which I have never seen in my life). I tried again, and it worked the 2nd time. 

 

-Malwarebytes Anti-Root came up clean, no infections

-Roguekiller (which I ran before) only found remnants of aswMBR

 

I then tried to restart into safe mode to run the anti-root again. However, 2 times in a row, it would boot up, mouse cursor would be on screen, but I couldn't control my wireless logitech mouse/keyboard. Only when I rebooted it into safe mode WITH NETWORKING did the keyboard and mouse work. It could be coincidence, I don't know. Anyway:

 

-Malwarebytes Anti-Root comes up clean again in safe mode 

-Computer still takes 20+ minutes to boot up in normal mode

 

Any last ideas? I get the feeling we are running out of things to try, and a reformat or win 10 upgrade is looking more and more attractive.

 

Please advise if you could think of anything, and once again, thanks again for your help.

 

Roguekiller log:

 

RogueKiller V11.0.14.0 [Feb 29 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Hd [Administrator]
Started from : D:\Anime\RogueKiller (1).exe
Mode : Delete -- Date : 03/03/2016 12:42:30
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 3 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswVmm (\??\C:\Users\Hd\AppData\Local\Temp\aswVmm.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswVmm (\??\C:\Users\Hd\AppData\Local\Temp\aswVmm.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswVmm (\??\C:\Users\Hd\AppData\Local\Temp\aswVmm.sys) -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x0]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 9b00dc23f1e6aa53cd1d650828e64946
[BSP] 1a535a01c67941b4f6f2621af003ddee : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 334031 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 684095895 | Size: 1573697 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] b65a2214ba3ed5e2c4cd22c8d7cb30a1
[BSP] 11053f4fc6170565ff5db7f96b937d49 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 2056 | Size: 122084 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2:  +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )

Edited by Hdeleon, 03 March 2016 - 05:40 PM.


#9 Hdeleon

Hdeleon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 03 March 2016 - 11:50 PM

Just ran the 64bit version of rogue killer, that DID find some things. 

 

roguekiller64 log:

 

RogueKiller V11.0.13.0 (x64) [Feb 22 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Hd [Administrator]
Started from : E:\RogueKillerX64.exe
Mode : Delete -- Date : 03/03/2016 20:49:11
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 3 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswVmm (\??\C:\Users\Hd\AppData\Local\Temp\aswVmm.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswVmm (\??\C:\Users\Hd\AppData\Local\Temp\aswVmm.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswVmm (\??\C:\Users\Hd\AppData\Local\Temp\aswVmm.sys) -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 10 (Driver: Loaded) ¤¤¤
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_CREATE[0] : Unknown @ 0xfffffa8009e252c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_CLOSE[2] : Unknown @ 0xfffffa8009e252c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0xfffffa8009e252c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0xfffffa8009e252c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_POWER[22] : Unknown @ 0xfffffa8009e252c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0xfffffa8009e252c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_PNP[27] : Unknown @ 0xfffffa8009e252c0
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtTerminateProcess : Unknown @ 0x776a03d0 (jmp 0x162d60|jmp 0xfffffffffffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtTerminateThread : Unknown @ 0x776a03e0 (jmp 0x162b00|jmp 0xfffffffffffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x776a0470 (jmp 0x162870|jmp 0xfffffffffffffb89|jmp 0x19b)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 9b00dc23f1e6aa53cd1d650828e64946
[BSP] 1a535a01c67941b4f6f2621af003ddee : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 334031 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 684095895 | Size: 1573697 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2:  +++++
--- User ---
[MBR] b65a2214ba3ed5e2c4cd22c8d7cb30a1
[BSP] 11053f4fc6170565ff5db7f96b937d49 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 2056 | Size: 122085 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
 
 

Update1: After restarting, it goes to the startup repair screen. I have run twice, and I end up with a BSOD that says something like:

 

Unmountable boot volume

 ***STOP:0x00000ED (0xFFFFFA800A076CB0, 0XFFFFFFFFC000014F, 0x000000000000000, 0x00000000000000000)  


Edited by Hdeleon, 04 March 2016 - 12:30 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 04 March 2016 - 08:47 AM

We have to find out what is the Unknow process causing this.


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :filefind
    sptd.sys
    ataport.SYS
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
===

If you have a CD emulator disable it before proceeding with the next scan.

Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

HOW TO: Enable the CD Emulators... < restore only when we are finished.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.


We will check your BIOS.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

#11 Hdeleon

Hdeleon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 04 March 2016 - 04:00 PM

TDSS find nothing (tried it before too). Defog didn't find anything to defog also.

 

Last night before going to bed I ran awsMBR and it didn't come up with any red flagged warnings. So the last problem is the 25 minute boot time.

Any ideas?

 

And yet again, thanks again for your help with all this. It's turning out to be a bigger nag than I expected it to be.

 

 

Enclosed are following reports: systemlookup, defogger, tdss, aswmbr-

 

SystemLook 30.07.11 by jpshortstuff
Log created at 11:46 on 04/03/2016 by Hd
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "sptd.sys"
C:\Windows\System32\drivers\sptd.sys --a---- 381440 bytes [14:50 23/10/2009] [04:26 10/01/2014] 656736958178461D25B51BB0D9EC7D09
 
Searching for "ataport.sys"
C:\Windows\System32\drivers\ataport.sys --a---- 155584 bytes [07:33 11/09/2013] [02:25 05/08/2013] 059F00DEF82BF41E433B7ED465847726
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\ataport.sys --a---- 155584 bytes [07:33 11/09/2013] [02:25 05/08/2013] 059F00DEF82BF41E433B7ED465847726
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\ataport.sys --a---- 155520 bytes [11:22 01/03/2011] [13:32 20/11/2010] A34FE1E025E88798E746F484956C0720
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\ataport.sys --a---- 155728 bytes [23:19 13/07/2009] [01:52 14/07/2009] AA2186F7944104A16D6ED176ED462CEC
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\ataport.sys --a---- 155520 bytes [11:22 01/03/2011] [13:32 20/11/2010] A34FE1E025E88798E746F484956C0720
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\ataport.sys --a---- 155584 bytes [07:33 11/09/2013] [02:25 05/08/2013] 059F00DEF82BF41E433B7ED465847726
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\ataport.sys --a---- 155584 bytes [07:33 11/09/2013] [08:33 05/08/2013] C0515A22C5C493328062467E191330A9
 
-= EOF =-
 
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:51 on 04/03/2016 (Hd)
 
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
 
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
 
 
-=E.O.F=-
 
 
12:47:00.0147 0x132c  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
12:47:08.0147 0x132c  ============================================================
12:47:08.0147 0x132c  Current date / time: 2016/03/04 12:47:08.0147
12:47:08.0147 0x132c  SystemInfo:
12:47:08.0147 0x132c  
12:47:08.0147 0x132c  OS Version: 6.1.7601 ServicePack: 1.0
12:47:08.0147 0x132c  Product type: Workstation
12:47:08.0147 0x132c  ComputerName: HOMER-I5
12:47:08.0147 0x132c  UserName: Hd
12:47:08.0147 0x132c  Windows directory: C:\Windows
12:47:08.0147 0x132c  System windows directory: C:\Windows
12:47:08.0147 0x132c  Running under WOW64
12:47:08.0147 0x132c  Processor architecture: Intel x64
12:47:08.0147 0x132c  Number of processors: 4
12:47:08.0147 0x132c  Page size: 0x1000
12:47:08.0147 0x132c  Boot type: Normal boot
12:47:08.0147 0x132c  ============================================================
12:47:08.0522 0x132c  System UUID: {53976CE6-CC90-14D4-2EE1-9CB52DE762C4}
12:47:08.0913 0x132c  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:48:33.0475 0x132c  Drive \Device\Harddisk1\DR1 - Size: 0x2BAA1475000 ( 2794.52 Gb ), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:50:55.0678 0x132c  ============================================================
12:50:55.0678 0x132c  \Device\Harddisk0\DR0:
12:50:55.0694 0x132c  MBR partitions:
12:50:55.0694 0x132c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x28C67958
12:50:55.0709 0x132c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x28C679D6, BlocksNum 0xC019FAEB
12:50:55.0709 0x132c  ============================================================
12:50:55.0725 0x132c  C: <-> \Device\Harddisk0\DR0\Partition1
12:50:55.0756 0x132c  D: <-> \Device\Harddisk0\DR0\Partition2
12:50:55.0772 0x132c  ============================================================
12:50:55.0772 0x132c  Initialize success
12:50:55.0772 0x132c  ============================================================
12:52:26.0647 0x0f5c  ============================================================
12:52:26.0647 0x0f5c  Scan started
12:52:26.0647 0x0f5c  Mode: Manual; 
12:52:26.0647 0x0f5c  ============================================================
12:52:26.0647 0x0f5c  KSN ping started
12:52:26.0694 0x0f5c  KSN ping finished: false
12:52:27.0319 0x0f5c  ================ Scan system memory ========================
12:52:27.0319 0x0f5c  System memory - ok
12:52:27.0319 0x0f5c  ================ Scan services =============================
12:52:27.0475 0x0f5c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:52:27.0491 0x0f5c  1394ohci - ok
12:52:27.0600 0x0f5c  [ 475726F9CD55023D4CF559CF8BD4C202, BE8F60C634461157396DD2DD0B6A8A4E9AF53D8444263B14B12D42967F7797C7 ] 3xHybr64        C:\Windows\system32\DRIVERS\3xHybr64.sys
12:52:27.0631 0x0f5c  3xHybr64 - ok
12:52:27.0647 0x0f5c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:52:27.0663 0x0f5c  ACPI - ok
12:52:27.0678 0x0f5c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:52:27.0678 0x0f5c  AcpiPmi - ok
12:52:27.0694 0x0f5c  [ D44BCAF639E4E45307C2BC80715273D5, 1E1CDE13C39D835447096CBEC104A2EDDCE15D94288DB3FBB02421B8B8307989 ] adfs            C:\Windows\system32\drivers\adfs.sys
12:52:27.0709 0x0f5c  adfs - ok
12:52:27.0772 0x0f5c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:52:27.0788 0x0f5c  adp94xx - ok
12:52:27.0819 0x0f5c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:52:27.0834 0x0f5c  adpahci - ok
12:52:27.0850 0x0f5c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:52:27.0866 0x0f5c  adpu320 - ok
12:52:27.0913 0x0f5c  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:52:27.0913 0x0f5c  AeLookupSvc - ok
12:52:28.0022 0x0f5c  [ 6CCD1135320109D6B219F1A6E04AD9F6, B97D4DF46DF0EFC106BD3E248C70809F3F47DF3FD1CA039A0A3923E1FA05A969 ] Afc             C:\Windows\syswow64\drivers\Afc.sys
12:52:28.0022 0x0f5c  Afc - ok
12:52:28.0100 0x0f5c  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
12:52:28.0116 0x0f5c  AFD - ok
12:52:28.0131 0x0f5c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
12:52:28.0131 0x0f5c  agp440 - ok
12:52:28.0163 0x0f5c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
12:52:28.0178 0x0f5c  ALG - ok
12:52:28.0194 0x0f5c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:52:28.0194 0x0f5c  aliide - ok
12:52:28.0209 0x0f5c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:52:28.0209 0x0f5c  amdide - ok
12:52:28.0225 0x0f5c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:52:28.0241 0x0f5c  AmdK8 - ok
12:52:28.0256 0x0f5c  amdkmdag - ok
12:52:28.0319 0x0f5c  [ AE0595A5C0B4A002F2E5AD0CE8B59AA1, F4F1DBA5F935DE9C8B1266591B65D2DF8D16F74BE08E328F4CCE77B60ADF9447 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:52:28.0350 0x0f5c  amdkmdap - ok
12:52:28.0366 0x0f5c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:52:28.0366 0x0f5c  AmdPPM - ok
12:52:28.0397 0x0f5c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:52:28.0397 0x0f5c  amdsata - ok
12:52:28.0413 0x0f5c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:52:28.0413 0x0f5c  amdsbs - ok
12:52:28.0428 0x0f5c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:52:28.0428 0x0f5c  amdxata - ok
12:52:28.0475 0x0f5c  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\Windows\system32\drivers\appid.sys
12:52:28.0475 0x0f5c  AppID - ok
12:52:28.0522 0x0f5c  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:52:28.0522 0x0f5c  AppIDSvc - ok
12:52:28.0553 0x0f5c  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\Windows\System32\appinfo.dll
12:52:28.0553 0x0f5c  Appinfo - ok
12:52:28.0616 0x0f5c  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:52:28.0631 0x0f5c  AppMgmt - ok
12:52:28.0647 0x0f5c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:52:28.0647 0x0f5c  arc - ok
12:52:28.0663 0x0f5c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:52:28.0663 0x0f5c  arcsas - ok
12:52:28.0725 0x0f5c  [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
12:52:28.0725 0x0f5c  AsIO - ok
12:52:28.0819 0x0f5c  [ 660D597B7A78256734D7F3230B21B355, CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:52:28.0834 0x0f5c  aspnet_state - ok
12:52:28.0866 0x0f5c  [ 1392B92179B07B672720763D9B1028A5, B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
12:52:28.0881 0x0f5c  AsUpIO - ok
12:52:28.0928 0x0f5c  [ 7E66DFE6B62C6C34FD6B09DB6169E9F6, BCE908BBF35FD9471018BFC9DCE357529F558693692FF51DA868024F7FD0E868 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
12:52:28.0928 0x0f5c  aswHwid - ok
12:52:28.0944 0x0f5c  [ 259ABA699202DCE45815128D7BEAE41E, D42C190212D8B41DCD56331E7C94AB2E57E3BE0A55056FDA715339E13F55B0CC ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
12:52:28.0959 0x0f5c  aswMonFlt - ok
12:52:29.0006 0x0f5c  [ 0866D5FE02D614501B7B4AD5E1BC7B53, C34B4AF64DA9592EADC070C7A384070D564DCE3412337F671932A4818D8E12E8 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
12:52:29.0006 0x0f5c  aswRdr - ok
12:52:29.0038 0x0f5c  [ 0AA12ADF5F87B4A70BDBAED77F54B978, 2C33F656EC2E51493A40FF32A5C934E209CF1475A8B0F3573396E97F8A10A76A ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
12:52:29.0038 0x0f5c  aswRvrt - ok
12:52:29.0100 0x0f5c  [ C445C4459ADC7A04E02D4646980515FC, 231BAA4D0B3F5B8EDE9ED849B0D192E8BB12FAB8AAB60FD8224EB96E41924A51 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
12:52:29.0116 0x0f5c  aswSnx - ok
12:52:29.0163 0x0f5c  [ 43F46E7D103F46EC345B1056BDD2A60B, 6F8D844F3EBFDC56A319758C88B2C87FBDE185E5B1E08F8627F29158F190DBFF ] aswSP           C:\Windows\system32\drivers\aswSP.sys
12:52:29.0163 0x0f5c  aswSP - ok
12:52:29.0194 0x0f5c  [ 219D0E2348629FAE4E6E3478C21B23D6, 3545F59A966F31CE949596629217FD4D7119162411073D4D811575620728AC68 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
12:52:29.0194 0x0f5c  aswStm - ok
12:52:29.0225 0x0f5c  aswVmm - ok
12:52:29.0288 0x0f5c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:52:29.0288 0x0f5c  AsyncMac - ok
12:52:29.0319 0x0f5c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:52:29.0319 0x0f5c  atapi - ok
12:52:29.0381 0x0f5c  [ 80AA9265E820A8667EDEF731E31335B6, 549DC0BCF988F25CF3F89A784DC9B97C6D4DF697302F5CF467EFA2B816991A52 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:52:29.0381 0x0f5c  AtiHDAudioService - ok
12:52:29.0475 0x0f5c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:52:29.0506 0x0f5c  AudioEndpointBuilder - ok
12:52:29.0522 0x0f5c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:52:29.0538 0x0f5c  AudioSrv - ok
12:52:29.0600 0x0f5c  [ 501E11AE85EE28D305D228F5931AC76C, FB7052CFA143E5D431131EBB59D4EDAEEFCB56A017552E2395F1954F861613A0 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:52:29.0616 0x0f5c  avast! Antivirus - ok
12:52:29.0647 0x0f5c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:52:29.0647 0x0f5c  AxInstSV - ok
12:52:29.0694 0x0f5c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
12:52:29.0709 0x0f5c  b06bdrv - ok
12:52:29.0725 0x0f5c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:52:29.0725 0x0f5c  b57nd60a - ok
12:52:29.0772 0x0f5c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:52:29.0772 0x0f5c  BDESVC - ok
12:52:29.0803 0x0f5c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:52:29.0803 0x0f5c  Beep - ok
12:52:29.0850 0x0f5c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
12:52:29.0866 0x0f5c  BFE - ok
12:52:29.0928 0x0f5c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
12:52:29.0944 0x0f5c  BITS - ok
12:52:29.0959 0x0f5c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:52:29.0959 0x0f5c  blbdrive - ok
12:52:29.0975 0x0f5c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:52:29.0975 0x0f5c  bowser - ok
12:52:29.0991 0x0f5c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:52:29.0991 0x0f5c  BrFiltLo - ok
12:52:30.0006 0x0f5c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:52:30.0006 0x0f5c  BrFiltUp - ok
12:52:30.0022 0x0f5c  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:52:30.0038 0x0f5c  BridgeMP - ok
12:52:30.0069 0x0f5c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
12:52:30.0084 0x0f5c  Browser - ok
12:52:30.0147 0x0f5c  [ E5E9B1625A767CEB6F319C12D33EAB78, F49FF610C0712FAE4B69BD300C78D7DEA7C72DFC076323295779272D1E23D7CE ] BrSerIb         C:\Windows\system32\DRIVERS\BrSerIb.sys
12:52:30.0163 0x0f5c  BrSerIb - ok
12:52:30.0194 0x0f5c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:52:30.0194 0x0f5c  Brserid - ok
12:52:30.0256 0x0f5c  [ 34F6C504B150F99DAE69D7073D2A4DF4, A913A428061513665ED5030F3FD5F25B18E0368D76966C8743DB0F15711CA718 ] BrSerIf         C:\Windows\system32\DRIVERS\BrSerIf.sys
12:52:30.0256 0x0f5c  BrSerIf - ok
12:52:30.0272 0x0f5c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:52:30.0272 0x0f5c  BrSerWdm - ok
12:52:30.0288 0x0f5c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:52:30.0303 0x0f5c  BrUsbMdm - ok
12:52:30.0303 0x0f5c  [ 601CB966FFFEBC6806626DC8E7AA0EF2, 34208A23F48C60C52144C02D4E157D3057E9DE7D46ECB4246A521BEBB261F446 ] BrUsbSer        C:\Windows\system32\DRIVERS\BrUsbSer.sys
12:52:30.0303 0x0f5c  BrUsbSer - ok
12:52:30.0319 0x0f5c  [ D9F6B30AD93CBD165EC71FADF51DF25E, 9E38846451650F4F320CB1DEA9C010653A54D7419591719936BF53BEE269F1A8 ] BrUsbSIb        C:\Windows\system32\DRIVERS\BrUsbSIb.sys
12:52:30.0319 0x0f5c  BrUsbSIb - ok
12:52:30.0334 0x0f5c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:52:30.0334 0x0f5c  BTHMODEM - ok
12:52:30.0397 0x0f5c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
12:52:30.0397 0x0f5c  bthserv - ok
12:52:30.0428 0x0f5c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:52:30.0428 0x0f5c  cdfs - ok
12:52:30.0475 0x0f5c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:52:30.0475 0x0f5c  cdrom - ok
12:52:30.0506 0x0f5c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:52:30.0506 0x0f5c  CertPropSvc - ok
12:52:30.0522 0x0f5c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:52:30.0522 0x0f5c  circlass - ok
12:52:30.0584 0x0f5c  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
12:52:30.0600 0x0f5c  CLFS - ok
12:52:30.0663 0x0f5c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:52:30.0678 0x0f5c  clr_optimization_v2.0.50727_32 - ok
12:52:30.0725 0x0f5c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:52:30.0725 0x0f5c  clr_optimization_v2.0.50727_64 - ok
12:52:30.0803 0x0f5c  [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:52:30.0803 0x0f5c  clr_optimization_v4.0.30319_32 - ok
12:52:30.0881 0x0f5c  [ 1400C75FF021D6CFACE46AC41B60770E, 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:52:30.0881 0x0f5c  clr_optimization_v4.0.30319_64 - ok
12:52:30.0913 0x0f5c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:52:30.0913 0x0f5c  CmBatt - ok
12:52:30.0928 0x0f5c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:52:30.0928 0x0f5c  cmdide - ok
12:52:30.0991 0x0f5c  [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG             C:\Windows\system32\Drivers\cng.sys
12:52:31.0006 0x0f5c  CNG - ok
12:52:31.0038 0x0f5c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:52:31.0038 0x0f5c  Compbatt - ok
12:52:31.0053 0x0f5c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:52:31.0053 0x0f5c  CompositeBus - ok
12:52:31.0053 0x0f5c  COMSysApp - ok
12:52:31.0069 0x0f5c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:52:31.0084 0x0f5c  crcdisk - ok
12:52:31.0147 0x0f5c  [ C8BD651E13895B93ED9EC5B4F1DF42BC, D86D6BF0BA3C09B49B3A52C86A7F3B3856A27F79EDD86A8FFA469D9A5F196E8D ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
12:52:31.0163 0x0f5c  Creative ALchemy AL6 Licensing Service - ok
12:52:31.0194 0x0f5c  [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
12:52:31.0194 0x0f5c  Creative Audio Engine Licensing Service - ok
12:52:31.0225 0x0f5c  [ D03466C36EF0E5C7694FF38B45271D9D, 367E0C1F0C49C31F26EC6A8828FE5727D70C637FD8C4213D10E43C80A0EA259E ] Creative Media Toolbox 6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
12:52:31.0225 0x0f5c  Creative Media Toolbox 6 Licensing Service - ok
12:52:31.0288 0x0f5c  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:52:31.0288 0x0f5c  CryptSvc - ok
12:52:31.0350 0x0f5c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
12:52:31.0366 0x0f5c  CSC - ok
12:52:31.0381 0x0f5c  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
12:52:31.0397 0x0f5c  CscService - ok
12:52:31.0428 0x0f5c  [ 7C62EF8F845C7595275BD140BC613AB9, 28EE55FD785E95F7FD594A659241BE99EB4431C4CFC2F6E0DD969523C6EFEFA8 ] CT20XUT         C:\Windows\system32\drivers\CT20XUT.SYS
12:52:31.0428 0x0f5c  CT20XUT - ok
12:52:31.0444 0x0f5c  [ 7C62EF8F845C7595275BD140BC613AB9, 28EE55FD785E95F7FD594A659241BE99EB4431C4CFC2F6E0DD969523C6EFEFA8 ] CT20XUT.SYS     C:\Windows\System32\drivers\CT20XUT.SYS
12:52:31.0444 0x0f5c  CT20XUT.SYS - ok
12:52:31.0475 0x0f5c  [ CBB7D529BEF84ACBEFF4383D2E641429, 2F010B0910F0A0101EB46A62FA7937833105044B1F2D835FE90F2B6A22A540DA ] ctac32k         C:\Windows\system32\drivers\ctac32k.sys
12:52:31.0491 0x0f5c  ctac32k - ok
12:52:31.0522 0x0f5c  [ D48821CEA87EE02E61C8087931E65214, EFEE9E7ED0EC460C53AFE7305FF9548FE3AEFCA38D232E606A4A2AED83DD8D9C ] ctaud2k         C:\Windows\system32\drivers\ctaud2k.sys
12:52:31.0538 0x0f5c  ctaud2k - ok
12:52:31.0584 0x0f5c  [ 96BE487253F4B5A0B5851A4884C2AD83, 29C75142CB20AB6F3E2670A10C54BF8F30D6F743D763D5608C1C670897F2C6CC ] CTEXFIFX        C:\Windows\system32\drivers\CTEXFIFX.SYS
12:52:31.0600 0x0f5c  CTEXFIFX - ok
12:52:31.0663 0x0f5c  [ 96BE487253F4B5A0B5851A4884C2AD83, 29C75142CB20AB6F3E2670A10C54BF8F30D6F743D763D5608C1C670897F2C6CC ] CTEXFIFX.SYS    C:\Windows\System32\drivers\CTEXFIFX.SYS
12:52:31.0694 0x0f5c  CTEXFIFX.SYS - ok
12:52:31.0709 0x0f5c  [ 103622BCED20E4F1BB28422AF2713763, 96C414F0B55CA5E0375761DDE5A18C5B9BF58EA727CE2C2CA95016AFECEBE32B ] CTHWIUT         C:\Windows\system32\drivers\CTHWIUT.SYS
12:52:31.0709 0x0f5c  CTHWIUT - ok
12:52:31.0709 0x0f5c  [ 103622BCED20E4F1BB28422AF2713763, 96C414F0B55CA5E0375761DDE5A18C5B9BF58EA727CE2C2CA95016AFECEBE32B ] CTHWIUT.SYS     C:\Windows\System32\drivers\CTHWIUT.SYS
12:52:31.0709 0x0f5c  CTHWIUT.SYS - ok
12:52:31.0725 0x0f5c  [ BD442E7C6CC3C6B601E5733D70F8DE10, 9B45E03DCD408F5941B684BCD9E920A77A1223A2D91210AB70427CCA5E9D7C29 ] ctprxy2k        C:\Windows\system32\drivers\ctprxy2k.sys
12:52:31.0725 0x0f5c  ctprxy2k - ok
12:52:31.0741 0x0f5c  [ 42E18F3D1C442137E37F0564D4AF1FE5, B6B86AFC2326163023DF5BC00E7164467A8BFAC9FABCDF65B011A972D9E111D2 ] ctsfm2k         C:\Windows\system32\drivers\ctsfm2k.sys
12:52:31.0741 0x0f5c  ctsfm2k - ok
12:52:31.0772 0x0f5c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:52:31.0788 0x0f5c  DcomLaunch - ok
12:52:31.0834 0x0f5c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:52:31.0834 0x0f5c  defragsvc - ok
12:52:31.0866 0x0f5c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:52:31.0866 0x0f5c  DfsC - ok
12:52:31.0881 0x0f5c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:52:31.0897 0x0f5c  Dhcp - ok
12:52:32.0006 0x0f5c  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
12:52:32.0038 0x0f5c  DiagTrack - ok
12:52:32.0069 0x0f5c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
12:52:32.0069 0x0f5c  discache - ok
12:52:32.0100 0x0f5c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:52:32.0100 0x0f5c  Disk - ok
12:52:32.0475 0x0f5c  [ 9BC28C896EF5AA63CA0BF38F28C03E22, 7FCE7FA8918005E3CA702EB5862338F00BD81A7ED918EFB9470C63D56F27DF42 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
12:52:32.0647 0x0f5c  DisplayLinkService - ok
12:52:32.0694 0x0f5c  [ F5945E0966C2524A5A3F3FB56AC11DC1, 49913B924CFD75DB9394F41B4EFE105F802331C1132207DCF4196440F6B6E659 ] DisplayLinkUsbIo_x64 C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.9.630.0.sys
12:52:32.0694 0x0f5c  DisplayLinkUsbIo_x64 - ok
12:52:32.0772 0x0f5c  [ A8BB0396C1064C7A749F7103D8EC60C2, 956D6EC2DA8A00B3DF0F9BC6BFB54B3865328F76BFE5D2552DA2EC65F26E3DC1 ] dlkmd           C:\Windows\system32\drivers\dlkmd.sys
12:52:32.0788 0x0f5c  dlkmd - ok
12:52:32.0819 0x0f5c  [ 9F6AB898E4B5E2FD608FD958087858A1, 7065BE023EA428603CED6207C27CFF7972E6FA60B323995418B003C8AA3BEDD6 ] dlkmdldr        C:\Windows\system32\drivers\dlkmdldr.sys
12:52:32.0819 0x0f5c  dlkmdldr - ok
12:52:32.0850 0x0f5c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:52:32.0866 0x0f5c  Dnscache - ok
12:52:32.0897 0x0f5c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:52:32.0913 0x0f5c  dot3svc - ok
12:52:32.0944 0x0f5c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
12:52:32.0959 0x0f5c  DPS - ok
12:52:32.0991 0x0f5c  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:52:32.0991 0x0f5c  drmkaud - ok
12:52:33.0084 0x0f5c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:52:33.0100 0x0f5c  DXGKrnl - ok
12:52:33.0147 0x0f5c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
12:52:33.0147 0x0f5c  EapHost - ok
12:52:33.0319 0x0f5c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
12:52:33.0366 0x0f5c  ebdrv - ok
12:52:33.0428 0x0f5c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:52:33.0444 0x0f5c  ehRecvr - ok
12:52:33.0491 0x0f5c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
12:52:33.0491 0x0f5c  ehSched - ok
12:52:33.0553 0x0f5c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:52:33.0569 0x0f5c  elxstor - ok
12:52:33.0600 0x0f5c  [ A3A0790511C8303DEE122917835E2502, F77544A5FD9E25B63AB0880ED6FE8A90EA1EF62383C92F875D391DE94BD63580 ] emupia          C:\Windows\system32\drivers\emupia2k.sys
12:52:33.0600 0x0f5c  emupia - ok
12:52:33.0616 0x0f5c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:52:33.0616 0x0f5c  ErrDev - ok
12:52:33.0647 0x0f5c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
12:52:33.0647 0x0f5c  EventSystem - ok
12:52:33.0678 0x0f5c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:52:33.0694 0x0f5c  exfat - ok
12:52:33.0694 0x0f5c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:52:33.0709 0x0f5c  fastfat - ok
12:52:33.0772 0x0f5c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
12:52:33.0788 0x0f5c  Fax - ok
12:52:33.0788 0x0f5c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:52:33.0788 0x0f5c  fdc - ok
12:52:33.0834 0x0f5c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
12:52:33.0850 0x0f5c  fdPHost - ok
12:52:33.0866 0x0f5c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:52:33.0866 0x0f5c  FDResPub - ok
12:52:33.0881 0x0f5c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:52:33.0881 0x0f5c  FileInfo - ok
12:52:33.0897 0x0f5c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:52:33.0913 0x0f5c  Filetrace - ok
12:52:33.0913 0x0f5c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:52:33.0913 0x0f5c  flpydisk - ok
12:52:33.0959 0x0f5c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:52:33.0975 0x0f5c  FltMgr - ok
12:52:34.0069 0x0f5c  [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache       C:\Windows\system32\FntCache.dll
12:52:34.0084 0x0f5c  FontCache - ok
12:52:34.0131 0x0f5c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:52:34.0147 0x0f5c  FontCache3.0.0.0 - ok
12:52:34.0163 0x0f5c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:52:34.0163 0x0f5c  FsDepends - ok
12:52:34.0178 0x0f5c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:52:34.0178 0x0f5c  Fs_Rec - ok
12:52:34.0209 0x0f5c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:52:34.0225 0x0f5c  fvevol - ok
12:52:34.0241 0x0f5c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:52:34.0241 0x0f5c  gagp30kx - ok
12:52:34.0303 0x0f5c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:52:34.0319 0x0f5c  gpsvc - ok
12:52:34.0413 0x0f5c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:52:34.0413 0x0f5c  gupdate - ok
12:52:34.0428 0x0f5c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:52:34.0428 0x0f5c  gupdatem - ok
12:52:34.0538 0x0f5c  [ 012895BB7AF4B86DE4BBE1212D9CA568, A57EFDFEC572B4F18996C92A0FEC606E82C6DFC5C8B436BDDAEBA69D900DBE07 ] ha20x22k        C:\Windows\system32\drivers\ha20x22k.sys
12:52:34.0569 0x0f5c  ha20x22k - ok
12:52:34.0647 0x0f5c  [ F016406FF3A8B6419D805BFFAC454518, 54DECFE73D5EF539148F8F76009E3A1C41607C901A4848BF73337D8D060B0B87 ] ha20x2k         C:\Windows\system32\drivers\ha20x2k.sys
12:52:34.0663 0x0f5c  ha20x2k - ok
12:52:34.0678 0x0f5c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:52:34.0694 0x0f5c  hcw85cir - ok
12:52:34.0725 0x0f5c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:52:34.0741 0x0f5c  HdAudAddService - ok
12:52:34.0756 0x0f5c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:52:34.0756 0x0f5c  HDAudBus - ok
12:52:34.0772 0x0f5c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:52:34.0772 0x0f5c  HidBatt - ok
12:52:34.0788 0x0f5c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:52:34.0788 0x0f5c  HidBth - ok
12:52:34.0788 0x0f5c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:52:34.0788 0x0f5c  HidIr - ok
12:52:34.0834 0x0f5c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
12:52:34.0834 0x0f5c  hidserv - ok
12:52:34.0866 0x0f5c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:52:34.0866 0x0f5c  HidUsb - ok
12:52:34.0897 0x0f5c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:52:34.0897 0x0f5c  hkmsvc - ok
12:52:34.0944 0x0f5c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:52:34.0959 0x0f5c  HomeGroupListener - ok
12:52:35.0006 0x0f5c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:52:35.0022 0x0f5c  HomeGroupProvider - ok
12:52:35.0022 0x0f5c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:52:35.0022 0x0f5c  HpSAMD - ok
12:52:35.0084 0x0f5c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:52:35.0100 0x0f5c  HTTP - ok
12:52:35.0116 0x0f5c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:52:35.0116 0x0f5c  hwpolicy - ok
12:52:35.0131 0x0f5c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:52:35.0131 0x0f5c  i8042prt - ok
12:52:35.0163 0x0f5c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:52:35.0178 0x0f5c  iaStorV - ok
12:52:35.0272 0x0f5c  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:52:35.0272 0x0f5c  IDriverT - ok
12:52:35.0350 0x0f5c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:52:35.0366 0x0f5c  idsvc - ok
12:52:35.0397 0x0f5c  IEEtwCollectorService - ok
12:52:35.0444 0x0f5c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:52:35.0444 0x0f5c  iirsp - ok
12:52:35.0491 0x0f5c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
12:52:35.0506 0x0f5c  IKEEXT - ok
12:52:35.0538 0x0f5c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:52:35.0538 0x0f5c  intelide - ok
12:52:35.0553 0x0f5c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:52:35.0553 0x0f5c  intelppm - ok
12:52:35.0600 0x0f5c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:52:35.0600 0x0f5c  IPBusEnum - ok
12:52:35.0647 0x0f5c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:52:35.0647 0x0f5c  IpFilterDriver - ok
12:52:35.0694 0x0f5c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:52:35.0709 0x0f5c  iphlpsvc - ok
12:52:35.0741 0x0f5c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:52:35.0741 0x0f5c  IPMIDRV - ok
12:52:35.0756 0x0f5c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:52:35.0772 0x0f5c  IPNAT - ok
12:52:35.0788 0x0f5c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:52:35.0788 0x0f5c  IRENUM - ok
12:52:35.0803 0x0f5c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:52:35.0803 0x0f5c  isapnp - ok
12:52:35.0850 0x0f5c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:52:35.0866 0x0f5c  iScsiPrt - ok
12:52:35.0881 0x0f5c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:52:35.0881 0x0f5c  kbdclass - ok
12:52:35.0897 0x0f5c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:52:35.0897 0x0f5c  kbdhid - ok
12:52:35.0928 0x0f5c  [ 7BDDD24C5A148534D3737DBFA96B3E69, 06130316A21B1D67B5885AB7030603097EC96F7104F3766D67793ECFC1143158 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:52:35.0944 0x0f5c  KSecDD - ok
12:52:35.0959 0x0f5c  [ BA500732D160C61E889E8180EE53C86F, 2E9B9FEF4E2F86DBF6778AD0A581CE2F1CA0AC777440BA05AB36B031CE1E8781 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:52:35.0959 0x0f5c  KSecPkg - ok
12:52:35.0975 0x0f5c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:52:35.0975 0x0f5c  ksthunk - ok
12:52:36.0038 0x0f5c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:52:36.0053 0x0f5c  KtmRm - ok
12:52:36.0069 0x0f5c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:52:36.0084 0x0f5c  LanmanServer - ok
12:52:36.0116 0x0f5c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:52:36.0116 0x0f5c  LanmanWorkstation - ok
12:52:36.0147 0x0f5c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:52:36.0163 0x0f5c  lltdio - ok
12:52:36.0209 0x0f5c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:52:36.0225 0x0f5c  lltdsvc - ok
12:52:36.0241 0x0f5c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:52:36.0256 0x0f5c  lmhosts - ok
12:52:36.0272 0x0f5c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:52:36.0272 0x0f5c  LSI_FC - ok
12:52:36.0288 0x0f5c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:52:36.0288 0x0f5c  LSI_SAS - ok
12:52:36.0303 0x0f5c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:52:36.0303 0x0f5c  LSI_SAS2 - ok
12:52:36.0319 0x0f5c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:52:36.0334 0x0f5c  LSI_SCSI - ok
12:52:36.0334 0x0f5c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:52:36.0350 0x0f5c  luafv - ok
12:52:36.0381 0x0f5c  [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:52:36.0381 0x0f5c  MBAMProtector - ok
12:52:36.0506 0x0f5c  [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
12:52:36.0522 0x0f5c  MBAMService - ok
12:52:36.0538 0x0f5c  [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
12:52:36.0538 0x0f5c  MBAMWebAccessControl - ok
12:52:36.0600 0x0f5c  [ 79D51E7F5926E8CE1B3EBECEBAE28CFF, 2722E217AF11F928E58F694E5C1CC5776283A56C54E7F84401FECFBD73E91EBA ] mcdbus          C:\Windows\system32\DRIVERS\mcdbus.sys
12:52:36.0616 0x0f5c  mcdbus - ok
12:52:36.0647 0x0f5c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:52:36.0647 0x0f5c  Mcx2Svc - ok
12:52:36.0663 0x0f5c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:52:36.0663 0x0f5c  megasas - ok
12:52:36.0694 0x0f5c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:52:36.0709 0x0f5c  MegaSR - ok
12:52:36.0741 0x0f5c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
12:52:36.0741 0x0f5c  MMCSS - ok
12:52:36.0772 0x0f5c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
12:52:36.0772 0x0f5c  Modem - ok
12:52:36.0803 0x0f5c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:52:36.0803 0x0f5c  monitor - ok
12:52:36.0819 0x0f5c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:52:36.0819 0x0f5c  mouclass - ok
12:52:36.0866 0x0f5c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:52:36.0866 0x0f5c  mouhid - ok
12:52:36.0897 0x0f5c  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:52:36.0913 0x0f5c  mountmgr - ok
12:52:36.0944 0x0f5c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:52:36.0944 0x0f5c  mpio - ok
12:52:36.0975 0x0f5c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:52:36.0975 0x0f5c  mpsdrv - ok
12:52:37.0038 0x0f5c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:52:37.0053 0x0f5c  MpsSvc - ok
12:52:37.0131 0x0f5c  [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:52:37.0131 0x0f5c  MRxDAV - ok
12:52:37.0178 0x0f5c  [ 355DF71D1DD1999E8AEDF986534B233C, 4F5B07A3E9F4C5EE259A72353835364BFEAEC792090C178C4EF91B517B1C49D0 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:52:37.0194 0x0f5c  mrxsmb - ok
12:52:37.0241 0x0f5c  [ A16FC9323A85CAEA5804D04646A91CF9, ABC9F1BE4B871EBB5FDED9FC248DABEC4004EBCCF53E6C4D1E54AF69653B00E0 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:52:37.0256 0x0f5c  mrxsmb10 - ok
12:52:37.0303 0x0f5c  [ 2539BE615440BA1EA4CF84A66B6C0AF9, 3369DE38EE49E5507A73036CDF3982AEF2331D61C7EC4F159004EAD14309A933 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:52:37.0303 0x0f5c  mrxsmb20 - ok
12:52:37.0350 0x0f5c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:52:37.0350 0x0f5c  msahci - ok
12:52:37.0366 0x0f5c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:52:37.0366 0x0f5c  msdsm - ok
12:52:37.0413 0x0f5c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
12:52:37.0428 0x0f5c  MSDTC - ok
12:52:37.0444 0x0f5c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:52:37.0444 0x0f5c  Msfs - ok
12:52:37.0459 0x0f5c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:52:37.0459 0x0f5c  mshidkmdf - ok
12:52:37.0475 0x0f5c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:52:37.0475 0x0f5c  msisadrv - ok
12:52:37.0522 0x0f5c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:52:37.0538 0x0f5c  MSiSCSI - ok
12:52:37.0538 0x0f5c  msiserver - ok
12:52:37.0553 0x0f5c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:52:37.0553 0x0f5c  MSKSSRV - ok
12:52:37.0569 0x0f5c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:52:37.0569 0x0f5c  MSPCLOCK - ok
12:52:37.0584 0x0f5c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:52:37.0584 0x0f5c  MSPQM - ok
12:52:37.0616 0x0f5c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:52:37.0616 0x0f5c  MsRPC - ok
12:52:37.0647 0x0f5c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:52:37.0647 0x0f5c  mssmbios - ok
12:52:37.0647 0x0f5c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:52:37.0663 0x0f5c  MSTEE - ok
12:52:37.0663 0x0f5c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:52:37.0663 0x0f5c  MTConfig - ok
12:52:37.0678 0x0f5c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
12:52:37.0678 0x0f5c  Mup - ok
12:52:37.0694 0x0f5c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
12:52:37.0709 0x0f5c  napagent - ok
12:52:37.0756 0x0f5c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:52:37.0772 0x0f5c  NativeWifiP - ok
12:52:37.0850 0x0f5c  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:52:37.0866 0x0f5c  NDIS - ok
12:52:37.0881 0x0f5c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:52:37.0881 0x0f5c  NdisCap - ok
12:52:37.0913 0x0f5c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:52:37.0913 0x0f5c  NdisTapi - ok
12:52:37.0928 0x0f5c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:52:37.0928 0x0f5c  Ndisuio - ok
12:52:37.0959 0x0f5c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:52:37.0959 0x0f5c  NdisWan - ok
12:52:38.0038 0x0f5c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:52:38.0038 0x0f5c  NDProxy - ok
12:52:38.0147 0x0f5c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:52:38.0147 0x0f5c  NetBIOS - ok
12:52:38.0225 0x0f5c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:52:38.0241 0x0f5c  NetBT - ok
12:52:38.0303 0x0f5c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
12:52:38.0319 0x0f5c  Netman - ok
12:52:38.0413 0x0f5c  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:52:38.0413 0x0f5c  NetMsmqActivator - ok
12:52:38.0444 0x0f5c  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:52:38.0444 0x0f5c  NetPipeActivator - ok
12:52:38.0506 0x0f5c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
12:52:38.0522 0x0f5c  netprofm - ok
12:52:38.0538 0x0f5c  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:52:38.0538 0x0f5c  NetTcpActivator - ok
12:52:38.0538 0x0f5c  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:52:38.0538 0x0f5c  NetTcpPortSharing - ok
12:52:38.0569 0x0f5c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:52:38.0569 0x0f5c  nfrd960 - ok
12:52:38.0616 0x0f5c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:52:38.0631 0x0f5c  NlaSvc - ok
12:52:38.0647 0x0f5c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:52:38.0647 0x0f5c  Npfs - ok
12:52:38.0725 0x0f5c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
12:52:38.0725 0x0f5c  nsi - ok
12:52:38.0819 0x0f5c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:52:38.0819 0x0f5c  nsiproxy - ok
12:52:39.0006 0x0f5c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:52:39.0038 0x0f5c  Ntfs - ok
12:52:39.0053 0x0f5c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
12:52:39.0053 0x0f5c  Null - ok
12:52:39.0084 0x0f5c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:52:39.0100 0x0f5c  nvraid - ok
12:52:39.0131 0x0f5c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:52:39.0131 0x0f5c  nvstor - ok
12:52:39.0163 0x0f5c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:52:39.0163 0x0f5c  nv_agp - ok
12:52:39.0194 0x0f5c  NXQuery - ok
12:52:39.0225 0x0f5c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:52:39.0225 0x0f5c  ohci1394 - ok
12:52:39.0303 0x0f5c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:52:39.0303 0x0f5c  ose - ok
12:52:39.0506 0x0f5c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:52:39.0584 0x0f5c  osppsvc - ok
12:52:39.0725 0x0f5c  [ 3395A2F150EC0F9F0A2E1ADDDECB867B, 739807693C1868B4A8645F81D17A4B344D85AD6FB5BC9DEA4174A639F75E87EA ] ossrv           C:\Windows\system32\drivers\ctoss2k.sys
12:52:39.0725 0x0f5c  ossrv - ok
12:52:39.0803 0x0f5c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:52:39.0819 0x0f5c  p2pimsvc - ok
12:52:39.0866 0x0f5c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
12:52:39.0881 0x0f5c  p2psvc - ok
12:52:39.0928 0x0f5c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:52:39.0928 0x0f5c  Parport - ok
12:52:39.0944 0x0f5c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:52:39.0944 0x0f5c  partmgr - ok
12:52:39.0991 0x0f5c  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:52:40.0006 0x0f5c  PcaSvc - ok
12:52:40.0038 0x0f5c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
12:52:40.0038 0x0f5c  pci - ok
12:52:40.0084 0x0f5c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:52:40.0084 0x0f5c  pciide - ok
12:52:40.0100 0x0f5c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:52:40.0116 0x0f5c  pcmcia - ok
12:52:40.0131 0x0f5c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:52:40.0131 0x0f5c  pcw - ok
12:52:40.0178 0x0f5c  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:52:40.0194 0x0f5c  PEAUTH - ok
12:52:40.0256 0x0f5c  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:52:40.0272 0x0f5c  PeerDistSvc - ok
12:52:40.0381 0x0f5c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:52:40.0381 0x0f5c  PerfHost - ok
12:52:40.0475 0x0f5c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
12:52:40.0491 0x0f5c  pla - ok
12:52:40.0569 0x0f5c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:52:40.0584 0x0f5c  PlugPlay - ok
12:52:40.0631 0x0f5c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:52:40.0631 0x0f5c  PNRPAutoReg - ok
12:52:40.0663 0x0f5c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:52:40.0678 0x0f5c  PNRPsvc - ok
12:52:40.0709 0x0f5c  [ B8D8EC78B0F9ED8E220506181274F3D3, D920277EE66AAAB6D66BF328DD5A40DDD8382BF4F331EAB398069EDB842FF18E ] Point64         C:\Windows\system32\DRIVERS\point64.sys
12:52:40.0709 0x0f5c  Point64 - ok
12:52:40.0725 0x0f5c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:52:40.0741 0x0f5c  PolicyAgent - ok
12:52:40.0788 0x0f5c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
12:52:40.0803 0x0f5c  Power - ok
12:52:40.0819 0x0f5c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:52:40.0834 0x0f5c  PptpMiniport - ok
12:52:40.0866 0x0f5c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:52:40.0866 0x0f5c  Processor - ok
12:52:40.0913 0x0f5c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:52:40.0928 0x0f5c  ProfSvc - ok
12:52:40.0975 0x0f5c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:52:40.0975 0x0f5c  Psched - ok
12:52:41.0006 0x0f5c  [ BC08F7F3C53CBEE68670ED1314E290FD, EC683DDE60AFED297D28BC7570BB6DA27A94F52417AD6DE1FBE265255F4051DD ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
12:52:41.0022 0x0f5c  PxHlpa64 - ok
12:52:41.0116 0x0f5c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:52:41.0131 0x0f5c  ql2300 - ok
12:52:41.0147 0x0f5c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:52:41.0163 0x0f5c  ql40xx - ok
12:52:41.0194 0x0f5c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
12:52:41.0194 0x0f5c  QWAVE - ok
12:52:41.0209 0x0f5c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:52:41.0209 0x0f5c  QWAVEdrv - ok
12:52:41.0225 0x0f5c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:52:41.0225 0x0f5c  RasAcd - ok
12:52:41.0256 0x0f5c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:52:41.0256 0x0f5c  RasAgileVpn - ok
12:52:41.0288 0x0f5c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
12:52:41.0288 0x0f5c  RasAuto - ok
12:52:41.0303 0x0f5c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:52:41.0303 0x0f5c  Rasl2tp - ok
12:52:41.0334 0x0f5c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
12:52:41.0350 0x0f5c  RasMan - ok
12:52:41.0350 0x0f5c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:52:41.0366 0x0f5c  RasPppoe - ok
12:52:41.0366 0x0f5c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:52:41.0366 0x0f5c  RasSstp - ok
12:52:41.0397 0x0f5c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:52:41.0397 0x0f5c  rdbss - ok
12:52:41.0413 0x0f5c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:52:41.0413 0x0f5c  rdpbus - ok
12:52:41.0413 0x0f5c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:52:41.0413 0x0f5c  RDPCDD - ok
12:52:41.0444 0x0f5c  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:52:41.0444 0x0f5c  RDPDR - ok
12:52:41.0444 0x0f5c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:52:41.0444 0x0f5c  RDPENCDD - ok
12:52:41.0459 0x0f5c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:52:41.0475 0x0f5c  RDPREFMP - ok
12:52:41.0538 0x0f5c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:52:41.0538 0x0f5c  RdpVideoMiniport - ok
12:52:41.0569 0x0f5c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:52:41.0569 0x0f5c  RDPWD - ok
12:52:41.0600 0x0f5c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:52:41.0600 0x0f5c  rdyboost - ok
12:52:41.0631 0x0f5c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:52:41.0631 0x0f5c  RemoteAccess - ok
12:52:41.0678 0x0f5c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:52:41.0678 0x0f5c  RemoteRegistry - ok
12:52:41.0694 0x0f5c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:52:41.0694 0x0f5c  RpcEptMapper - ok
12:52:41.0725 0x0f5c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
12:52:41.0725 0x0f5c  RpcLocator - ok
12:52:41.0772 0x0f5c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\System32\rpcss.dll
12:52:41.0788 0x0f5c  RpcSs - ok
12:52:41.0834 0x0f5c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:52:41.0850 0x0f5c  rspndr - ok
12:52:41.0913 0x0f5c  [ 3B01789EE4EAEE97F5EB46B711387D5E, 154D6D409E02AAEA8CC34FA70F71630D67A31F033F65EE854448112C45F164B4 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
12:52:41.0913 0x0f5c  RTL8167 - ok
12:52:41.0944 0x0f5c  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:52:41.0944 0x0f5c  s3cap - ok
12:52:41.0959 0x0f5c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:52:41.0959 0x0f5c  sbp2port - ok
12:52:42.0006 0x0f5c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:52:42.0022 0x0f5c  SCardSvr - ok
12:52:42.0038 0x0f5c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:52:42.0038 0x0f5c  scfilter - ok
12:52:42.0084 0x0f5c  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
12:52:42.0116 0x0f5c  Schedule - ok
12:52:42.0178 0x0f5c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:52:42.0178 0x0f5c  SCPolicySvc - ok
12:52:42.0209 0x0f5c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:52:42.0209 0x0f5c  SDRSVC - ok
12:52:42.0225 0x0f5c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:52:42.0225 0x0f5c  secdrv - ok
12:52:42.0256 0x0f5c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
12:52:42.0256 0x0f5c  seclogon - ok
12:52:42.0288 0x0f5c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
12:52:42.0288 0x0f5c  SENS - ok
12:52:42.0319 0x0f5c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:52:42.0319 0x0f5c  SensrSvc - ok
12:52:42.0334 0x0f5c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:52:42.0350 0x0f5c  Serenum - ok
12:52:42.0381 0x0f5c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:52:42.0381 0x0f5c  Serial - ok
12:52:42.0413 0x0f5c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:52:42.0413 0x0f5c  sermouse - ok
12:52:42.0444 0x0f5c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
12:52:42.0459 0x0f5c  SessionEnv - ok
12:52:42.0475 0x0f5c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:52:42.0475 0x0f5c  sffdisk - ok
12:52:42.0475 0x0f5c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:52:42.0475 0x0f5c  sffp_mmc - ok
12:52:42.0491 0x0f5c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:52:42.0491 0x0f5c  sffp_sd - ok
12:52:42.0506 0x0f5c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:52:42.0506 0x0f5c  sfloppy - ok
12:52:42.0584 0x0f5c  [ D85B7C7810D4FDE6DA341EF96DE13702, 6F5A8E1FD81D53AAE8E121CF8A02EA2678C346217740CAC17144F08A5BBBC147 ] SgtSch2Svc      C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
12:52:42.0616 0x0f5c  SgtSch2Svc - ok
12:52:42.0663 0x0f5c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:52:42.0663 0x0f5c  SharedAccess - ok
12:52:42.0709 0x0f5c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:52:42.0709 0x0f5c  ShellHWDetection - ok
12:52:42.0725 0x0f5c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:52:42.0725 0x0f5c  SiSRaid2 - ok
12:52:42.0741 0x0f5c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:52:42.0741 0x0f5c  SiSRaid4 - ok
12:52:42.0756 0x0f5c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:52:42.0756 0x0f5c  Smb - ok
12:52:42.0834 0x0f5c  [ 32CDE417100C530964E79C53B4E994CA, 4BEAC22E7016031725F885A6C69AAE40F871074F01F334450773CE77C1E75BC8 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
12:52:42.0850 0x0f5c  snapman - ok
12:52:42.0913 0x0f5c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:52:42.0928 0x0f5c  SNMPTRAP - ok
12:52:42.0944 0x0f5c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:52:42.0944 0x0f5c  spldr - ok
12:52:43.0084 0x0f5c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:52:43.0131 0x0f5c  sppsvc - ok
12:52:43.0147 0x0f5c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:52:43.0147 0x0f5c  sppuinotify - ok
12:52:43.0163 0x0f5c  sptd - ok
12:52:43.0194 0x0f5c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:52:43.0194 0x0f5c  srv - ok
12:52:43.0209 0x0f5c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:52:43.0225 0x0f5c  srv2 - ok
12:52:43.0241 0x0f5c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:52:43.0241 0x0f5c  srvnet - ok
12:52:43.0288 0x0f5c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:52:43.0288 0x0f5c  SSDPSRV - ok
12:52:43.0319 0x0f5c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:52:43.0319 0x0f5c  SstpSvc - ok
12:52:43.0428 0x0f5c  [ 591249EA969797C2A24629AF7C71A6F8, 61F28FB495657916514DE2A7FFD4AD833A1B2BBA5591616BE0C9CCD7DAFA40B7 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12:52:43.0444 0x0f5c  Steam Client Service - ok
12:52:43.0459 0x0f5c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:52:43.0459 0x0f5c  stexstor - ok
12:52:43.0475 0x0f5c  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
12:52:43.0475 0x0f5c  StillCam - ok
12:52:43.0538 0x0f5c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
12:52:43.0553 0x0f5c  stisvc - ok
12:52:43.0584 0x0f5c  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:52:43.0584 0x0f5c  storflt - ok
12:52:43.0616 0x0f5c  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
12:52:43.0631 0x0f5c  StorSvc - ok
12:52:43.0631 0x0f5c  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:52:43.0647 0x0f5c  storvsc - ok
12:52:43.0647 0x0f5c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:52:43.0647 0x0f5c  swenum - ok
12:52:43.0772 0x0f5c  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:52:43.0788 0x0f5c  SwitchBoard - ok
12:52:43.0819 0x0f5c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
12:52:43.0834 0x0f5c  swprv - ok
12:52:43.0944 0x0f5c  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
12:52:43.0975 0x0f5c  SysMain - ok
12:52:44.0006 0x0f5c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:52:44.0006 0x0f5c  TabletInputService - ok
12:52:44.0038 0x0f5c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:52:44.0053 0x0f5c  TapiSrv - ok
12:52:44.0084 0x0f5c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
12:52:44.0100 0x0f5c  TBS - ok
12:52:44.0194 0x0f5c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:52:44.0241 0x0f5c  Tcpip - ok
12:52:44.0303 0x0f5c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:52:44.0334 0x0f5c  TCPIP6 - ok
12:52:44.0366 0x0f5c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:52:44.0366 0x0f5c  tcpipreg - ok
12:52:44.0397 0x0f5c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:52:44.0397 0x0f5c  TDPIPE - ok
12:52:44.0428 0x0f5c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:52:44.0428 0x0f5c  TDTCP - ok
12:52:44.0475 0x0f5c  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:52:44.0475 0x0f5c  tdx - ok
12:52:44.0506 0x0f5c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:52:44.0506 0x0f5c  TermDD - ok
12:52:44.0553 0x0f5c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
12:52:44.0569 0x0f5c  TermService - ok
12:52:44.0584 0x0f5c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
12:52:44.0584 0x0f5c  Themes - ok
12:52:44.0631 0x0f5c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
12:52:44.0647 0x0f5c  THREADORDER - ok
12:52:44.0709 0x0f5c  [ 6ADC063FD51F03EF0CAB3E716A725BD2, 887DD28D95C4EC374333ED3E6CA9EA9E79B237751A0AB1739CBA1B9B5E740D74 ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
12:52:44.0725 0x0f5c  timounter - ok
12:52:44.0741 0x0f5c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
12:52:44.0741 0x0f5c  TrkWks - ok
12:52:44.0803 0x0f5c  [ 0D5A09B08568760AE85A801FCBC0F83D, 347ACBA74FDCBEAC671521739F8A34EC0E378CAF716C31F55616F9F843E4D0D3 ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
12:52:44.0803 0x0f5c  TrueSight - ok
12:52:44.0881 0x0f5c  [ 3E75A47D2DEFD2683DCA409572FBE8B2, 33964B1A05E045D3B878CDFD9F52A9086B4FA54D6D4D1DC38062D2874CACD4A0 ] Trufos          C:\Windows\system32\DRIVERS\Trufos.sys
12:52:44.0897 0x0f5c  Trufos - ok
12:52:44.0975 0x0f5c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:52:44.0975 0x0f5c  TrustedInstaller - ok
12:52:44.0991 0x0f5c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:52:44.0991 0x0f5c  tssecsrv - ok
12:52:45.0006 0x0f5c  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:52:45.0006 0x0f5c  TsUsbFlt - ok
12:52:45.0053 0x0f5c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:52:45.0053 0x0f5c  tunnel - ok
12:52:45.0100 0x0f5c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:52:45.0100 0x0f5c  uagp35 - ok
12:52:45.0131 0x0f5c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:52:45.0147 0x0f5c  udfs - ok
12:52:45.0209 0x0f5c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:52:45.0209 0x0f5c  UI0Detect - ok
12:52:45.0241 0x0f5c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:52:45.0256 0x0f5c  uliagpkx - ok
12:52:45.0272 0x0f5c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:52:45.0272 0x0f5c  umbus - ok
12:52:45.0272 0x0f5c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:52:45.0272 0x0f5c  UmPass - ok
12:52:45.0319 0x0f5c  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
12:52:45.0334 0x0f5c  UmRdpService - ok
12:52:45.0350 0x0f5c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
12:52:45.0366 0x0f5c  upnphost - ok
12:52:45.0428 0x0f5c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:52:45.0444 0x0f5c  usbaudio - ok
12:52:45.0491 0x0f5c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:52:45.0491 0x0f5c  usbccgp - ok
12:52:45.0522 0x0f5c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:52:45.0538 0x0f5c  usbcir - ok
12:52:45.0538 0x0f5c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
12:52:45.0553 0x0f5c  usbehci - ok
12:52:45.0569 0x0f5c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:52:45.0584 0x0f5c  usbhub - ok
12:52:45.0616 0x0f5c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:52:45.0616 0x0f5c  usbohci - ok
12:52:45.0647 0x0f5c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:52:45.0647 0x0f5c  usbprint - ok
12:52:45.0663 0x0f5c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:52:45.0663 0x0f5c  usbscan - ok
12:52:45.0694 0x0f5c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:52:45.0694 0x0f5c  USBSTOR - ok
12:52:45.0709 0x0f5c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:52:45.0709 0x0f5c  usbuhci - ok
12:52:45.0741 0x0f5c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
12:52:45.0756 0x0f5c  UxSms - ok
12:52:45.0772 0x0f5c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:52:45.0772 0x0f5c  vdrvroot - ok
12:52:45.0819 0x0f5c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
12:52:45.0834 0x0f5c  vds - ok
12:52:45.0866 0x0f5c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:52:45.0866 0x0f5c  vga - ok
12:52:45.0866 0x0f5c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:52:45.0866 0x0f5c  VgaSave - ok
12:52:45.0897 0x0f5c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:52:45.0913 0x0f5c  vhdmp - ok
12:52:45.0928 0x0f5c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:52:45.0928 0x0f5c  viaide - ok
12:52:45.0959 0x0f5c  [ 96A4F56CBBA3DCF5D90CDA1BC218D040, 095F4BC461545028CB3EDBE986A29997B206C812AC6CF8B97097CEC7FE52127D ] vididr          C:\Windows\system32\DRIVERS\vididr.sys
12:52:45.0959 0x0f5c  vididr - ok
12:52:45.0991 0x0f5c  [ C69A784BEC737CD7460EBF3C3834D65E, 3D4CEC9E677FD6B08BE43DC19B3E422D403137E26A3B72443A513CD4AE5F41A2 ] vidsflt53       C:\Windows\system32\DRIVERS\vsflt53.sys
12:52:45.0991 0x0f5c  vidsflt53 - ok
12:52:46.0022 0x0f5c  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:52:46.0022 0x0f5c  vmbus - ok
12:52:46.0038 0x0f5c  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:52:46.0038 0x0f5c  VMBusHID - ok
12:52:46.0038 0x0f5c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:52:46.0038 0x0f5c  volmgr - ok
12:52:46.0069 0x0f5c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:52:46.0084 0x0f5c  volmgrx - ok
12:52:46.0100 0x0f5c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:52:46.0100 0x0f5c  volsnap - ok
12:52:46.0147 0x0f5c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:52:46.0147 0x0f5c  vsmraid - ok
12:52:46.0163 0x0f5c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:52:46.0178 0x0f5c  vwifibus - ok
12:52:46.0241 0x0f5c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
12:52:46.0272 0x0f5c  W32Time - ok
12:52:46.0272 0x0f5c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:52:46.0272 0x0f5c  WacomPen - ok
12:52:46.0288 0x0f5c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:52:46.0288 0x0f5c  WANARP - ok
12:52:46.0288 0x0f5c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:52:46.0288 0x0f5c  Wanarpv6 - ok
12:52:46.0397 0x0f5c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:52:46.0413 0x0f5c  WatAdminSvc - ok
12:52:46.0522 0x0f5c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
12:52:46.0538 0x0f5c  wbengine - ok
12:52:46.0569 0x0f5c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:52:46.0569 0x0f5c  WbioSrvc - ok
12:52:46.0616 0x0f5c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:52:46.0631 0x0f5c  wcncsvc - ok
12:52:46.0647 0x0f5c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:52:46.0647 0x0f5c  WcsPlugInService - ok
12:52:46.0663 0x0f5c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:52:46.0663 0x0f5c  Wd - ok
12:52:46.0725 0x0f5c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:52:46.0741 0x0f5c  Wdf01000 - ok
12:52:46.0788 0x0f5c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:52:46.0803 0x0f5c  WdiServiceHost - ok
12:52:46.0803 0x0f5c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:52:46.0819 0x0f5c  WdiSystemHost - ok
12:52:46.0866 0x0f5c  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
12:52:46.0897 0x0f5c  WebClient - ok
12:52:46.0913 0x0f5c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:52:46.0928 0x0f5c  Wecsvc - ok
12:52:46.0944 0x0f5c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:52:46.0944 0x0f5c  wercplsupport - ok
12:52:46.0959 0x0f5c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:52:46.0975 0x0f5c  WerSvc - ok
12:52:46.0975 0x0f5c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:52:46.0975 0x0f5c  WfpLwf - ok
12:52:46.0991 0x0f5c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:52:46.0991 0x0f5c  WIMMount - ok
12:52:47.0006 0x0f5c  WinDefend - ok
12:52:47.0022 0x0f5c  WinHttpAutoProxySvc - ok
12:52:47.0100 0x0f5c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:52:47.0116 0x0f5c  Winmgmt - ok
12:52:47.0241 0x0f5c  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
12:52:47.0272 0x0f5c  WinRM - ok
12:52:47.0350 0x0f5c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:52:47.0350 0x0f5c  WinUsb - ok
12:52:47.0428 0x0f5c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:52:47.0459 0x0f5c  Wlansvc - ok
12:52:47.0506 0x0f5c  [ 680A7846370000D20D7E74917D5B7936, 55B77B358039672845D361CA4205F3482D1F30A4654B610FD785A1337EFDC316 ] WmBEnum         C:\Windows\system32\drivers\WmBEnum.sys
12:52:47.0506 0x0f5c  WmBEnum - ok
12:52:47.0553 0x0f5c  [ 14C35BA8189C6F65D839163AA285E954, 8981AA488320C75E26E1ABDF884B721A4065F5D28F54782598B03F21B8CDC020 ] WmFilter        C:\Windows\system32\drivers\WmFilter.sys
12:52:47.0553 0x0f5c  WmFilter - ok
12:52:47.0584 0x0f5c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:52:47.0584 0x0f5c  WmiAcpi - ok
12:52:47.0647 0x0f5c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:52:47.0647 0x0f5c  wmiApSrv - ok
12:52:47.0678 0x0f5c  WMPNetworkSvc - ok
12:52:47.0678 0x0f5c  [ 8488DD91A3EE54A8E29F02AD7BB8201E, D428ED991D9E4A8765C240B21884A262854278698D60862117AC5949713231F9 ] WmVirHid        C:\Windows\system32\drivers\WmVirHid.sys
12:52:47.0678 0x0f5c  WmVirHid - ok
12:52:47.0694 0x0f5c  [ 14802B3A30AA849C97CB968CCC813BF3, 330AD828ABD040ECDBF58F7162978CD61BFC093CAD404FD2BCAC74E3F2EC542A ] WmXlCore        C:\Windows\system32\drivers\WmXlCore.sys
12:52:47.0709 0x0f5c  WmXlCore - ok
12:52:47.0725 0x0f5c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:52:47.0741 0x0f5c  WPCSvc - ok
12:52:47.0772 0x0f5c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:52:47.0788 0x0f5c  WPDBusEnum - ok
12:52:47.0819 0x0f5c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:52:47.0819 0x0f5c  ws2ifsl - ok
12:52:47.0850 0x0f5c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
12:52:47.0850 0x0f5c  wscsvc - ok
12:52:47.0897 0x0f5c  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
12:52:47.0897 0x0f5c  WSDPrintDevice - ok
12:52:47.0897 0x0f5c  WSearch - ok
12:52:48.0038 0x0f5c  [ 3D4032E6A5885C007AEF4BA816AB4032, 21EB2B5B5A64EED44B5B7743820842205175F52A6F5525BD0F95DCB2733F449C ] wuauserv        C:\Windows\system32\wuaueng.dll
12:52:48.0084 0x0f5c  wuauserv - ok
12:52:48.0116 0x0f5c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:52:48.0116 0x0f5c  WudfPf - ok
12:52:48.0147 0x0f5c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:52:48.0147 0x0f5c  WUDFRd - ok
12:52:48.0178 0x0f5c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:52:48.0178 0x0f5c  wudfsvc - ok
12:52:48.0225 0x0f5c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:52:48.0241 0x0f5c  WwanSvc - ok
12:52:48.0288 0x0f5c  [ 2C6BC21B2D5B58D8B1D638C1704CB494, 0AABCEB627E274E338DDD9BA664BAA128D7C00AF04C95C776C2AFFA6BB17F680 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
12:52:48.0303 0x0f5c  xusb21 - ok
12:52:48.0303 0x0f5c  ================ Scan global ===============================
12:52:48.0334 0x0f5c  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
12:52:48.0397 0x0f5c  [ 96AEEE466EA56AF34AE4AD5E55DAD164, 467DA5C29E04E02520974163AEBF7FAA3DED8212A765616C0D877E4F36AD173C ] C:\Windows\system32\winsrv.dll
12:52:48.0413 0x0f5c  [ 96AEEE466EA56AF34AE4AD5E55DAD164, 467DA5C29E04E02520974163AEBF7FAA3DED8212A765616C0D877E4F36AD173C ] C:\Windows\system32\winsrv.dll
12:52:48.0459 0x0f5c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:52:48.0506 0x0f5c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
12:52:48.0522 0x0f5c  [ Global ] - ok
12:52:48.0522 0x0f5c  ================ Scan MBR ==================================
12:52:48.0522 0x0f5c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:52:48.0709 0x0f5c  \Device\Harddisk0\DR0 - ok
12:52:48.0709 0x0f5c  ================ Scan VBR ==================================
12:52:48.0709 0x0f5c  [ BD0BCA1C5CAC0E22CC0B2339F70E8303 ] \Device\Harddisk0\DR0\Partition1
12:52:48.0772 0x0f5c  \Device\Harddisk0\DR0\Partition1 - ok
12:52:48.0788 0x0f5c  [ 5AE94EB2F394365DCC009F2E13949309 ] \Device\Harddisk0\DR0\Partition2
12:52:48.0834 0x0f5c  \Device\Harddisk0\DR0\Partition2 - ok
12:52:48.0834 0x0f5c  ================ Scan generic autorun ======================
12:52:48.0991 0x0f5c  [ DC2755EB981280C312E7BE5EE8CF5D62, 4E52976235B1D2E756235F988709D84E9D83D60927138376BDE1405902997997 ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
12:52:49.0022 0x0f5c  IntelliPoint - ok
12:52:49.0084 0x0f5c  [ ED43758BF94B8A5221D69F1B7F63F13D, F6E7418823E45085F4D4F50DD25A55ED517C0A335C6C2F69A1139B30677D3DA9 ] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
12:52:49.0100 0x0f5c  XboxStat - ok
12:52:49.0319 0x0f5c  [ E250A6257C93C9C504497D85BBF9AB7A, 4CD2E5958A7658E3A533E26DDD29C843640C9086A11AA925DDB8F983D2AC0F25 ] C:\Program Files\AMD\CNext\CNext\cnext.exe
12:52:49.0397 0x0f5c  StartCN - ok
12:52:49.0663 0x0f5c  [ EED665FF8003D08E3A0F16E3EA216BF3, 3E4BEA3FDAFEDE0608682031A638CCE21B96EFDC05EC8AC7688C34AD947367A3 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
12:52:49.0772 0x0f5c  AvastUI.exe - ok
12:52:50.0038 0x0f5c  [ E93D62A6DB736AA82A3EEDDFDFE73311, 96EC57F66EE1A36580536518A814299DE6D5DACC0026F5A659B41918434ED8FA ] C:\Program Files\CCleaner\CCleaner64.exe
12:52:50.0163 0x0f5c  CCleaner Monitoring - ok
12:52:50.0194 0x0f5c  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2253.1653 ), 0x41000 ( enabled : updated )
12:52:50.0194 0x0f5c  Win FW state via NFP2: enabled ( trusted )
12:52:50.0194 0x0f5c  ============================================================
12:52:50.0194 0x0f5c  Scan finished
12:52:50.0194 0x0f5c  ============================================================
12:52:50.0194 0x09c8  Detected object count: 0
12:52:50.0194 0x09c8  Actual detected object count: 0
 
 
aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2016-03-03 22:07:19
-----------------------------
22:07:19.538    OS Version: Windows x64 6.1.7601 Service Pack 1
22:07:19.538    Number of processors: 4 586 0x1E05
22:07:19.538    ComputerName: HOMER-I5  UserName: Hd
22:07:20.631    Initialize success
22:07:23.209    AVAST engine defs: 16030301
22:07:26.100    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5
22:07:26.100    Disk 0 Vendor: WDC_WD20EADS-14R6B0 01.00A01 Size: 1907729MB BusType: 3
22:07:26.303    Disk 0 MBR read successfully
22:07:26.303    Disk 0 MBR scan
22:07:26.772    Disk 0 Windows 7 default MBR code
22:07:26.772    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS       334031 MB offset 63
22:07:26.803    Disk 0 default boot code
22:07:26.913    Disk 0 Partition - 00     05       Extended           1573697 MB offset 684095895
22:07:26.944    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS      1573695 MB offset 684095958
22:07:26.991    Disk 0 scanning C:\Windows\system32\drivers
22:07:41.288    Service scanning
22:08:02.444    Modules scanning
22:08:02.444    Disk 0 trace - called modules:
22:08:02.475    ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt53.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
22:08:02.491    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800aec1060]
22:08:02.491    3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa800aca0e30]
22:08:02.506    5 vsflt53.sys[fffff88001088cfd] -> nt!IofCallDriver -> [0xfffffa800ab86520]
22:08:02.522    7 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-5[0xfffffa800ab83680]
22:08:03.209    AVAST engine scan C:\
02:45:55.709    Disk 0 statistics 38889881/0/0 @ 1.26 MB/s
02:45:55.709    Scan finished successfully
11:27:50.288    Disk 0 MBR has been saved successfully to "D:\Anime\MBR.dat"
11:27:50.350    The log file has been saved successfully to "D:\Anime\aswMBR.txt"
 
 


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 05 March 2016 - 08:35 AM


Disabling the CD emulator remove the unknow error in your Master Boot record.

defogger_disable by jpshortstuff (23.02.10.1
Log created at 11:51 on 04/03/2016 (Hd)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)



DO NOT ENABLE the CD emulator just yet.
---

Unmountable boot volume
***STOP:0x00000ED (0xFFFFFA800A076CB0, 0XFFFFFFFFC000014F, 0x000000000000000, 0x00000000000000000)


See if you can correct this error.

Navigate to this page.
http://www.sevenforums.com/bsod-help-support/213627-bsod-startup-error-0x000000ed.html

Do the Chkdsk as suggested by writhziden

Any luck.

#13 Hdeleon

Hdeleon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 05 March 2016 - 10:35 PM

 am running the chkdsks now. Hoping all goes well, thanks!



#14 Hdeleon

Hdeleon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 06 March 2016 - 04:04 PM

I tried scheduling a chkdsk via command prompt, but on restart I would get a BSOD. I restarted again, and computer froze, restarted again, and went to sleep while windows was hanging while loading safe mode drivers.

 

Wake up several hours later, and the computer seems to be OK. Rebooting now only takes a minute or two instead of 24. Weird thing is, the chkdsk log (assuming I am looking at the right one) doesn't seem to have found any errors? Perhaps I am not reading it right (enclosed).

 

Anyway, thank you so much for getting me this far. Hopefully, the dragon has been slain and I can get back to normal life. If you have any recommendations for final checks I can do to see if I am clean or not , please let me know.

 

Thanks

 

The type of the file system is NTFS.
Volume label is Programs.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  479488 file records processed.                                          File verification completed.
  2491 large file records processed.                                      0 bad file records processed.                                        2 EA records processed.                                              9804 reparse records processed.                                       CHKDSK is verifying indexes (stage 2 of 5)...
  590262 index entries processed.                                         Index verification completed.
  0 unindexed files scanned.                                           0 unindexed files recovered.                                       CHKDSK is verifying security descriptors (stage 3 of 5)...
  479488 file SDs/SIDs processed.                                         Security descriptor verification completed.
  55388 data files processed.                                            CHKDSK is verifying Usn Journal...
  35532008 USN bytes processed.                                             Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  479472 files processed.                                                 File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  4946106 free clusters processed.                                         Free space verification is complete.
Windows has checked the file system and found no problems.
 
 342047912 KB total disk space.
 321479908 KB in 323940 files.
    188772 KB in 55389 indexes.
         0 KB in bad sectors.
    594808 KB in use by the system.
     65536 KB occupied by the log file.
  19784424 KB available on disk.
 
      4096 bytes in each allocation unit.
  85511978 total allocation units on disk.
   4946106 allocation units available on disk.
 
Internal Info:
00 51 07 00 d1 c8 05 00 1c b9 0a 00 00 00 00 00  .Q..............
c9 02 00 00 4c 26 00 00 00 00 00 00 00 00 00 00  ....L&..........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.


#15 Hdeleon

Hdeleon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 06 March 2016 - 04:16 PM

Also, here is chkdsk log from my d drive:

 

Chkdsk was executed in read/write mode.  
 
Checking file system on D:
The type of the file system is NTFS.
Volume label is Media.
 
CHKDSK is verifying files (stage 1 of 5)...
  247296 file records processed.                                          File verification completed.
  25449 large file records processed.                                      0 bad file records processed.                                        0 EA records processed.                                              1 reparse records processed.                                       CHKDSK is verifying indexes (stage 2 of 5)...
  261016 index entries processed.                                         Index verification completed.
  0 unindexed files scanned.                                           0 unindexed files recovered.                                       CHKDSK is verifying security descriptors (stage 3 of 5)...
  247296 file SDs/SIDs processed.                                         Cleaning up 64 unused index entries from index $SII of file 0x9.
Cleaning up 64 unused index entries from index $SDH of file 0x9.
Cleaning up 64 unused security descriptors.
Security descriptor verification completed.
  6861 data files processed.                                            CHKDSK is verifying Usn Journal...
  35306936 USN bytes processed.                                             Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  247280 files processed.                                                 File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  60442800 free clusters processed.                                         Free space verification is complete.
Windows has checked the file system and found no problems.
 
1611464052 KB total disk space.
1369246808 KB in 114634 files.
     44352 KB in 6862 indexes.
         0 KB in bad sectors.
    401688 KB in use by the system.
     65536 KB occupied by the log file.
 241771204 KB available on disk.
 
      4096 bytes in each allocation unit.
 402866013 total allocation units on disk.
  60442801 allocation units available on disk.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users