Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Default browser + calculator opening randomly


  • This topic is locked This topic is locked
22 replies to this topic

#1 Walrusface

Walrusface

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 27 March 2016 - 12:01 PM

Default browser and/or windows calculator will open randomly, single or multiple instances. The browser tab I have open will reset to home page, and lastly my speakers will change their volume or mute.

 

Here is a link to my previous post in the "am I infected" section: http://www.bleepingcomputer.com/forums/t/608668/default-browser-calculator-opening-randomly/

 

Attached are both of the FRST logs.

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 27 March 2016 - 03:07 PM

Hello Walrusface and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
     
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 27 March 2016 - 04:56 PM

Hi Walrusface

ProxyServer: [S-1-5-21-572955093-3903481538-3187151276-1001] => http=127.0.0.1:59859

Proxy setting of you did and do you use VPN
===================================================

C:\Program Files (x86)\PoESkillTree - Ascendancy
C:\Program Files (x86)\ASlave

 Do you use this softwares and you uploaded did you ?


Edited by olgun52, 27 March 2016 - 05:55 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 Walrusface

Walrusface
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 27 March 2016 - 06:01 PM

No, I do not use a VPN and to my knowledge have never used one. The second one, PoEskilltree program is something that I downloaded and use.



#5 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 27 March 2016 - 06:23 PM

Okay. Well  ASlave software ?

=====================================================

Uninstall some programs:
We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • BitTorrent
  • LimeWire
  • AVG-Secure-Search
  • IObit
  • Advanced SystemCare 8
  • IObit Uninstaller
  • Smart Defrag 4
  • C:\Program Files (x86)\IObit

After completing uninstalls, please manually reboot your machine!

:step1:    If you get the message like: An error occurred while trying to uninstall, just press Yes.
:step2:    If you are unable to uninstall all programs, please inform me, but continue with other steps.

=============================================================================

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 Walrusface

Walrusface
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 28 March 2016 - 07:41 AM

Ok, log results are below - BitTorrent, Limewire + AVGSecureSearch were not in the list, uninstalled the rest. BitTorrent and AVGSecureSearch were removed during the last thread, and Limewire was uninstalled a long time ago to my knowledge. As for ASlave, not sure what that was but it's also something that was already uninstalled from what I can see.

 

Zemana AntiMalware 2.20.179.100 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/3/28
Operating System       : Windows 10 64-bit
Processor              : 4X AMD Athlon™ II X4 630 Processor
BIOS Mode              : Legacy
CUID                   : 007B450C381C15446DBB8C
Scan Type              : Smart Scan
Duration               : 4m 42s
Scanned Objects        : 8213
Detected Objects       : 2
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : ON
Detect All Extensions  : OFF
Scan Documents         : OFF
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Generic Root Trust CA
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CE1A3553BA6155DA5160097B4B1EA1FF4CBA7195\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CE1A3553BA6155DA5160097B4B1EA1FF4CBA7195\Blob = 190000000100000010000000C3C6FF7213FE624BAE4831301BA17D09140000000100000014000000CE5FBC70E3290C4537046BC28AEAB9783D4E602D0B000000010000002C000000470065006E006500720069006300200052006F006F0074002000540072007500730074002000430041000000030000000100000014000000CE1A3553BA6155DA5160097B4B1EA1FF4CBA71950F0000000100000014000000AC596AC410AD9E88C97A631F2030F3D90D3C1A6504000000010000001000000010FD129C4DE26F6B67B096D644CBEBC720000000010000005F0500003082055B30820347A00302010202100886B0C22AD1139740DCD1C5783A43BE300906052B0E03021D05003020311E301C0603550403131547656E6572696320526F6F74205472757374204341301E170D3034303632373231303030305A170D3339313233313233353935395A3020311E301C0603550403131547656E6572696320526F6F7420547275737420434130820222300D06092A864886F70D01010105000382020F003082020A0282020100E3F7A3A92E8A1E450184F610ED122E2E95F8EEBEF310D633B33FB5B74BFB539EFB02511F2891D0CCCDE451EB360F00F93BD1C48C552899EA1B5FB973A6020F9B01871C0582810180EADD97FAC039B9F10265CA11BEC2BA9FEF5ED5530D0FF52FEF0E3EFA2A57CD716C588B379D5D836B7739A555F7FD035B04603CFA8767E2A4EDEF7BD8476C7E2D7F8856BD85B64B06489F0471EB45495FCC31E8197156009743BE16AE92FE2BF05B655856AF13B6EA148D4AAAECCD264CE8384FCFA0F814FB079395A129514DA2840EB2D6EEA591CE52DA683B484876437D54166FE8BCB77197589E328227D74F2766D137E1FEB53E6C7BA0DD6967C8B1B1D2486FFFC5346227335F938D023A9D3526BD7F956347D615685806E1B9331BD471C66A5BA65E0BE19DE81A32BA1E462B3E54B903D33EF4FC6B1FA54412201E485A3FBFD2E150043100860471C17CE2E769627C15A99910945502FEC75CC8C96C0744D86EF3237F49182760F5AB921EEEDC9925E13C9FDA8F2AE1F22359975D4FB96CE2FE1CC7E846180F504039A681573487E9FEF3CF0CA8E75B07D54C4B8D02B3E24B2CF4F66EA5F93D89D06D63634619D5F22862A42923F1A1A7FFB24C3652B432634994B2F711F25C855D79614A63ED4376AD7974C6DA2A7859DCAE775C6F3D691B90276A3A68A4C7D05E01F7FA3EA3BCF5903C744B4A62742042EAA3FBA041CDC1560CDAA90203010001A38198308195300F0603551D130101FF040530030101FF302F0603551D1F042830263024A022A020861E687474703A2F2F63726C2E67727369676E2E636F6D2F726F6F742E63726C30510603551D01044A3048801081CCA285444BBDF62F30A7426F3C0525A1223020311E301C0603550403131547656E6572696320526F6F7420547275737420434182100886B0C22AD1139740DCD1C5783A43BE300906052B0E03021D05000382020100DDFF3647576E7AE7A101FB531683247AF3276623F6CFABA169B78039019FAD7D1297E568E8D8FD115F431F8FFAB1DED33BC78159F3277CDBC1E21B7C54300F21D26B1CF7C6DFF5EE507FDBFCC0D71B67462EFC664ABEC83F11D1C04D064129B4FB794893B46E87E8068774575DED1C66B90C5DBF59FD188495116301FC109F2314BB0AB2D2201339D9D0D2BFC11F4CA78340F3D221788E887DC62D38554BDC8C5CD928A7EE33F63559DF868192C667215B4D7B917E383D365CAFF123987F05E0B340B5083C87F037725D525136C5CCDA2ACDC2D229AD6794A764A1BEF40FBAB55E3A0D432124C449EF956AFB0E75C388C629189D0D065956A81179BBB96D9E29B1C994FA8EB1AD2BB87467BCEF4749FED2197F4A3D8AE58B6765041B7D7FEC600E62E05707998D480CB81C2F2125D0C41504FC0449BBF7FC97E028E37357EC9FEB96D35721428633527FFEF4D1E34BCA9DEB16B1AD1D682DC199B654DAF18BF6F1699C47AD9A2C8109F5A3053745CC196D3474D94AC9BC78E7C0D6B198A890B506E74D9F3989D1A6C5DEFF18B4AF9680AD945F7EA46C116A57E6A117FF6D1014EDD19A8C55260B40EA310FEEEED5BFB42BAF8CAABD20CBB6263289DAB5E1BB3023417BF97ED5D14C91106D2473BC71DE95BFCDEB18093FD8B78FAEA0F8BFA8FA2348CCC289CB5CC76A37701842661A40E9EE0DDED2A3ABBA0F29E761D9E7F8DC

Proxy Server (User)
Status             : Scanned
Object             : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Setting
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = http=127.0.0.1:59859


Cleaning Result
-------------------------------------------------------
Cleaned               : 2
Reported as safe      : 0
Failed                : 0
 


Edited by Walrusface, 28 March 2016 - 07:43 AM.


#7 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 28 March 2016 - 03:37 PM

Thanks for logs.

 

''Odium Demo''

Do you use this program ?

===================================

Please do the following.

Step 1:

FRST Script:

Please download this attached  Attached File  Fixlist.txt   11.15KB   7 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Regards.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 Walrusface

Walrusface
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 29 March 2016 - 06:59 AM

Odium demo was already uninstalled, but I recognise it. Here are the logs:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Craig (2016-03-28 22:12:18) Run:1
Running from C:\Users\Craig\Desktop
Loaded Profiles: Craig (Available Profiles: Craig & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Task: {0366329D-E6BF-4556-B724-C1CB42F72B34} - System32\Tasks\{9DC3D1FB-6214-4EF1-BB19-6C7EED8B6E84} => pcalua.exe -a D:\BullGuardInstaller.exe -d D:\
Task: {0BCA28D5-09AF-4C67-8327-2FB4B2A8799E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {0FB05D04-4CBD-424B-A6E4-2F8F729615D7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3458D341-5558-42F0-898E-CB4F2122962E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {565FF282-ECBC-4096-8735-4968A0FDC249} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6207D7C3-BBBD-42D6-B6AF-D2F2D9B33774} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {65E90B96-545E-42B7-870D-E4F013893F6D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7DB17C38-535A-4B04-9245-F4CCDB7CC2A7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C718E335-F695-4755-A9F2-66BB7CE3782D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CBD999F6-7AFE-4BE5-94DE-4BA77C919241} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E8A75014-7BC4-4145-94CA-E43BED802064} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FB5FAEBF-272B-4B10-8E25-E9D19465EE5D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FC407AC8-D16B-44AD-B27D-6C6959EBCF67} - System32\Tasks\ASC4_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA [252]
AlternateDataStreams: C:\Users\Craig\Desktop\Default.ini:crc [20]
AlternateDataStreams: C:\Users\Craig\Desktop\VGClient.exe:crc [21]
AlternateDataStreams: C:\Users\Craig\Desktop\VGClient.int:crc [21]
HKU\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Classes\.exe:  =>  <===== ATTENTION
FirewallRules: [TCP Query User{44F5A8B6-C6F5-425F-B14E-F313E075F173}C:\users\craig\appdata\local\temp\i1451829620\windows\resource\jre\bin\javaw.exe] => (Block) C:\users\craig\appdata\local\temp\i1451829620\windows\resource\jre\bin\javaw.exe
FirewallRules: [UDP Query User{7D34C57F-A855-41F0-8CE2-7A4A404BDFC0}C:\users\craig\appdata\local\temp\i1451829620\windows\resource\jre\bin\javaw.exe] => (Block) C:\users\craig\appdata\local\temp\i1451829620\windows\resource\jre\bin\javaw.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.overclockers.co.uk
HKU\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.overclockers.co.uk
URLSearchHook: HKU\S-1-5-21-572955093-3903481538-3187151276-1001 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-572955093-3903481538-3187151276-1001 -> {59982010-2A9B-42ad-B2EE-C8C3A42485DA} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
FF ProfilePath: C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\6hp98ec7.default
FF SelectedSearchEngine: Google
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 59859
FF Plugin-x32: @gamersfirst.com/LiveLauncher -> C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\6hp98ec7.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll [No File]
FF Extension: CSHelper - C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\6hp98ec7.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473} [2015-05-30]
FF Extension: Yummy Games Player - C:\Program Files (x86)\Mozilla Firefox\extensions\YPlayer@yummy.net [2016-03-19] [not signed]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll => No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll => No File
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll => No File
CHR Plugin: (IGN Download Manager Plug-in) - C:\Program Files (x86)\Download Manager\npfpdlm.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll => No File
CHR Plugin: (Heroes & Generals live) - C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll => No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll => No File
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll => No File
CHR Plugin: (SOE Web Installer) - C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\6hp98ec7.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
C:\Users\Craig\AppData\Roaming\ProductData
C:\Users\Craig\AppData\Roaming\PoESkillTree - Ascendancy
C:\Users\Craig\AppData\Roaming\{B5012C21-ECA4-41AF-ABD1-F549D019B7A9}
C:\Users\Craig\AppData\Roaming\BitTorrent
C:\WINDOWS\Tasks\ASC8_SkipUac_Craig.job
C:\Users\Craig\AppData\Roaming\Spotify
C:\ProgramData\lFpGiPj06502
C:\Users\Craig\AppData\Roaming\vlc
C:\Users\Craig\AppData\Roaming\NexonLauncher
C:\Users\Craig\AppData\Roaming\Team K17
C:\Users\Craig\AppData\Roaming\IGN_DLM
C:\Users\Craig\AppData\Roaming\Splitscreen Studios
C:\Users\Craig\AppData\Local\prvlcl.dat
C:\Users\Craig\AppData\Roaming\DVD Flick
2012-08-23 19:41 - 2013-09-25 18:30 - 0000118 _____ () C:\Users\Craig\AppData\Roaming\Camdata.ini
2012-08-23 19:41 - 2013-09-25 18:30 - 0000408 _____ () C:\Users\Craig\AppData\Roaming\CamLayout.ini
2012-08-23 19:41 - 2013-09-25 18:30 - 0000408 _____ () C:\Users\Craig\AppData\Roaming\CamShapes.ini
2012-08-23 19:41 - 2013-09-25 18:30 - 0004416 _____ () C:\Users\Craig\AppData\Roaming\CamStudio.cfg
2010-12-26 00:57 - 2010-12-26 01:10 - 0002759 _____ () C:\Users\Craig\AppData\Roaming\E6BE.C20
2010-03-03 19:33 - 2010-03-03 19:33 - 0055088 _____ () C:\Users\Craig\AppData\Roaming\icarus-dxdiag.xml
2014-06-19 12:37 - 2014-06-19 12:37 - 0000024 _____ () C:\Users\Craig\AppData\Roaming\temp.ini
2013-03-22 19:46 - 2013-03-22 19:46 - 0000049 _____ () C:\Users\Craig\AppData\Roaming\TheHunterSettings_live.cfg
C:\Users\Craig\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Craig\AppData\Local\prvlcl.dat
C:\Users\Craig\AppData\Local\Resmon.ResmonCfg
C:\Users\Craig\AppData\Local\Temp\BRSVC_34049109_hlp.exe
Task: {1F65E09B-58BF-4BAF-AD7D-D169FA544AD3} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-08-12] (IObit)
Task: {293DE8A2-2D7D-437C-97DB-A5DDBD9CED8E} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {44BAF631-477A-443D-B75D-AF5C51F504CF} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {48D1692C-1536-4CBE-9B5B-8B9571B069B9} - System32\Tasks\ASC8_SkipUac_Craig => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-08-17] (IObit)
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Craig.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
2015-04-02 23:00 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-04-02 22:55 - 2013-01-15 19:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2015-04-02 23:00 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-04-02 23:00 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-04-02 23:00 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
HKU\S-1-5-21-572955093-3903481538-3187151276-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
2016-03-24 14:30 - 2015-04-02 22:55 - 00002254 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
ProxyServer: [S-1-5-21-572955093-3903481538-3187151276-1001] => http=127.0.0.1:59859
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
end
Reboot:



*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0366329D-E6BF-4556-B724-C1CB42F72B34}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0366329D-E6BF-4556-B724-C1CB42F72B34}" => key removed successfully
C:\WINDOWS\System32\Tasks\{9DC3D1FB-6214-4EF1-BB19-6C7EED8B6E84} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9DC3D1FB-6214-4EF1-BB19-6C7EED8B6E84}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0BCA28D5-09AF-4C67-8327-2FB4B2A8799E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BCA28D5-09AF-4C67-8327-2FB4B2A8799E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FB05D04-4CBD-424B-A6E4-2F8F729615D7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FB05D04-4CBD-424B-A6E4-2F8F729615D7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3458D341-5558-42F0-898E-CB4F2122962E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3458D341-5558-42F0-898E-CB4F2122962E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{565FF282-ECBC-4096-8735-4968A0FDC249}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{565FF282-ECBC-4096-8735-4968A0FDC249}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6207D7C3-BBBD-42D6-B6AF-D2F2D9B33774}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6207D7C3-BBBD-42D6-B6AF-D2F2D9B33774}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65E90B96-545E-42B7-870D-E4F013893F6D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65E90B96-545E-42B7-870D-E4F013893F6D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7DB17C38-535A-4B04-9245-F4CCDB7CC2A7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DB17C38-535A-4B04-9245-F4CCDB7CC2A7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C718E335-F695-4755-A9F2-66BB7CE3782D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C718E335-F695-4755-A9F2-66BB7CE3782D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBD999F6-7AFE-4BE5-94DE-4BA77C919241}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBD999F6-7AFE-4BE5-94DE-4BA77C919241}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8A75014-7BC4-4145-94CA-E43BED802064}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8A75014-7BC4-4145-94CA-E43BED802064}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB5FAEBF-272B-4B10-8E25-E9D19465EE5D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB5FAEBF-272B-4B10-8E25-E9D19465EE5D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FC407AC8-D16B-44AD-B27D-6C6959EBCF67}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC407AC8-D16B-44AD-B27D-6C6959EBCF67}" => key removed successfully
C:\WINDOWS\System32\Tasks\ASC4_PerformanceMonitor => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC4_PerformanceMonitor" => key removed successfully
C:\ProgramData\TEMP => ":553CA6CA" ADS removed successfully.
C:\Users\Craig\Desktop\Default.ini => ":crc" ADS removed successfully.
C:\Users\Craig\Desktop\VGClient.exe => ":crc" ADS removed successfully.
C:\Users\Craig\Desktop\VGClient.int => ":crc" ADS removed successfully.
"HKU\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Classes\.exe" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{44F5A8B6-C6F5-425F-B14E-F313E075F173}C:\users\craig\appdata\local\temp\i1451829620\windows\resource\jre\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7D34C57F-A855-41F0-8CE2-7A4A404BDFC0}C:\users\craig\appdata\local\temp\i1451829620\windows\resource\jre\bin\javaw.exe => value removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfully
HKU\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value removed successfully
HKU\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-572955093-3903481538-3187151276-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{59982010-2A9B-42ad-B2EE-C8C3A42485DA}" => key removed successfully
HKCR\CLSID\{59982010-2A9B-42ad-B2EE-C8C3A42485DA} => key not found.
FF ProfilePath: C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\6hp98ec7.default => FRST is scripted not to move this directory.
Firefox SelectedSearchEngine removed successfully
Firefox Proxy settings were reset.
FF NetworkProxy: "http_port", 59859 => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@gamersfirst.com/LiveLauncher" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@soe.sony.com/installer,version=1.0.3" => key removed successfully
C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\6hp98ec7.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473} => moved successfully
C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\6hp98ec7.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473} => path removed successfully
C:\Program Files (x86)\Mozilla Firefox\extensions\YPlayer@yummy.net => moved successfully
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll => not found.
C:\Program Files (x86)\Download Manager\npfpdlm.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => not found.
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll => not found.
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll => not found.
C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\6hp98ec7.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => key removed successfully
C:\Users\Craig\AppData\Roaming\ProductData => moved successfully
C:\Users\Craig\AppData\Roaming\PoESkillTree - Ascendancy => moved successfully
C:\Users\Craig\AppData\Roaming\{B5012C21-ECA4-41AF-ABD1-F549D019B7A9} => moved successfully
C:\Users\Craig\AppData\Roaming\BitTorrent => moved successfully
"C:\WINDOWS\Tasks\ASC8_SkipUac_Craig.job" => not found.
C:\Users\Craig\AppData\Roaming\Spotify => moved successfully
C:\ProgramData\lFpGiPj06502 => moved successfully
C:\Users\Craig\AppData\Roaming\vlc => moved successfully
C:\Users\Craig\AppData\Roaming\NexonLauncher => moved successfully
C:\Users\Craig\AppData\Roaming\Team K17 => moved successfully
C:\Users\Craig\AppData\Roaming\IGN_DLM => moved successfully
C:\Users\Craig\AppData\Roaming\Splitscreen Studios => moved successfully
C:\Users\Craig\AppData\Local\prvlcl.dat => moved successfully
C:\Users\Craig\AppData\Roaming\DVD Flick => moved successfully
C:\Users\Craig\AppData\Roaming\Camdata.ini => moved successfully
C:\Users\Craig\AppData\Roaming\CamLayout.ini => moved successfully
C:\Users\Craig\AppData\Roaming\CamShapes.ini => moved successfully
C:\Users\Craig\AppData\Roaming\CamStudio.cfg => moved successfully
C:\Users\Craig\AppData\Roaming\E6BE.C20 => moved successfully
C:\Users\Craig\AppData\Roaming\icarus-dxdiag.xml => moved successfully
C:\Users\Craig\AppData\Roaming\temp.ini => moved successfully
C:\Users\Craig\AppData\Roaming\TheHunterSettings_live.cfg => moved successfully
C:\Users\Craig\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
"C:\Users\Craig\AppData\Local\prvlcl.dat" => not found.
C:\Users\Craig\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\Craig\AppData\Local\Temp\BRSVC_34049109_hlp.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F65E09B-58BF-4BAF-AD7D-D169FA544AD3} => key not found.
C:\WINDOWS\System32\Tasks\ASC8_PerformanceMonitor => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC8_PerformanceMonitor => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{293DE8A2-2D7D-437C-97DB-A5DDBD9CED8E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{293DE8A2-2D7D-437C-97DB-A5DDBD9CED8E}" => key removed successfully
C:\WINDOWS\System32\Tasks\Game_Booster_AutoUpdate => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Booster_AutoUpdate" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44BAF631-477A-443D-B75D-AF5C51F504CF} => key not found.
C:\WINDOWS\System32\Tasks\SmartDefrag4_Update => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag4_Update => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48D1692C-1536-4CBE-9B5B-8B9571B069B9} => key not found.
C:\WINDOWS\System32\Tasks\ASC8_SkipUac_Craig => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC8_SkipUac_Craig => key not found.
C:\WINDOWS\Tasks\ASC8_SkipUac_Craig.job => not found.
"C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll" => not found.
"C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll" => not found.
"C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl" => not found.
"C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl" => not found.
"C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl" => not found.
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe => No running process found
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe => No running process found
C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe => No running process found
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe => No running process found
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe => No running process found
HKU\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 8 => value not found.
AdvancedSystemCareService8 => service not found.
LiveUpdateSvc => service removed successfully
SmartDefragDriver => service not found.
WinRing0_1_2_0 => service removed successfully
"C:\Users\Public\Desktop\Advanced SystemCare 8.lnk" => not found.
HKU\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-572955093-3903481538-3187151276-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-572955093-3903481538-3187151276-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 526.9 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 22:17:42 ====

 

# AdwCleaner v5.107 - Logfile created 28/03/2016 at 22:49:11
# Updated 28/03/2016 by Xplode
# Database : 2016-03-28.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Craig - CRAIG-PC
# Running from : C:\Users\Craig\Desktop\adwcleaner_5.107.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [598 bytes] - [28/03/2016 22:49:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [670 bytes] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 10 Home x64
Ran by Craig (Administrator) on 03/28/2016 at 23:01:55.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\ProgramData\productdata (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/28/2016 at 23:05:57.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 03/28/2016
Scan Time: 11:18 PM
Logfile: MBAMlog.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.03.28.07
Rootkit Database: v2016.03.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Craig

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 465375
Time Elapsed: 49 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#9 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 29 March 2016 - 01:32 PM

Hi walrusface,

 

Step 1:

Run TDSSKiller by Kaspersky

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.

-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

Step 2:

MalwareBytes Anti-Rootkit scan:

  • Close all the running processes
  • Be sure to temporarily disable all antivirus/anti-spyware softwares
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.

:step1: Download MalwareBytes Anti-Rootkit software from here to your desktop.

  • Right-click on Mbar 1.09.1.1004.exe and select Run As Administrator  to launch the application.

:step2: Open a folder with MBAR name on desktop.
:step3: The MBAR folder in the list you find.
:step4: Click once. :step5:  Now click the OK button. :step6: Click the OK button again.

Ashampoo_Snap_2015.05.21_21h16m53s_002__
 
:step7: Then Next and click on the Uptade button
:step8: Now click on the scan button

  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
  • Could not load protection driver'. Click 'OK'.
  • Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please  attach the two log files created by the tool within the folder from which it was run.
  • The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

Step 3:

RogueKiller scan:

  • Please download and run RogueKiller  32/64 bit to your desktop
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  • Click Scan to scan the system.
  • When the scan completes > Close out the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!
  • Post back the report which should be located on your desktop.

Have a nice day.


Edited by olgun52, 29 March 2016 - 01:35 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 Walrusface

Walrusface
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 29 March 2016 - 05:17 PM

Ok, here are the results:

 

20:59:09.0623 0x18a8  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
20:59:12.0482 0x18a8  ============================================================
20:59:12.0482 0x18a8  Current date / time: 2016/03/29 20:59:12.0482
20:59:12.0482 0x18a8  SystemInfo:
20:59:12.0482 0x18a8  
20:59:12.0482 0x18a8  OS Version: 10.0.10586 ServicePack: 0.0
20:59:12.0482 0x18a8  Product type: Workstation
20:59:12.0482 0x18a8  ComputerName: CRAIG-PC
20:59:12.0482 0x18a8  UserName: Craig
20:59:12.0482 0x18a8  Windows directory: C:\WINDOWS
20:59:12.0482 0x18a8  System windows directory: C:\WINDOWS
20:59:12.0482 0x18a8  Running under WOW64
20:59:12.0482 0x18a8  Processor architecture: Intel x64
20:59:12.0482 0x18a8  Number of processors: 4
20:59:12.0482 0x18a8  Page size: 0x1000
20:59:12.0482 0x18a8  Boot type: Normal boot
20:59:12.0482 0x18a8  ============================================================
20:59:13.0107 0x18a8  KLMD registered as C:\WINDOWS\system32\drivers\31575046.sys
20:59:13.0388 0x18a8  System UUID: {601A292A-FCB7-29B7-FCC8-65D9981D9A67}
20:59:13.0904 0x18a8  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:59:13.0919 0x18a8  ============================================================
20:59:13.0919 0x18a8  \Device\Harddisk0\DR0:
20:59:13.0919 0x18a8  MBR partitions:
20:59:13.0919 0x18a8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:59:13.0919 0x18a8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A272000
20:59:13.0919 0x18a8  ============================================================
20:59:13.0935 0x18a8  C: <-> \Device\Harddisk0\DR0\Partition2
20:59:13.0935 0x18a8  ============================================================
20:59:13.0935 0x18a8  Initialize success
20:59:13.0935 0x18a8  ============================================================
20:59:18.0013 0x2128  ============================================================
20:59:18.0013 0x2128  Scan started
20:59:18.0013 0x2128  Mode: Manual;
20:59:18.0013 0x2128  ============================================================
20:59:18.0013 0x2128  KSN ping started
20:59:20.0404 0x2128  KSN ping finished: true
20:59:27.0248 0x2128  ================ Scan system memory ========================
20:59:27.0248 0x2128  System memory - ok
20:59:27.0248 0x2128  ================ Scan services =============================
20:59:27.0357 0x2128  1394ohci - ok
20:59:27.0388 0x2128  [ 2C5B3035B86770ADD2FE9BFBAF5B35A4, 19E16F9144FE3E33B5FF248CF0040AB079ACAE22290B1369CC72AE4CB5FE3A90 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
20:59:27.0388 0x2128  3ware - ok
20:59:27.0435 0x2128  [ A3769020F7E8A70FD3E824C050F33306, BAAB18DD28C753EC90E9552BD5FFC316AD8815505A7998BCE51D21448B373D86 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
20:59:27.0451 0x2128  acedrv11 - ok
20:59:27.0544 0x2128  [ 469441BAE3FF8A16826FC62C51EF5E18, E1204677B87F47222D05F670F8DF3DB65EA0881782A8DCFBE0103478ED71187C ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
20:59:27.0560 0x2128  ACPI - ok
20:59:27.0576 0x2128  acpiex - ok
20:59:27.0591 0x2128  [ C498887123327CDFD73A05E7A2780920, B45392C46254FCB8D79B6C3A82C8D894063199E6167D8E5F7EA7D60C75CD16EA ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
20:59:27.0591 0x2128  acpipagr - ok
20:59:27.0638 0x2128  [ C8DBE6EFFCF014CAA010B9BDDAC833EC, 96FC29340C62A6B0910DCCBF8945F32089FC300F45B451A540B8854D53734298 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
20:59:27.0638 0x2128  AcpiPmi - ok
20:59:27.0654 0x2128  [ 17039DBEB3B7B9ADCDB4B4533AA9771F, A4D38B144639A20B8B31E4F35FB776A028DB502FAC849FC73EECEB3CCD91830B ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
20:59:27.0654 0x2128  acpitime - ok
20:59:27.0826 0x2128  [ A9D55370A0CBADD1E1E2B4796ACD26DF, 9FD0C2B1206321B34D97FF3D01C5C811022DA76DA667DB6ECCF2746437A706A2 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:59:27.0826 0x2128  AdobeFlashPlayerUpdateSvc - ok
20:59:27.0888 0x2128  [ F7D0CD345D2DA42E7042ABCD73662403, 03183F90A994D69066F15C3DFC1D7D7514AEAF46A5AAC059B1FB327F8C30A35C ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
20:59:27.0919 0x2128  ADP80XX - ok
20:59:27.0951 0x2128  AFD - ok
20:59:27.0951 0x2128  [ 870F1A2C936F92B5D053DF7EC75B352F, D617524FD5886D6D3BC2EFBBB5EA310E906454CD7CA7257C3D7BDEA8C4F2DA71 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
20:59:27.0951 0x2128  agp440 - ok
20:59:27.0951 0x2128  ahcache - ok
20:59:27.0966 0x2128  AJRouter - ok
20:59:27.0982 0x2128  ALG - ok
20:59:28.0013 0x2128  [ BBADD85854BFB5D43C60B7AC8EEA3DBA, 968C043ABEA46F5C79525863B3FE2681AC0FA4202036C9EFD20B408DECF407E2 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
20:59:28.0373 0x2128  AMD External Events Utility - ok
20:59:28.0498 0x2128  [ DE51F5BB5C05D4C831ECB6E1A70E1B5E, 465834210ACE469481F75EDBB8532386029BD5277C41D084134E9E71B9BD8371 ] AMD FUEL Service C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
20:59:28.0513 0x2128  AMD FUEL Service - ok
20:59:28.0560 0x2128  [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64        C:\WINDOWS\system32\DRIVERS\amdiox64.sys
20:59:28.0560 0x2128  amdiox64 - ok
20:59:28.0607 0x2128  [ B70F0F2F54B4A4DB6E9C830454752F5A, C882DEAC30812E5FA4479A8CB688603C6AF269EF08236688F4C5E7EBED1D4572 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
20:59:28.0623 0x2128  AmdK8 - ok
20:59:28.0638 0x2128  amdkmdag - ok
20:59:28.0669 0x2128  [ 17BA5C907E14947574CBB788F4CEB85F, EAA3DBF436637C58666A91905E388287FC54334EBB2589A00727EB09AC4870E3 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
20:59:28.0701 0x2128  amdkmdap - ok
20:59:28.0701 0x2128  AmdPPM - ok
20:59:28.0732 0x2128  [ 5B30BCFE6E02E45D3EE268FF001BC5E0, 9901DB728885CE36911F79998629B2DD42D56AF9633B5277834F498CC59B0346 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
20:59:28.0732 0x2128  amdsata - ok
20:59:28.0763 0x2128  [ F20B30F35A5C7888441B4DCA001ECF8E, 695A5BC1F18B65992EB06A202AD3CBFA17228E76DDFD1AE6977FD315724F75C2 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
20:59:28.0763 0x2128  amdsbs - ok
20:59:28.0763 0x2128  [ AFE838D7576C581D6483529621AB10CC, 14476A04CC64E7A0F1BBFDACCBD7A87F384BE1877C27656DBB973AF3975D4AE2 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
20:59:28.0763 0x2128  amdxata - ok
20:59:28.0810 0x2128  [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
20:59:28.0810 0x2128  AODDriver4.3 - ok
20:59:28.0857 0x2128  AppHostSvc - ok
20:59:28.0873 0x2128  AppID - ok
20:59:28.0904 0x2128  AppIDSvc - ok
20:59:28.0904 0x2128  Appinfo - ok
20:59:28.0919 0x2128  AppReadiness - ok
20:59:28.0951 0x2128  AppXSvc - ok
20:59:28.0982 0x2128  [ E3FE8F610B1CC12BC3B2E6BC43DC97E2, 0E18542CF2095A9ADA1759AB8F986E78B0A50A3C6B2AD4EACD80A23D832A2C6D ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
20:59:28.0998 0x2128  arcsas - ok
20:59:29.0091 0x2128  aspnet_state - ok
20:59:29.0107 0x2128  AsyncMac - ok
20:59:29.0138 0x2128  [ 492B99D2E3D5D7BFD5F0AE1BE7BD37DD, A3F6BFC4FDC1933FBF3145019B118689A414108B04F43E2563946B2673C89324 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
20:59:29.0154 0x2128  atapi - ok
20:59:29.0216 0x2128  [ 0966FD5BAB1F9BE200875E9EED0A0A13, F4BE70C0581B51ED6DAE6412A5FF74AE310BF88DE89C5A5E5880BEED543B01D7 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWT6.sys
20:59:29.0216 0x2128  AtiHDAudioService - ok
20:59:29.0279 0x2128  [ E82E61F46D1336447F4DEFF8C074F13E, 9FC152B33F1D9F5684B687743E943AA26AC17A1093F4C31A43C7012E70BC302E ] AtiPcie         C:\WINDOWS\system32\drivers\AtiPcie64.sys
20:59:29.0294 0x2128  AtiPcie - ok
20:59:29.0357 0x2128  [ FC0E8778C000291CAF60EB88C011E931, 09BCCA3DE01021AEF76DFB46F01D21BA6FF409E816FA7547E5C3DFBF3A615ED2 ] atksgt          C:\WINDOWS\system32\DRIVERS\atksgt.sys
20:59:29.0373 0x2128  atksgt - ok
20:59:29.0435 0x2128  AudioEndpointBuilder - ok
20:59:29.0451 0x2128  Audiosrv - ok
20:59:29.0544 0x2128  [ 55D62DD579231402745ECCDD1E55C6CC, 29030EDEDDB40F6D78DD52353CB1FFF292A2CD25EF603225FD0A506868915781 ] AvgAMPS         C:\Program Files (x86)\AVG\Av\avgamps.exe
20:59:29.0576 0x2128  AvgAMPS - ok
20:59:29.0607 0x2128  [ 344B89E8D91B1F25239310DCC7337ED0, CF57BD6AAA2A1527957DA4BA4FFC8072D4BE071C95A8741690CA051727B4E30C ] Avgboota        C:\WINDOWS\system32\DRIVERS\avgboota.sys
20:59:29.0607 0x2128  Avgboota - ok
20:59:29.0623 0x2128  [ FF641C4AD6F27902A7D3CA57BEAA8E80, D5CC8F8BFAE3FFAF9E6FB8130337BACCCC2DB9AE04C8D01A3B7F9037EE3A0ED2 ] Avgdiska        C:\WINDOWS\system32\DRIVERS\avgdiska.sys
20:59:29.0638 0x2128  Avgdiska - ok
20:59:29.0779 0x2128  [ F5EB38E929945BB7B476924F4D61DB4F, B28CA18B80D038627A03E9EB176808ABB1CFB3DDE4D00A1CC3D90175169BA35B ] AVGIDSAgent     C:\Program Files (x86)\AVG\Av\avgidsagent.exe
20:59:29.0841 0x2128  AVGIDSAgent - ok
20:59:29.0873 0x2128  [ 9A809D3EA1569177B1CFA2A20E334C9D, DFC92C31D37EC49D2972712085E109E4D54C5F475D829F29884B51A523171AFC ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdrivera.sys
20:59:29.0888 0x2128  AVGIDSDriver - ok
20:59:29.0904 0x2128  [ D54A730B8DA065C33901737446D7C006, 5054DE9BD322D8D794AC69A8F2FA91C6FA0D82CB67047796114DB958AB7A9771 ] AVGIDSHA        C:\WINDOWS\system32\DRIVERS\avgidsha.sys
20:59:29.0919 0x2128  AVGIDSHA - ok
20:59:29.0935 0x2128  [ D2E83AA008426FC9408272035E50D40B, 6F3B3385C5E1BDBF29343737C5A72A3C8B671016BC805EC51B4C0728807726E3 ] Avgldx64        C:\WINDOWS\system32\DRIVERS\avgldx64.sys
20:59:29.0951 0x2128  Avgldx64 - ok
20:59:29.0966 0x2128  [ 1B77FEC764628B1555086F749D911859, 0A0DA2FBB6472694A4E20E64F381AB99F7FE702E928C5FD2F7C6F353EC029F9B ] Avgloga         C:\WINDOWS\system32\DRIVERS\avgloga.sys
20:59:29.0982 0x2128  Avgloga - ok
20:59:29.0998 0x2128  [ 2A9380C58B7CD687EB9709086614820D, 7AB787135E96790740EE6A6A8046F2880B90ECF717359EEA579D2A149B953056 ] Avgmfx64        C:\WINDOWS\system32\DRIVERS\avgmfx64.sys
20:59:30.0013 0x2128  Avgmfx64 - ok
20:59:30.0060 0x2128  [ 392339315A0738429B3C9E92A0F8F995, 3B101C2316DE151D39D88B33B382451C5C05C13FA5A52C4B00C5B7853931680A ] Avgrkx64        C:\WINDOWS\system32\DRIVERS\avgrkx64.sys
20:59:30.0060 0x2128  Avgrkx64 - ok
20:59:30.0169 0x2128  [ 04D3CB2E6E66B36B1BACC186E8C2AC2B, E2B235CA49ADD10737A5067654D02543364630715B73BDBB265E82653239B369 ] avgsvc          C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
20:59:30.0201 0x2128  avgsvc - ok
20:59:30.0216 0x2128  [ EADED7133726FEEC05C3A7CF0F661590, 2B8A912B77E3A78D44BA0689BDB75DF7838AC18EF153191229019C4DAED93B7B ] Avguniva        C:\WINDOWS\system32\DRIVERS\avguniva.sys
20:59:30.0216 0x2128  Avguniva - ok
20:59:30.0248 0x2128  [ 501D3FE6D8A15FB182983E4EA0C6386B, 15B000CA8757B9D91695465D5D842F441FD2FCF0DD1064FF52D04020E5830D8E ] avgwd           C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
20:59:30.0263 0x2128  avgwd - ok
20:59:30.0310 0x2128  [ E1280D6DE33584FF88B128C9A6773719, 0161DD5736BCB0D4DBCEA8FF576E25CB860C5432B330DCD8412CF3BEC64A3C5E ] Avgwfpa         C:\WINDOWS\system32\DRIVERS\avgwfpa.sys
20:59:30.0326 0x2128  Avgwfpa - ok
20:59:30.0341 0x2128  AxInstSV - ok
20:59:30.0388 0x2128  [ 6447BA6FA709514B6C803D159B4C7D1E, 549DDCEAD93DF333F6BBD56A9258A867E4DA219741C00D48C68F8F230A87B11A ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
20:59:30.0404 0x2128  b06bdrv - ok
20:59:30.0419 0x2128  BasicDisplay - ok
20:59:30.0451 0x2128  BasicRender - ok
20:59:30.0466 0x2128  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\WINDOWS\System32\drivers\bcmfn.sys
20:59:30.0466 0x2128  bcmfn - ok
20:59:30.0482 0x2128  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
20:59:30.0482 0x2128  bcmfn2 - ok
20:59:30.0498 0x2128  BDESVC - ok
20:59:30.0513 0x2128  Beep - ok
20:59:30.0544 0x2128  BFE - ok
20:59:30.0576 0x2128  BITS - ok
20:59:30.0701 0x2128  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:59:30.0716 0x2128  Bonjour Service - ok
20:59:30.0716 0x2128  bowser - ok
20:59:30.0748 0x2128  BRDriver64_1_3_3_E02B25FC - ok
20:59:30.0779 0x2128  BrokerInfrastructure - ok
20:59:30.0779 0x2128  Browser - ok
20:59:30.0810 0x2128  [ CAEC7BC11AF69A181AF7932E636E09E4, 503C69045F1E025CBEE2405043BB71CC58478985ECAF6587F73FCB57860F5709 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
20:59:30.0810 0x2128  BthAvrcpTg - ok
20:59:30.0841 0x2128  [ 5F2B4B32E986C058525D3BA2A475A16C, CEC5BB0B025DD9525CFBBEDF6EB6F63336534798495A4F95763CE112DF915088 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
20:59:30.0841 0x2128  BthHFEnum - ok
20:59:30.0857 0x2128  [ 5406289E8AE2CB52FC408154E0A64BA7, 0A3795F2E6E2B51198452CF69A99159D8E11650E95F41DF0B575CB72F9C6C6B5 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
20:59:30.0857 0x2128  bthhfhid - ok
20:59:30.0888 0x2128  [ BAB101E7826BE287F79C4BA721621989, E6DD25C89267FE87253B8226292F2894F5E702075D3B23B09339D3B28744C060 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
20:59:31.0123 0x2128  BthHFSrv - ok
20:59:31.0154 0x2128  [ A76F20CCCA31895A1DA78A875E50F946, ECD4B3670DA5984AA24F4354457B4E45983938A89FF6DB03B556A633B4B37E3C ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
20:59:31.0154 0x2128  BTHMODEM - ok
20:59:31.0154 0x2128  bthserv - ok
20:59:31.0216 0x2128  [ BF89BDBA5D3A0B4256D3F6FC8D31880D, 940F3BF55B88261C9E9A951A092331559FC5B24FE3BA0F1E1AB3450D2CA364C1 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
20:59:31.0216 0x2128  buttonconverter - ok
20:59:31.0279 0x2128  [ C24C27FDF93B85A4EFCF25F830253AA2, 35C87518BB59663B57C2361A13AD4E57E37392598F1EB9F07F86CA5A6321AF5A ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
20:59:31.0279 0x2128  CapImg - ok
20:59:31.0294 0x2128  cdfs - ok
20:59:31.0310 0x2128  CDPSvc - ok
20:59:31.0310 0x2128  cdrom - ok
20:59:31.0326 0x2128  CertPropSvc - ok
20:59:31.0357 0x2128  [ 0505C1D991D0F9D47F3353BB98597C7E, 3B801CCF4980256327A4A9FBD98007DA1E3ACE9C94E5A4C23AB21303B46E8B5A ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
20:59:31.0357 0x2128  circlass - ok
20:59:31.0357 0x2128  CLFS - ok
20:59:31.0388 0x2128  ClipSVC - ok
20:59:31.0435 0x2128  [ 95832B049E2833B9F5189823CDF946C7, 72773A42A89220B4A6AC72D1633B16F11191A44D876A44FAB5CEFB717CE3223D ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
20:59:31.0435 0x2128  CmBatt - ok
20:59:31.0466 0x2128  CNG - ok
20:59:31.0466 0x2128  cnghwassist - ok
20:59:31.0513 0x2128  CompositeBus - ok
20:59:31.0513 0x2128  COMSysApp - ok
20:59:31.0513 0x2128  condrv - ok
20:59:31.0529 0x2128  CoreMessagingRegistrar - ok
20:59:31.0544 0x2128  CryptSvc - ok
20:59:31.0560 0x2128  dam - ok
20:59:31.0576 0x2128  DcomLaunch - ok
20:59:31.0591 0x2128  DcpSvc - ok
20:59:31.0591 0x2128  defragsvc - ok
20:59:31.0591 0x2128  DeviceAssociationService - ok
20:59:31.0607 0x2128  DeviceInstall - ok
20:59:31.0623 0x2128  DevQueryBroker - ok
20:59:31.0623 0x2128  Dfsc - ok
20:59:31.0623 0x2128  Dhcp - ok
20:59:31.0669 0x2128  diagnosticshub.standardcollector.service - ok
20:59:31.0701 0x2128  DiagTrack - ok
20:59:31.0732 0x2128  [ 4904B152E4942BF700F2D73228B4D477, 0E5646DCA05A24C71F057C9F9F64AE992D338DA72DF3126175C2FA178854C30F ] disk            C:\WINDOWS\system32\drivers\disk.sys
20:59:31.0748 0x2128  disk - ok
20:59:31.0779 0x2128  DmEnrollmentSvc - ok
20:59:31.0810 0x2128  [ 0197AE4B9790A4E73751CACFAA480126, 86BBB398F1A93754B2C329271F13A88FD2F285F30225C38F068F565CCA14EB9F ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
20:59:31.0810 0x2128  dmvsc - ok
20:59:31.0810 0x2128  dmwappushservice - ok
20:59:31.0826 0x2128  Dnscache - ok
20:59:31.0826 0x2128  dot3svc - ok
20:59:31.0841 0x2128  DPS - ok
20:59:31.0904 0x2128  [ 25FA06D3B49D6ADF8E874FFCDCD76B50, 9AF09B96ED79D94EA36581ABE6CC73313A72891779774B15860D018BEA2BBA0F ] drmkaud         C:\WINDOWS\System32\drivers\drmkaud.sys
20:59:31.0904 0x2128  drmkaud - ok
20:59:31.0919 0x2128  DsmSvc - ok
20:59:31.0951 0x2128  DsSvc - ok
20:59:31.0966 0x2128  DXGKrnl - ok
20:59:31.0966 0x2128  Eaphost - ok
20:59:32.0123 0x2128  [ 491275B864B704B54EC08168344E0F38, B4849400C3F819CF7809A2001EA2ECB527022483F7DFE31C3930F951EAFE50CE ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
20:59:32.0216 0x2128  ebdrv - ok
20:59:32.0248 0x2128  EFS - ok
20:59:32.0248 0x2128  EhStorClass - ok
20:59:32.0279 0x2128  [ 5B1EAAE3001A7A320C106FC3859F4111, 700BA2C7D4DFAFFEB78D3804B310A4EE5B4295C84600442665693FF661673951 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
20:59:32.0279 0x2128  EhStorTcgDrv - ok
20:59:32.0326 0x2128  embeddedmode - ok
20:59:32.0341 0x2128  EntAppSvc - ok
20:59:32.0373 0x2128  [ 7A2705148A4BB3CA255F81624338B461, 68AC8F8D2DD8AA4E8F2224A0054DE2AF67EA199217E87CD3C7299B021048F14F ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
20:59:32.0373 0x2128  ErrDev - ok
20:59:32.0419 0x2128  [ B8FA96995726D1FA58476E352C02AD82, 6BBD49B16A19CC3C3337707EFBEB6BC355CB077CBBBC99D8985A3FBB6E871A89 ] ES lite Service C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
20:59:32.0419 0x2220  Object required for P2P: [ 55D62DD579231402745ECCDD1E55C6CC ] AvgAMPS
20:59:32.0419 0x2128  ES lite Service - ok
20:59:32.0435 0x2128  EventSystem - ok
20:59:32.0435 0x2128  exfat - ok
20:59:32.0451 0x2128  fastfat - ok
20:59:32.0466 0x2128  Fax - ok
20:59:32.0482 0x2128  [ 9D299AE86D671488926126A84DF77BFD, C076EEDD0524B7D88BC56C97089E0A836CC1AD725E1A544CC4F8DDBB6670C366 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
20:59:32.0482 0x2128  fdc - ok
20:59:32.0498 0x2128  fdPHost - ok
20:59:32.0498 0x2128  FDResPub - ok
20:59:32.0498 0x2128  fhsvc - ok
20:59:32.0529 0x2128  FileCrypt - ok
20:59:32.0529 0x2128  FileInfo - ok
20:59:32.0544 0x2128  Filetrace - ok
20:59:32.0576 0x2128  [ E99261DD76D1C9E05AF575939CAE5AC5, A789724FD2E22AFB2F921836F5C19A21D17F4BBD604771E2908C2651BD31989C ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
20:59:32.0576 0x2128  flpydisk - ok
20:59:32.0576 0x2128  FltMgr - ok
20:59:32.0576 0x2128  FontCache - ok
20:59:32.0685 0x2128  FontCache3.0.0.0 - ok
20:59:32.0701 0x2128  FsDepends - ok
20:59:32.0748 0x2128  [ 6C06701BF1DB05405804D7EB610991CE, 75DEB2204D9AC338ED7C4742BEFAFA0AFC7E42B2C1B54A57DF8A1AD097D9EC3E ] fssfltr         C:\WINDOWS\system32\DRIVERS\fssfltr.sys
20:59:32.0748 0x2128  fssfltr - ok
20:59:32.0841 0x2128  [ 4CE9DAC1518FF7E77BD213E6394B9D77, D7D0D29DF93AC7DC5F85E385EEB45306C7BD87ACA7AAC5A8D47893D120C32C03 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:59:32.0888 0x2128  fsssvc - ok
20:59:32.0888 0x2128  Fs_Rec - ok
20:59:32.0888 0x2128  fvevol - ok
20:59:32.0919 0x2128  [ B9981A4CB9F728B3312A3885BFAA7204, 12FB2EB2E5D2A912769823DD9C1B33DB358CD0B7FBFC788529EF83DD584334F8 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
20:59:32.0919 0x2128  gagp30kx - ok
20:59:33.0060 0x2128  [ 2360D72739721F76A1CF245CDAE4EF2B, 03BB7DD3DF6FF22941F15BAA6ED4B34518C21232D616FC36EFA448D2B7357D65 ] GalaxyClientService C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe
20:59:33.0107 0x2128  GalaxyClientService - ok
20:59:33.0373 0x2128  [ A785687C7457771995289627493EF93C, 9944FD135E46E990B95B2C040BC1A0003C58437D16247E2A788F4F8BDDF5B400 ] GalaxyCommunication C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
20:59:33.0669 0x2128  GalaxyCommunication - ok
20:59:33.0732 0x2128  [ 7907E14F9BCF3A4689C9A74A1A873CB6, 17927B93B2D6AB4271C158F039CAE2D60591D6A14458F5A5690AEC86F5D54229 ] gdrv            C:\Windows\gdrv.sys
20:59:33.0732 0x2128  gdrv - ok
20:59:33.0779 0x2128  [ 77555B11B264991DDC26872FFCF1AB97, D5F230EEF74EB869F771F8A4AB19C1E6C845BB0EF4A1234882EBDA4FDC431E44 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
20:59:33.0826 0x2128  gencounter - ok
20:59:33.0888 0x2128  [ F3AC9652D88BF87BA6596CBEA28CE10F, 115F3C0A5B9903B17ADEA80E1825FE927B7361F5BDDF80CE3685EF2D327EDF4F ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
20:59:33.0888 0x2128  genericusbfn - ok
20:59:33.0919 0x2128  GPIOClx0101 - ok
20:59:33.0982 0x2128  gpsvc - ok
20:59:33.0982 0x2128  GpuEnergyDrv - ok
20:59:34.0076 0x2128  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:59:34.0091 0x2128  gupdate - ok
20:59:34.0107 0x2128  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:59:34.0107 0x2128  gupdatem - ok
20:59:34.0138 0x2128  HDAudBus - ok
20:59:34.0154 0x2128  [ 6B8CB114B8E64C0636EB49F7B914D1FC, 1AD7A43CC5CD99DCEF60C61242B6843D4AD925CE93BA5D75CD8395C7125EF5A7 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
20:59:34.0154 0x2128  HidBatt - ok
20:59:34.0216 0x2128  [ D1AD197CCDAAC0CB4819DA1D6EB17BAE, C370F974D0A1F7B60F47EAFF57B6CCABE82913187F8BFEE169B8237AE91247B1 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
20:59:34.0232 0x2128  HidBth - ok
20:59:34.0248 0x2128  [ 64909DECCFCC6FB5D9A5BAFDCCB31FEE, E19C91FD8D5102A8C4F6C6FF70CA058BB272FEC1B6E9CBA3A473C49948E6AC7E ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
20:59:34.0263 0x2128  hidi2c - ok
20:59:34.0263 0x2128  [ F510F7B7BF61DEAAC04E65C3B65E8D59, 11566086B06FB08B6A179E3068E022DA381C762DC8962D1E1D63DC646DD4D301 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
20:59:34.0279 0x2128  hidinterrupt - ok
20:59:34.0294 0x2128  [ 90F3ED42D423C942BA5EA54E2FFE7AC7, BF7DE0C8141CD20A6235657BA897A019ABEFF6A01AA3FB202C73C33433CDEAF8 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
20:59:34.0294 0x2128  HidIr - ok
20:59:34.0294 0x2128  hidserv - ok
20:59:34.0310 0x2128  HidUsb - ok
20:59:34.0326 0x2128  HomeGroupListener - ok
20:59:34.0341 0x2128  HomeGroupProvider - ok
20:59:34.0388 0x2128  [ 502433044773567F6CE942F8E0A621CA, F1D3F993E0C39D1DD3929A4871B1C5892ECE9CF439B401199B5F9FDAD5EC4BAB ] HPMo4DE3        C:\WINDOWS\System32\drivers\HPMo4DE3.sys
20:59:34.0388 0x2128  HPMo4DE3 - ok
20:59:34.0404 0x2128  [ FF442DCDCE1F6E9FAA9C8AD0CD1D199B, A239414E97B310C9545995B0E723B5E792B08D71F651450EB006AD4D1765E4F7 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
20:59:34.0419 0x2128  HpSAMD - ok
20:59:34.0435 0x2128  [ A635DDB3ED98953BB4D42079017B4E30, 2083FF32FCF4EB3F2551A4F5DDF57319B560FF49F0EC4FBDDBC03700DEB8C4ED ] HPub4DE3        C:\WINDOWS\System32\Drivers\HPub4DE3.sys
20:59:34.0435 0x2128  HPub4DE3 - ok
20:59:34.0466 0x2128  HTTP - ok
20:59:34.0482 0x2128  hwpolicy - ok
20:59:34.0513 0x2128  [ D668FAB4B0397B426EE3D41683B9A1C0, 66F3E3B2ABC3C9B25A0DADBF09818547ED301230374AC5302B4794629A95DDF8 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
20:59:34.0513 0x2128  hyperkbd - ok
20:59:34.0529 0x2128  i8042prt - ok
20:59:34.0544 0x2128  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\WINDOWS\System32\drivers\iai2c.sys
20:59:34.0560 0x2128  iai2c - ok
20:59:34.0591 0x2128  [ 59A20F5AD9F4AE54098154359519408E, E27B7389C9D123CDDA4EC9CBDB06C4AA5000012391F940EE1492419B593608FE ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
20:59:34.0607 0x2128  iaLPSS2i_I2C - ok
20:59:34.0623 0x2128  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
20:59:34.0623 0x2128  iaLPSSi_GPIO - ok
20:59:34.0638 0x2128  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
20:59:34.0638 0x2128  iaLPSSi_I2C - ok
20:59:34.0669 0x2128  [ 6B0029A0253098CCE28EACCFDB9E7208, E33AD69644E1683A971DA1169B704FBCFD9F715E9550816058E420BB5DE4D946 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
20:59:34.0685 0x2128  iaStorAV - ok
20:59:34.0716 0x2128  [ 9652E1E35A92D8C75710C17A63B15796, 72F8C4A49B874226DEE9B7C9704F0E0A98DAA2DF4EAE2F2258E8324ACBD242E4 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
20:59:34.0732 0x2128  iaStorV - ok
20:59:34.0732 0x2318  Object required for P2P: [ 2A9380C58B7CD687EB9709086614820D ] Avgmfx64
20:59:34.0763 0x2128  [ FFADF691F7BF727AF5C863454A372723, FCF5A5595E8C9C937BE9F1C3AB5D9BD0EFE82DE1298D12085E0CCD84A186D2F2 ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
20:59:34.0763 0x2128  ibbus - ok
20:59:34.0794 0x2128  icssvc - ok
20:59:34.0810 0x2128  IEEtwCollectorService - ok
20:59:34.0841 0x2128  IKEEXT - ok
20:59:34.0951 0x2128  [ F04D22D7A49A1B2210DBADF0B803E870, EC3CB81392784E1FBA79846D9241A8F58B5C0B03733A161AAB3EA5ECF4105A11 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
20:59:34.0966 0x2220  Object send P2P result: true
20:59:34.0966 0x2220  Object required for P2P: [ F5EB38E929945BB7B476924F4D61DB4F ] AVGIDSAgent
20:59:35.0013 0x2128  IntcAzAudAddService - ok
20:59:35.0029 0x2128  [ ECDB27420D3A98424666904525A8562A, BDA98C3C95F2AD79945EF8213D5C65064052C09C82DD36F0D6724E1D21DCC30A ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
20:59:35.0029 0x2128  intelide - ok
20:59:35.0044 0x2128  [ 8FF1978643EFD219C5BA49690191D701, 6FD78A8490107C80090D7125644B8C910855374BE1373D1D6B199307C79680BA ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
20:59:35.0044 0x2128  intelpep - ok
20:59:35.0076 0x2128  [ B61B60F36E1C8022FA8166ABF0F66B07, 23161F1DA51D44D936329E62DF4C2DAEE3DDD4B3D62CC501A888C0E149788968 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
20:59:35.0076 0x2128  intelppm - ok
20:59:35.0107 0x2128  IoQos - ok
20:59:35.0107 0x2128  IpFilterDriver - ok
20:59:35.0154 0x2128  iphlpsvc - ok
20:59:35.0169 0x2128  [ 4F527ECB5EAB47D8EAF34A469666C469, 8FFBEEF42515B6A7758BE579ED69E3911856CBF7710D9785011332C5E3DFE495 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
20:59:35.0185 0x2128  IPMIDRV - ok
20:59:35.0201 0x2128  IPNAT - ok
20:59:35.0216 0x2128  IRENUM - ok
20:59:35.0248 0x2128  [ 531994A6D9399D9B74BE12B5BB58A81E, 6D5CF540C777F4828E1D4C5FE58EE41E6C2F5F399C554DC85F19D1E52229B094 ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
20:59:35.0248 0x2128  isapnp - ok
20:59:35.0279 0x2128  [ 68D5354A4A9692EEC24664C60F47D4A2, 92124E98B6E286B6127DC6D0BFACC9C6D293D58EAE2B47B45532714CE6A6D0CD ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
20:59:35.0294 0x2128  iScsiPrt - ok
20:59:35.0294 0x2128  kbdclass - ok
20:59:35.0310 0x2128  [ 884EBBDDBF5968003B40185BD96FF0E6, E3934D0FF0BEDDF5526AF529F7D15BA8BE479383894975B1AF1A1818C394A6E3 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
20:59:35.0310 0x2128  kbdhid - ok
20:59:35.0326 0x2128  kdnic - ok
20:59:35.0326 0x2128  KeyIso - ok
20:59:35.0326 0x2128  KSecDD - ok
20:59:35.0357 0x2128  KSecPkg - ok
20:59:35.0357 0x2128  ksthunk - ok
20:59:35.0373 0x2128  KtmRm - ok
20:59:35.0388 0x2128  LanmanServer - ok
20:59:35.0388 0x2128  LanmanWorkstation - ok
20:59:35.0404 0x2128  lfsvc - ok
20:59:35.0435 0x2128  LicenseManager - ok
20:59:35.0482 0x2128  [ 156AB2E56DC3CA0B582E3362E07CDED7, 7B03929273861690DC42E4C686E655BE5A1C60136AE5E739D7E62306AFD4AB9A ] lirsgt          C:\WINDOWS\system32\DRIVERS\lirsgt.sys
20:59:35.0482 0x2128  lirsgt - ok
20:59:35.0513 0x2128  lltdio - ok
20:59:35.0529 0x2128  lltdsvc - ok
20:59:35.0560 0x2128  lmhosts - ok
20:59:35.0576 0x2128  [ 961F28D879D345BFA50AF51285C90F2E, F9931A436651F695B746BC0C07E833D9C9F64126746DF976E691E6CAE26DAC9B ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
20:59:35.0591 0x2128  LSI_SAS - ok
20:59:35.0623 0x2128  [ 6BFB8D1B3407518BE06B6F81F92FA0F5, DE0818DCC0D8D1D30A29AB167C65461A78100ABE2368637CEB9D0ED2B4E88D8E ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
20:59:35.0638 0x2128  LSI_SAS2i - ok
20:59:35.0654 0x2128  [ BE0E47988D78F731DEC2C0CB03E765CB, CA0015E87A3962611DBF714253FA618A6568346BAE640884432C1D44DE4C8684 ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
20:59:35.0669 0x2128  LSI_SAS3i - ok
20:59:35.0685 0x2128  [ F99BF02BE9219986817BF094981EEB18, 4303C772366065885C5D937B2E9AC0BF80C84BFB2737716055AD57BF6AADD673 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
20:59:35.0685 0x2128  LSI_SSS - ok
20:59:35.0701 0x2128  LSM - ok
20:59:35.0701 0x2128  luafv - ok
20:59:35.0732 0x2128  MapsBroker - ok
20:59:35.0794 0x2128  [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
20:59:35.0794 0x2128  MBAMProtector - ok
20:59:35.0904 0x2128  [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
20:59:35.0951 0x2128  MBAMScheduler - ok
20:59:35.0998 0x2128  [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
20:59:36.0013 0x2128  MBAMService - ok
20:59:36.0091 0x2128  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
20:59:36.0107 0x2128  MBAMSwissArmy - ok
20:59:36.0123 0x2128  [ 898415AC0B5F1D2A9A48ABCB68A6DC4B, E1FD9AE5E22E3E5A18288E66A6184E92A4B63A1274DCE147A7728BB09C6A225E ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
20:59:36.0123 0x2128  MBAMWebAccessControl - ok
20:59:36.0169 0x2128  [ 2ED29B635F35E31A1C0D3DDB7DD2AD03, F70CC20B98C2DBCD13B0D509D92B3BC3828D1B88F3ACD60C860E163064844181 ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
20:59:36.0169 0x2128  megasas - ok
20:59:36.0216 0x2128  [ 22E3CB85870879CBAE13C5095A8B12E3, 5FA5A8EFBA117089CFDBE09743A16BC3A7CC2042C96ABA1F57901747493106BF ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
20:59:36.0232 0x2128  megasr - ok
20:59:36.0263 0x2128  MessagingService - ok
20:59:36.0326 0x2128  [ D41920FBFFF2BBCBBC69A5B383AD022E, E66218A8303422EA10C19BA12343740B9A1A70B11B39E185E805B4F74CD2B75E ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
20:59:36.0357 0x2128  mlx4_bus - ok
20:59:36.0373 0x2128  MMCSS - ok
20:59:36.0388 0x2128  Modem - ok
20:59:36.0388 0x2128  monitor - ok
20:59:36.0404 0x2128  mouclass - ok
20:59:36.0404 0x2128  mouhid - ok
20:59:36.0404 0x2128  mountmgr - ok
20:59:36.0466 0x2128  [ A43F5F2D3D71A902502D61E71A18C265, 9685DABFF80EFFFD28B9B12696BF4821F30989C8441EA0AA3FF0F03ED799AD9D ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:59:36.0482 0x2128  MozillaMaintenance - ok
20:59:36.0498 0x2128  mpsdrv - ok
20:59:36.0529 0x2128  MpsSvc - ok
20:59:36.0544 0x2128  MQAC - ok
20:59:36.0560 0x2128  MRxDAV - ok
20:59:36.0576 0x2128  mrxsmb - ok
20:59:36.0591 0x2128  mrxsmb10 - ok
20:59:36.0591 0x2128  mrxsmb20 - ok
20:59:36.0591 0x2128  MsBridge - ok
20:59:36.0623 0x2128  MSDTC - ok
20:59:36.0623 0x2128  Msfs - ok
20:59:36.0685 0x2128  [ B3358F380BA3F29F56BE0F7734C24D5F, 229D9E72C429AC51BF6E7C8306218620CB1AA50FE39BA6C11ED0F643E7AF90E5 ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
20:59:36.0701 0x2128  msgpiowin32 - ok
20:59:36.0716 0x2128  mshidkmdf - ok
20:59:36.0716 0x2128  mshidumdf - ok
20:59:36.0732 0x2128  [ 59307FEAFC9E72EEEC56B7FD7D294F4C, 56576635870FC68980977FFA0E7F8E8D69A7981DECF5B52D0B2A82E3BA6685EA ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
20:59:36.0748 0x2128  msisadrv - ok
20:59:36.0763 0x2128  MSiSCSI - ok
20:59:36.0763 0x2128  msiserver - ok
20:59:36.0779 0x2128  MSKSSRV - ok
20:59:36.0779 0x2128  MsLldp - ok
20:59:36.0794 0x2128  MSMQ - ok
20:59:36.0794 0x2128  MSPCLOCK - ok
20:59:36.0794 0x2128  MSPQM - ok
20:59:36.0810 0x2128  MsRPC - ok
20:59:36.0810 0x2128  mssmbios - ok
20:59:36.0810 0x2128  MSTEE - ok
20:59:36.0841 0x2128  [ 4FA0483896FC16583851EFB733FCB083, BB59243ABE32FBE92EC1B04D24239BE2DF7C2354A407C2EFF97623F07DCBDA35 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
20:59:36.0841 0x2128  MTConfig - ok
20:59:36.0841 0x2128  Mup - ok
20:59:36.0857 0x2128  [ 218705233D02776AE4D19CC37D985C1B, 3D92925867B6B8FFAF78E4080139DCB3D45E1E6E1D0AFB6A4FE248B002BD8471 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
20:59:36.0857 0x2128  mvumis - ok
20:59:36.0857 0x2128  NativeWifiP - ok
20:59:36.0888 0x2128  NcaSvc - ok
20:59:36.0888 0x2128  NcbService - ok
20:59:36.0888 0x2128  NcdAutoSetup - ok
20:59:36.0919 0x2128  [ B57CE307DA101C739885B7CC0678077F, F7F45DB6D306060F0FE0E59F39C3B95F6A9B6173930F22C5C41B2003895D6642 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
20:59:36.0919 0x2128  ndfltr - ok
20:59:36.0919 0x2128  NDIS - ok
20:59:36.0935 0x2128  NdisCap - ok
20:59:36.0935 0x2128  NdisImPlatform - ok
20:59:36.0935 0x2128  NdisTapi - ok
20:59:36.0951 0x2128  Ndisuio - ok
20:59:36.0951 0x2128  NdisVirtualBus - ok
20:59:36.0951 0x2128  NdisWan - ok
20:59:36.0966 0x2128  ndiswanlegacy - ok
20:59:36.0966 0x2128  ndproxy - ok
20:59:36.0966 0x2128  Ndu - ok
20:59:36.0982 0x2128  NetBIOS - ok
20:59:36.0982 0x2128  NetBT - ok
20:59:36.0982 0x2128  Netlogon - ok
20:59:37.0013 0x2128  Netman - ok
20:59:37.0060 0x2128  NetMsmqActivator - ok
20:59:37.0060 0x2128  NetPipeActivator - ok
20:59:37.0060 0x2128  netprofm - ok
20:59:37.0107 0x2128  NetSetupSvc - ok
20:59:37.0107 0x2128  NetTcpActivator - ok
20:59:37.0123 0x2128  NetTcpPortSharing - ok
20:59:37.0123 0x2128  NgcCtnrSvc - ok
20:59:37.0123 0x2128  NgcSvc - ok
20:59:37.0138 0x1394  Object required for P2P: [ 9A2A2F3C69B9A30B6E78536F6D258BAD ] iai2c
20:59:37.0138 0x2128  NlaSvc - ok
20:59:37.0138 0x2128  Npfs - ok
20:59:37.0169 0x2128  npsvctrig - ok
20:59:37.0169 0x2128  nsi - ok
20:59:37.0185 0x2128  nsiproxy - ok
20:59:37.0201 0x2128  NTFS - ok
20:59:37.0201 0x2128  Null - ok
20:59:37.0232 0x2128  [ 604D27CC38CC23493F218D0BB834B3FF, EF5E5759CCF16DD97271C82DAF47FB2086EBCA5DE7D05177B70CA1197B95F41E ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
20:59:37.0263 0x2128  nvraid - ok
20:59:37.0263 0x2318  Object send P2P result: true
20:59:37.0263 0x2318  Object required for P2P: [ 501D3FE6D8A15FB182983E4EA0C6386B ] avgwd
20:59:37.0294 0x2128  [ 8B50D897657AB4A15FD9E251BBF7D107, 36036130DD46D9BF105AC7176E219F3BE7D1168A660A0F8DFF76F61FBFA4B417 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
20:59:37.0294 0x2128  nvstor - ok
20:59:37.0326 0x2128  [ 31F990B2B6B91E9D7A667405CE12FCB1, 907E095D1E83CDAFF34BE789FC41CDD7BB4DEE23261E1D03C1CF0D4D030534AC ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
20:59:37.0326 0x2128  nv_agp - ok
20:59:37.0341 0x2128  OneSyncSvc - ok
20:59:37.0466 0x2128  [ 4F2ED8FB21F127DC1FA98D4CA2279E75, 96DB5DF9C55757EB2F761309036F87D8C55BAB2851FBB716A02A9248712CB13A ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
20:59:37.0529 0x2220  Object send P2P result: true
20:59:37.0529 0x2128  Origin Client Service - ok
20:59:37.0560 0x2128  p2pimsvc - ok
20:59:37.0560 0x2128  p2psvc - ok
20:59:37.0560 0x2128  Parport - ok
20:59:37.0576 0x2128  partmgr - ok
20:59:37.0591 0x2128  PcaSvc - ok
20:59:37.0623 0x2128  [ 1D4E995955BDAE781C46CB97AE1CFB58, FF7475F19782CA253AA839DDB86E5AC20C5785D5CC1DD57D9FECBE4F5A5C0BFB ] pci             C:\WINDOWS\system32\drivers\pci.sys
20:59:37.0623 0x2128  pci - ok
20:59:37.0638 0x2128  [ 2B4D98DF0CA57FB9536DBC80D2449D1F, AB34FA8585A20854369C0FAEB18BF5C7734D7E3C791F644B0576E40D609FCD09 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
20:59:37.0638 0x2128  pciide - ok
20:59:37.0654 0x2128  [ F4D5793BF2E58AF15C6CF2FEEF9E73EB, 9B5A40AF8838063F8F0A2B1480B39A2711AAE78BD972CDA60CCA0EB2BA211A87 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
20:59:37.0669 0x2128  pcmcia - ok
20:59:37.0669 0x2128  pcw - ok
20:59:37.0669 0x2128  pdc - ok
20:59:37.0701 0x2128  PEAUTH - ok
20:59:37.0732 0x2128  [ 1398A85E59698067CBBE1D66A9C13ADF, E3609F183068BFAED756B2F9237181D60A6F6D78691248B8BF5B0AEB6A367E3D ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
20:59:37.0748 0x2128  percsas2i - ok
20:59:37.0748 0x2128  [ 35F7C7AD709D909D618D9EDF987FC3ED, EE713E33688E74C5A2546CC58EBD8EA8F8116F25E42DCF8DA21DCBC7C7590E0E ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
20:59:37.0763 0x2128  percsas3i - ok
20:59:37.0873 0x2128  PerfHost - ok
20:59:37.0966 0x2128  PhoneSvc - ok
20:59:37.0998 0x2128  PimIndexMaintenanceSvc - ok
20:59:38.0029 0x2128  pla - ok
20:59:38.0044 0x2128  PlugPlay - ok
20:59:38.0091 0x2128  [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
20:59:39.0669 0x1394  Object send P2P result: true
20:59:39.0669 0x1394  Object required for P2P: [ 59A20F5AD9F4AE54098154359519408E ] iaLPSS2i_I2C
20:59:39.0794 0x2318  Object send P2P result: true
20:59:40.0388 0x2128  PnkBstrA - ok
20:59:40.0404 0x2128  PNRPAutoReg - ok
20:59:40.0419 0x2128  PNRPsvc - ok
20:59:40.0451 0x2128  PolicyAgent - ok
20:59:40.0466 0x2128  Power - ok
20:59:40.0513 0x2128  PptpMiniport - ok
20:59:40.0732 0x2128  [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
20:59:40.0904 0x2128  PrintNotify - ok
20:59:40.0935 0x2128  [ 21AECFF3EB5748CBE12538A2500EFDE5, A1679F21363E99E3698B9C6F7E7E3BB2877D47089BC381AF0C51B1DD8B24325B ] Processor       C:\WINDOWS\System32\drivers\processr.sys
20:59:40.0935 0x2128  Processor - ok
20:59:40.0966 0x2128  ProfSvc - ok
20:59:40.0998 0x2128  Psched - ok
20:59:41.0060 0x2128  [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI             C:\WINDOWS\system32\DRIVERS\psi_mf_amd64.sys
20:59:41.0076 0x2128  PSI - ok
20:59:41.0107 0x2128  QWAVE - ok
20:59:41.0107 0x2128  QWAVEdrv - ok
20:59:41.0138 0x2128  RasAcd - ok
20:59:41.0154 0x2128  RasAgileVpn - ok
20:59:41.0169 0x2128  RasAuto - ok
20:59:41.0185 0x2128  Rasl2tp - ok
20:59:41.0185 0x2128  RasMan - ok
20:59:41.0185 0x2128  RasPppoe - ok
20:59:41.0201 0x2128  RasSstp - ok
20:59:41.0201 0x2128  rdbss - ok
20:59:41.0201 0x2128  rdpbus - ok
20:59:41.0216 0x2128  RDPDR - ok
20:59:41.0216 0x2128  RdpVideoMiniport - ok
20:59:41.0232 0x2128  rdyboost - ok
20:59:41.0232 0x2128  ReFSv1 - ok
20:59:41.0263 0x2128  RemoteAccess - ok
20:59:41.0263 0x2128  RemoteRegistry - ok
20:59:41.0279 0x2128  RetailDemo - ok
20:59:41.0279 0x2128  RpcEptMapper - ok
20:59:41.0326 0x2128  RpcLocator - ok
20:59:41.0326 0x2128  RpcSs - ok
20:59:41.0341 0x2128  rspndr - ok
20:59:41.0357 0x2128  rt640x64 - ok
20:59:41.0388 0x2128  [ 044890BB0D6CF1E23C1087234D320509, FA6C79D24BE4ACCFAC617D2850B922BFAA7C2766AE625C725F3ACF43C934EFAF ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
20:59:41.0388 0x2128  s3cap - ok
20:59:41.0419 0x2128  SamSs - ok
20:59:41.0435 0x2128  [ 530F797129776AA7E81994783A97E2AD, F131EF036702C6E741E5A6851AE07E81043CE8BAEED0768838C0F31CE14FEC1A ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
20:59:41.0451 0x2128  sbp2port - ok
20:59:41.0498 0x2128  SCardSvr - ok
20:59:41.0513 0x2128  ScDeviceEnum - ok
20:59:41.0513 0x2128  scfilter - ok
20:59:41.0513 0x2128  Schedule - ok
20:59:41.0529 0x2128  SCPolicySvc - ok
20:59:41.0560 0x2128  [ 70165A0A2653FB8AFDE3D85000727F29, BAC35D7B0296CAC78EAC4266FC96E292174827E0B24ECAF085228B26A5052911 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
20:59:41.0576 0x2128  sdbus - ok
20:59:41.0607 0x2128  SDRSVC - ok
20:59:41.0654 0x2128  [ DE6D7DC78D956928F59F7415A0F41E13, C0F8EEED29BF63A0D8FB5A0286C1C768BFEF598EC52715D910B5BB1A76231805 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
20:59:41.0654 0x2128  sdstor - ok
20:59:41.0685 0x2128  seclogon - ok
20:59:41.0966 0x2128  [ BE43B6172AC5961017762AB3C9B9B4C6, 209356410729F5DB8E9CB64B7F32638CE4C1559B5FA10B66C69C0650A0ADD36E ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
20:59:42.0013 0x2128  Secunia PSI Agent - ok
20:59:42.0044 0x2128  [ C85EE9529401BF0467DACEB3D4BD1EAF, 4CB441A39C4FF3417B9046BEB237B3043A105A0112F5A04444F431C7F77C3D4B ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
20:59:42.0076 0x2128  Secunia Update Agent - ok
20:59:42.0091 0x2128  SENS - ok
20:59:42.0107 0x2128  SensorDataService - ok
20:59:42.0123 0x2128  SensorService - ok
20:59:42.0123 0x2128  SensrSvc - ok
20:59:42.0154 0x2128  SerCx - ok
20:59:42.0185 0x1394  Object send P2P result: true
20:59:42.0216 0x2128  SerCx2 - ok
20:59:42.0216 0x2128  Serenum - ok
20:59:42.0232 0x2128  Serial - ok
20:59:42.0294 0x2128  [ 0F5B43074AE731D2C6F061241C9D84A6, 05CFEB30A4FC11441552D37687608C8C2FD6DC2F2266AE9D6526753E26283DE6 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
20:59:42.0310 0x2128  sermouse - ok
20:59:42.0326 0x2128  SessionEnv - ok
20:59:42.0357 0x2128  [ D9FE59276BD56A9643C32D5FACE2F251, 591862D868A545F468496DE97DEE42C9DB3AFBFC0881CBA79EB6641A254AF033 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
20:59:42.0357 0x2128  sfloppy - ok
20:59:42.0404 0x2128  SharedAccess - ok
20:59:42.0451 0x2128  ShellHWDetection - ok
20:59:42.0482 0x2128  [ ABBE803FE0BDAE0E5BE74DDEFBE62F23, 5009F489F7A6D66628C23A0FA3D7632399D0AD72BD11A1B70D7E768ED507377D ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
20:59:42.0482 0x2128  SiSRaid2 - ok
20:59:42.0513 0x2128  [ 6043DF55CFE3C7ACF477645FA64DEA98, 0E18EF8EC589841BC319C17FBABA7383FD247C9441ABF64A0D830976F3E611AE ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
20:59:42.0513 0x2128  SiSRaid4 - ok
20:59:42.0529 0x2128  smphost - ok
20:59:42.0560 0x2128  SmsRouter - ok
20:59:42.0591 0x2128  SNMPTRAP - ok
20:59:42.0623 0x2128  [ 1A6CB30F0EFC1632E6F1B852CA892583, 0E6BDCEE837AEC3D02C437478143C75550C94A50E36895DDB095F54A2FA18E2A ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
20:59:42.0638 0x2128  spaceport - ok
20:59:42.0654 0x2128  SpbCx - ok
20:59:42.0794 0x2128  [ 5F9785E7535F8F602CB294A54962C9E7, 22BE050955347661685A4343C51F11C7811674E030386D2264CD12ECBF544B7C ] speedfan        C:\WINDOWS\syswow64\speedfan.sys
20:59:44.0779 0x2128  speedfan - ok
20:59:44.0826 0x2128  Spooler - ok
20:59:44.0826 0x2128  sppsvc - ok
20:59:44.0857 0x2128  srv - ok
20:59:44.0857 0x2128  srv2 - ok
20:59:44.0873 0x2128  srvnet - ok
20:59:44.0888 0x2128  SSDPSRV - ok
20:59:44.0904 0x2128  SstpSvc - ok
20:59:44.0935 0x2128  StateRepository - ok
20:59:45.0060 0x2128  [ C98EF483DA6BFADB3BE719F6689A3D22, FFAB917A2008638FE6C8B74AA4487D5C16A25E0E1D53AFD35CBBE5A27A4A2009 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:59:45.0091 0x2128  Steam Client Service - ok
20:59:45.0107 0x2128  [ CCDA497C880AD16D87EDFAEFCFB2EDF5, 622599AA35ACFF0375DA252210BE42E7E90F30EDFEFF2F62FDB14AE6E45B5F88 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
20:59:45.0107 0x2128  stexstor - ok
20:59:45.0123 0x2128  stisvc - ok
20:59:45.0154 0x2128  [ BF8EA6FC3358C2F69678E3E94F764F84, D274DAD7B5756DD49CA44277C73497F1EC465C8E365CC730CD194932C3825920 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
20:59:45.0154 0x2128  storahci - ok
20:59:45.0169 0x2128  [ 32FF460DA8C1F370F5C08B7654899B73, 0C9D5D38D033109BA672ABAFEF0F0CD295E9FFA108ACFCA9044429D9B2CA9057 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
20:59:45.0169 0x2128  storflt - ok
20:59:45.0201 0x2128  [ CC21DB3EF619B9480FE31A4EFE92CBEB, 256EFCA2F231F41D34250E1460BF88894D943EAE83A0B153FCADE700AB4DE11E ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
20:59:45.0201 0x2128  stornvme - ok
20:59:45.0201 0x2128  storqosflt - ok
20:59:45.0216 0x2128  StorSvc - ok
20:59:45.0248 0x2128  [ 770A92D9D3A0BF61C97C3AFCB36847D9, 21A8CC3F8E63B971C4FF8DDED5C7032E093A7B0F16E2128A9BD2E890BA76A1D9 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
20:59:45.0248 0x2128  storufs - ok
20:59:45.0279 0x2128  [ 736A2418E3E7F3DB3CF6EB0A55D1D581, 2D3BBC4E0C7B51EDE7479A978E4BCD5F47A7257745179F01D2D9ECFD83CCCC82 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
20:59:45.0279 0x2128  storvsc - ok
20:59:45.0294 0x2128  svsvc - ok
20:59:45.0294 0x2128  swenum - ok
20:59:45.0310 0x2128  swprv - ok
20:59:45.0341 0x2128  [ CAE4B27B469C583131EA5AAE622F5D76, 3979006EB22489D1AAD2EC2E9F32C286EEDCDB83B37B97E58BA831263EC33B84 ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
20:59:45.0341 0x2128  Synth3dVsc - ok
20:59:45.0357 0x2128  SysMain - ok
20:59:45.0373 0x2128  SystemEventsBroker - ok
20:59:45.0388 0x2128  TabletInputService - ok
20:59:45.0388 0x2128  TapiSrv - ok
20:59:45.0404 0x2128  Tcpip - ok
20:59:45.0404 0x2128  Tcpip6 - ok
20:59:45.0404 0x2128  tcpipreg - ok
20:59:45.0435 0x2128  tdx - ok
20:59:45.0451 0x2128  [ E730D0EB1B84EBC98423FC8D285EDBC0, 442DD433F9D22304E64EC7ACFC4E04892D4D92D8AC545A3530FC932A2EEC4767 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
20:59:45.0466 0x2128  terminpt - ok
20:59:45.0466 0x2128  TermService - ok
20:59:45.0466 0x2128  Themes - ok
20:59:45.0482 0x2128  TieringEngineService - ok
20:59:45.0498 0x2128  tiledatamodelsvc - ok
20:59:45.0544 0x2128  TimeBroker - ok
20:59:45.0576 0x2128  [ 169B0A246067457FEF8A18EED7EED9D5, BF5AC0CB29E1E456253B881CD0608B578D7343E9DFE1738A14598D1DFFE1AB66 ] TPM             C:\WINDOWS\System32\drivers\tpm.sys
20:59:45.0576 0x2128  TPM - ok
20:59:45.0576 0x2128  TrkWks - ok
20:59:45.0623 0x2128  TrustedInstaller - ok
20:59:45.0638 0x2128  tsusbflt - ok
20:59:45.0669 0x2128  [ 267C76EE60736EA5A1811A53FA02AABE, 28D4C4CB972534204B8336D0403B70E4EFE4F8369ABDE7401FFCCF7D4E3EA165 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
20:59:45.0669 0x2128  TsUsbGD - ok
20:59:45.0701 0x2128  tunnel - ok
20:59:45.0701 0x2128  tzautoupdate - ok
20:59:45.0732 0x2128  [ 42C546414F80BD6C0137FC3A106F8A69, 067FFCAF0059935851888BD984E848E4E1A6CC1941A8F4534067CCF0B2A3B2E6 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
20:59:45.0732 0x2128  uagp35 - ok
20:59:45.0763 0x2128  [ 1686DBC81748B096232B15F16C302985, 63D72D1838C42A95599AF3C0B19A069E310ADB091208011D7D6FBAC968D1A59A ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
20:59:45.0763 0x2128  UASPStor - ok
20:59:45.0763 0x2128  UcmCx0101 - ok
20:59:45.0779 0x2128  [ 1C95F7CE37D9EFB90EBE987A9712356C, B9EE7743ADA50276F05D735C5C29E44039D630A7DC93766A0EAF400DA037E4AF ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
20:59:45.0779 0x2128  UcmUcsi - ok
20:59:45.0794 0x2128  Ucx01000 - ok
20:59:45.0794 0x2128  UdeCx - ok
20:59:45.0810 0x2128  udfs - ok
20:59:45.0810 0x2128  [ BA760F8E66428BA9FF1E8BFBC6248136, BE7DCBB293B12672CB3653E640C46F669BD738D320F34F4FA4A26F6B248561F0 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
20:59:45.0810 0x2128  UEFI - ok
20:59:45.0826 0x2128  Ufx01000 - ok
20:59:45.0857 0x2128  [ 2B1DABA97DDF5365FC66EE7DEDD86A13, 2FF3355862938B37EE63FCA149415CE5032BF54747B07517BB21460733B65AD8 ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
20:59:45.0857 0x2128  UfxChipidea - ok
20:59:45.0888 0x2128  [ DB630FC660443D63EBAB2C830C298EFE, 7698772FF9C988DF752DF3FAF1B154E923EBA425B92F288ABB6EF0805ABD3296 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
20:59:45.0888 0x2128  ufxsynopsys - ok
20:59:45.0919 0x2128  UI0Detect - ok
20:59:45.0935 0x2128  [ 6DE78C04BF32ECA7AF3064F53687C9A5, 164D3BB24EBA3EAF613799928063FE75220A4E583D985F53A895017782C18600 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
20:59:45.0935 0x2128  uliagpkx - ok
20:59:45.0935 0x2128  umbus - ok
20:59:45.0951 0x2128  [ 11680607944A719EF20E0E740785712A, 1567C2B3AAD702DCC2DC9C6B7B92EE5B681C06701A39DAC3AA7E2BE9E1E04F47 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
20:59:45.0966 0x2128  UmPass - ok
20:59:45.0982 0x2128  UmRdpService - ok
20:59:45.0998 0x2128  UnistoreSvc - ok
20:59:46.0013 0x2128  upnphost - ok
20:59:46.0044 0x2128  [ 2410A0C20D21A25E6C01979FA886BE90, DD3F92D8CF110D47B9E36BA0EB10EB34C0FDD28FE0D57E4B60F9326703388F75 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
20:59:46.0044 0x2128  UrsChipidea - ok
20:59:46.0044 0x2128  UrsCx01000 - ok
20:59:46.0060 0x2128  [ E8A59FA109A22FC07E44BDFCC9727DBD, 0DC5928C0FF7E5B38917660D6EFECCC22172DB0BB9B23216F33E750790529C16 ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
20:59:46.0060 0x2128  UrsSynopsys - ok
20:59:46.0091 0x2128  [ D8A44550ECE102B6443F5D54DCE7DAB3, 97F5AE7B17DAC4A4F3186C77116BC8E49874FB0018C99D8E2CDA29D89E8B0912 ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
20:59:46.0091 0x2128  usbccgp - ok
20:59:46.0107 0x2128  [ 66B3D22DAB5312FF238ABF5C6D9F8FAB, 4A644AFC1C27D692D352BEB8801398A00EA5B4055476063AF905A0A46DDBF8BB ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
20:59:46.0107 0x2128  usbcir - ok
20:59:46.0123 0x2128  usbehci - ok
20:59:46.0123 0x2128  usbhub - ok
20:59:46.0185 0x2128  [ B7E1CAA9429E4C3E7E01CB35B97E1536, 11A6431C27821F247202AC9F18441FEA26544630461522C129F1671257C527BA ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
20:59:46.0201 0x2128  USBHUB3 - ok
20:59:46.0201 0x2128  usbohci - ok
20:59:46.0216 0x2128  [ 21162F65C7756AAECAEBED9E67D0A5FE, DE3B43964171DB5B0464DA5E7A674A5D200A8695E6EF1AE2030681066ABA2688 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
20:59:46.0216 0x2128  usbprint - ok
20:59:46.0279 0x2128  [ F259A45D6B555B14CC8365AA6BC8DC20, 28A588656449307F6E9C999BE5D73E34A2542A5771F4B504D9D36B9F93F32303 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
20:59:46.0279 0x2128  usbser - ok
20:59:46.0341 0x2128  [ 8949F77132A4F8F3BA17C6727099F002, 86AD4A2263B34983335180FDAE775D1744E042D2A11300D27DF546F15F285A25 ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
20:59:46.0357 0x2128  USBSTOR - ok
20:59:46.0373 0x2128  [ 8B3E458A8851F9A3B2109B1680EE1159, 753AC8F82F65564F00EA2F60B43E4B815FEAABE0DA35B6356210A5F4B1CA3EFC ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
20:59:46.0373 0x2128  usbuhci - ok
20:59:46.0419 0x2128  [ 325727F01F03C504CF788618A13DC266, 9F685113F714ADBC6DCD423CCD205F71E00D1AA9B5DD045B95E61E53B0F8E9AF ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
20:59:46.0435 0x2128  USBXHCI - ok
20:59:46.0466 0x2128  UserDataSvc - ok
20:59:46.0482 0x2128  UserManager - ok
20:59:46.0498 0x2128  UsoSvc - ok
20:59:46.0498 0x2128  VaultSvc - ok
20:59:46.0529 0x2128  [ E1BE37312785A71862516F66B3FD24CE, D248C513DBEACB192653C6E46809209F341771B146544BBF43B86369280B4F8B ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
20:59:46.0529 0x2128  vdrvroot - ok
20:59:46.0529 0x2128  vds - ok
20:59:46.0544 0x2128  VerifierExt - ok
20:59:46.0576 0x2128  [ EC15FD6A28757793E2DA394CD94ABD52, DC758BBEE9C6952D7B3F7171EF67B037B4068E88189A2C4A894122D1D1209468 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
20:59:46.0591 0x2128  vhdmp - ok
20:59:46.0591 0x2128  vhf - ok
20:59:46.0607 0x2128  [ E886CB75DA2B6EB35469EF10135624C7, 3AFC59A0709B984F517A918D5BBEBEB1C80001BEC87C133447DCEAEDE00E516D ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
20:59:46.0623 0x2128  vmbus - ok
20:59:46.0638 0x2128  [ 46D2EC27820EC0F798F85821E53C2942, D298A7D6AC16F76A069F843C8DD323ECB340D361733CB9B076BCDE8FC5F1FEFC ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
20:59:46.0638 0x2128  VMBusHID - ok
20:59:46.0654 0x2128  vmicguestinterface - ok
20:59:46.0654 0x2128  vmicheartbeat - ok
20:59:46.0669 0x2128  vmickvpexchange - ok
20:59:46.0669 0x2128  vmicrdv - ok
20:59:46.0669 0x2128  vmicshutdown - ok
20:59:46.0685 0x2128  vmictimesync - ok
20:59:46.0685 0x2128  vmicvmsession - ok
20:59:46.0685 0x2128  vmicvss - ok
20:59:46.0716 0x2128  [ B9265F47E7A354BAAA0AF5CBA3F8F7CE, F836E7BEDC7CAB1C01225164D171A0210D8F909F52992E4C0BF3C92B365BCD52 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
20:59:46.0716 0x2128  volmgr - ok
20:59:46.0716 0x2128  volmgrx - ok
20:59:46.0748 0x2128  [ E1F91A727A04C9F8199D04FF3BBBF63C, 076CAEE621DBF7DE24ED92BA239C440879FDB674CF3213DF3E35AEC03D0D2031 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
20:59:46.0748 0x2128  volsnap - ok
20:59:46.0810 0x2128  [ F7B1B1101271E31F43CC76E890704F51, 2282D82B220C3D13FF980ED8E40443C83816D3DA9557EACEA137873F92BB9CF4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
20:59:46.0810 0x2128  vpci - ok
20:59:46.0841 0x2128  [ D48ED0A08BD2FD25A833E6AC99623091, 6CA7580878D3893E14B4938023A00CDFC9BE215A0CE4ED59A94F95DFD9FDF4D8 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
20:59:46.0857 0x2128  vsmraid - ok
20:59:46.0857 0x2128  VSS - ok
20:59:46.0888 0x2128  [ 6990D4AFDF545669D4E6C232F26DE1FB, 9B8F99A035188FD96BA79E935E8EF387BEA2223ECA0B74CF64AB993DABAA5722 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
20:59:46.0904 0x2128  VSTXRAID - ok
20:59:46.0904 0x2128  vwifibus - ok
20:59:46.0904 0x2128  vwififlt - ok
20:59:46.0919 0x2128  W32Time - ok
20:59:46.0966 0x2128  w3logsvc - ok
20:59:46.0982 0x2128  W3SVC - ok
20:59:47.0013 0x2128  [ 00C27B64C758C111E5D78A70DE6CA2B6, C99761B9B671B3A1FF1C52796CCA3F4F825BF50D9657D13B551E849CDD82055D ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
20:59:47.0013 0x2128  WacomPen - ok
20:59:47.0029 0x2128  WalletService - ok
20:59:47.0029 0x2128  wanarp - ok
20:59:47.0029 0x2128  wanarpv6 - ok
20:59:47.0044 0x2128  WAS - ok
20:59:47.0044 0x2128  wbengine - ok
20:59:47.0076 0x2128  WbioSrvc - ok
20:59:47.0076 0x2128  Wcmsvc - ok
20:59:47.0091 0x2128  wcncsvc - ok
20:59:47.0091 0x2128  WcsPlugInService - ok
20:59:47.0091 0x2128  WdBoot - ok
20:59:47.0107 0x2128  Wdf01000 - ok
20:59:47.0107 0x2128  WdFilter - ok
20:59:47.0107 0x2128  WdiServiceHost - ok
20:59:47.0123 0x2128  WdiSystemHost - ok
20:59:47.0123 0x2128  wdiwifi - ok
20:59:47.0123 0x2128  WdNisDrv - ok
20:59:47.0154 0x2128  WdNisSvc - ok
20:59:47.0169 0x2128  WebClient - ok
20:59:47.0169 0x2128  Wecsvc - ok
20:59:47.0169 0x2128  WEPHOSTSVC - ok
20:59:47.0185 0x2128  wercplsupport - ok
20:59:47.0185 0x2128  WerSvc - ok
20:59:47.0201 0x2128  WFPLWFS - ok
20:59:47.0201 0x2128  WiaRpc - ok
20:59:47.0232 0x2128  WIMMount - ok
20:59:47.0232 0x2128  WinDefend - ok
20:59:47.0248 0x2128  WindowsTrustedRT - ok
20:59:47.0341 0x2128  [ 8B102A7B6CE326FD4208CC7C2D183343, E47C1D76CBFD2A382C3A7BB048D752FB6DD4616FADDEB1C3ADD5DDAE149742AF ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
20:59:47.0357 0x2128  WindowsTrustedRTProxy - ok
20:59:47.0357 0x2128  WinHttpAutoProxySvc - ok
20:59:47.0388 0x2128  [ 4A53441C1C4D2878BEF27E381138BB2D, C221E74491E6FD2AF472B53876B46788D5CF62F4E645457F3B3816FD0ED2BAA1 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
20:59:47.0388 0x2128  WinMad - ok
20:59:47.0435 0x2128  Winmgmt - ok
20:59:47.0435 0x2128  WinRM - ok
20:59:47.0482 0x2128  [ 260907CE034FE327AC99BDA4153AB22F, B96501F43248713C2E153B9D22B78D51412A3C6989A2FB5F53A406C6CDC98D30 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
20:59:47.0482 0x2128  WINUSB - ok
20:59:47.0513 0x2128  [ 40A3E8D729F458B2C9A8BD9380FF83D5, CD42FFC138969EF8C9588FD113F0B9A98FBA282D46A5B6BCFA765F55ED6E97A1 ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
20:59:47.0513 0x2128  WinVerbs - ok
20:59:47.0545 0x2128  WlanSvc - ok
20:59:47.0685 0x2128  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:59:47.0685 0x2128  wlcrasvc - ok
20:59:47.0716 0x2128  wlidsvc - ok
20:59:47.0748 0x2128  WmiAcpi - ok
20:59:47.0763 0x2128  wmiApSrv - ok
20:59:47.0795 0x2128  WMPNetworkSvc - ok
20:59:47.0826 0x2128  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
20:59:47.0841 0x2128  Wof - ok
20:59:47.0857 0x2128  workfolderssvc - ok
20:59:47.0888 0x2128  wpcfltr - ok
20:59:47.0888 0x2128  WPDBusEnum - ok
20:59:47.0904 0x2128  WpdUpFltr - ok
20:59:47.0904 0x2128  WpnService - ok
20:59:47.0919 0x2128  ws2ifsl - ok
20:59:47.0919 0x2128  wscsvc - ok
20:59:47.0935 0x2128  WSearch - ok
20:59:47.0951 0x2128  WSService - ok
20:59:47.0951 0x2128  wuauserv - ok
20:59:47.0966 0x2128  WudfPf - ok
20:59:47.0966 0x2128  WUDFRd - ok
20:59:47.0966 0x2128  wudfsvc - ok
20:59:47.0982 0x2128  WwanSvc - ok
20:59:48.0013 0x2128  XblAuthManager - ok
20:59:48.0013 0x2128  XblGameSave - ok
20:59:48.0076 0x2128  [ F279536122B83FD0D8E158AA753E1B7C, 6A542F28E24B30DBDC2EEE24DA33C2F4ADB3596AEDDD71DC1495DD40577CE4BB ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
20:59:48.0107 0x2128  xboxgip - ok
20:59:48.0154 0x2128  XboxNetApiSvc - ok
20:59:48.0170 0x2128  [ DBACD4E4FE191D0CE7C624ACA389535E, A706DA0A284398E80AEB6FBE1B5F6C3192C3F4D1C1B7533528D689D163374DDF ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
20:59:48.0170 0x2128  xinputhid - ok
20:59:48.0216 0x2128  [ 0B97D8E4703D901D4FBCEA64328904AE, 5D586579882962A64AAE6E081EECD30F48E7EB96C660CB7D651A47D588373647 ] ZAM             C:\WINDOWS\System32\drivers\zam64.sys
20:59:48.0216 0x2128  ZAM - ok
20:59:48.0763 0x2128  [ A806461EB3B06679F93FF67C84E43B08, F8412BD1CA56905AB0897FBB4BED8432813996E099C9ECAC8CABCFE8674144B2 ] ZAMSvc          C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
20:59:49.0232 0x2128  ZAMSvc - ok
20:59:49.0294 0x2128  [ 0B97D8E4703D901D4FBCEA64328904AE, 5D586579882962A64AAE6E081EECD30F48E7EB96C660CB7D651A47D588373647 ] ZAM_Guard       C:\WINDOWS\System32\drivers\zamguard64.sys
20:59:49.0294 0x2128  ZAM_Guard - ok
20:59:49.0294 0x2128  ================ Scan global ===============================
20:59:49.0373 0x2128  [ Global ] - ok
20:59:49.0373 0x2128  ================ Scan MBR ==================================
20:59:49.0404 0x2128  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:59:49.0638 0x2128  \Device\Harddisk0\DR0 - ok
20:59:49.0638 0x2128  ================ Scan VBR ==================================
20:59:49.0638 0x2128  [ B55013DE3B22240CA723E09AF2ECCF0D ] \Device\Harddisk0\DR0\Partition1
20:59:49.0654 0x2128  \Device\Harddisk0\DR0\Partition1 - ok
20:59:49.0654 0x2128  [ AA6FD9C42CA8463DF9660488092D9F00 ] \Device\Harddisk0\DR0\Partition2
20:59:49.0654 0x2128  \Device\Harddisk0\DR0\Partition2 - ok
20:59:49.0654 0x2128  ================ Scan generic autorun ======================
20:59:50.0123 0x2128  [ A806461EB3B06679F93FF67C84E43B08, F8412BD1CA56905AB0897FBB4BED8432813996E099C9ECAC8CABCFE8674144B2 ] C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
20:59:50.0341 0x2128  ZAM - ok
20:59:50.0482 0x2128  [ 4C6AAABB264526A9C845A39AEBB79B69, B27F869E8B44CC5F1F9ADCA53AA848C16D706587ED9C7F995AE59BF9B0426523 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
20:59:50.0513 0x2128  StartCCC - ok
20:59:50.0576 0x2128  [ D912BEAF43ED95F3038102968D5955D9, 4C2BE7C25E969E51A7A007B297A078BE36CEEAA6A994EF9FBFA6881E7F812584 ] C:\Program Files (x86)\AVG\Av\avuirunnerx.exe
20:59:50.0576 0x2128  AVG_UI - ok
20:59:50.0576 0x2128  BlueStacks Agent - ok
20:59:50.0654 0x2128  [ 845C94C35431FD2CD8DA3D770DE8E35B, 194D63D88235443FB99414C0D5BB265CEA14DEA812BC468010FA138B4548D474 ] C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe
20:59:50.0670 0x2128  AvgUi - ok
20:59:50.0748 0x2128  [ C9B67BCB8E384064A8C2263740B0C437, F2609406A84F3A8E256DD250F84A774EF43F92C9F8B373E297A99ACF95B3CCE4 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
20:59:50.0763 0x2128  SunJavaUpdateSched - ok
20:59:50.0888 0x2128  OneDriveSetup - ok
20:59:50.0888 0x2128  OneDriveSetup - ok
20:59:51.0091 0x2128  [ EE6CC60BE4B301A5665208E881BA011C, BB3E3A4D8FCB046DB8EA80DD6CCD3C52E250DC73A9578AAD8B1F57EED3DC0182 ] C:\Program Files (x86)\Steam\steam.exe
20:59:51.0138 0x2128  Steam - ok
20:59:51.0216 0x2128  Spotify Web Helper - ok
20:59:51.0357 0x2128  [ 61F488AC3053DEB2AADB6A34DEBC8876, B5C5E0325F0FB4A37E80F08273B7483630F676C6342519564798CE7D1F121CB7 ] C:\Users\Craig\AppData\Local\Microsoft\OneDrive\OneDrive.exe
20:59:51.0435 0x2128  OneDrive - ok
20:59:51.0435 0x2128  Spotify - ok
20:59:51.0513 0x2128  Uninstall C:\Users\Craig\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64 - ok
20:59:51.0513 0x2128  OneDriveSetup - ok
20:59:51.0513 0x2128  Waiting for KSN requests completion. In queue: 85
20:59:52.0529 0x2128  Waiting for KSN requests completion. In queue: 85
20:59:53.0545 0x2128  Waiting for KSN requests completion. In queue: 85
20:59:54.0076 0x2230  Object required for P2P: [ A806461EB3B06679F93FF67C84E43B08 ] ZAMSvc
20:59:54.0560 0x2128  Waiting for KSN requests completion. In queue: 8
20:59:55.0576 0x2128  Waiting for KSN requests completion. In queue: 8
20:59:56.0591 0x2128  Waiting for KSN requests completion. In queue: 8
20:59:56.0716 0x2230  Object send P2P result: true
20:59:56.0732 0x2230  Object required for P2P: [ A806461EB3B06679F93FF67C84E43B08 ] C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
20:59:57.0607 0x2128  Waiting for KSN requests completion. In queue: 7
20:59:58.0623 0x2128  Waiting for KSN requests completion. In queue: 7
20:59:59.0373 0x2230  Object send P2P result: true
20:59:59.0373 0x2230  Object required for P2P: [ EE6CC60BE4B301A5665208E881BA011C ] C:\Program Files (x86)\Steam\steam.exe
20:59:59.0638 0x2128  Waiting for KSN requests completion. In queue: 2
21:00:00.0654 0x2128  Waiting for KSN requests completion. In queue: 2
21:00:01.0670 0x2128  Waiting for KSN requests completion. In queue: 2
21:00:01.0904 0x2230  Object send P2P result: true
21:00:02.0779 0x2128  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x60100 ( disabled : updated )
21:00:02.0795 0x2128  AV detected via SS2: AVG AntiVirus Free Edition, C:\Program Files (x86)\AVG\Av\avgwsc.exe ( 16.51.0.7497 ), 0x42000 ( disabled : updated )
21:00:02.0810 0x2128  Win FW state via NFP2: enabled ( trusted )
21:00:05.0248 0x2128  ============================================================
21:00:05.0248 0x2128  Scan finished
21:00:05.0248 0x2128  ============================================================
21:00:05.0248 0x1870  Detected object count: 0
21:00:05.0248 0x1870  Actual detected object count: 0
21:00:51.0654 0x13a0  Deinitialize success
 

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.03.29.06
  rootkit: v2016.03.12.01

Windows 10 x64 NTFS
Internet Explorer 11.162.10586.0
Craig :: CRAIG-PC [administrator]

03/29/2016 9:04:07 PM
mbar-log-2016-03-29 (21-04-07).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 464839
Time elapsed: 52 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

© Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.162.10586.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.813000 GHz
Memory total: 4293382144, free: 2227613696

Downloaded database version: v2016.03.29.06
Downloaded database version: v2016.03.12.01
Downloaded database version: v2016.03.24.01
=======================================
Initializing...
------------ Kernel report ------------
     03/29/2016 21:03:55
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\System32\drivers\AtiPcie64.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avguniva.sys
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\avgwfpa.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\WINDOWS\System32\drivers\zamguard64.sys
\??\C:\WINDOWS\System32\drivers\zam64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\avgdiska.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\1394ohci.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\parport.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\AtihdWT6.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\HPub4DE3.sys
\SystemRoot\System32\drivers\HPMo4DE3.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\??\C:\Windows\system32\drivers\acedrv11.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\mqac.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\drivers\tunnel.sys
\??\C:\Windows\gdrv.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\cdrom.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\??\C:\WINDOWS\system32\drivers\mwac.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2016.03.29.06
  rootkit: v2016.03.12.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe001460a6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001460a6b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001460a6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe001456169b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0014602f060, DeviceName: \Device\Ide\IdeDeviceP3T1L0-7\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: EF966F6B

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 975642624
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 975849472  Numsec = 921600
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\davhlpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efswrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wevtapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SensApi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wscisvif.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wscisvif.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\perfos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mqsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fltLib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devrtl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\opengl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\glu32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ddraw.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ieframe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ICONCODECSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ICONCODECSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMSETTINGSBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMSETTINGSBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mshtml.dll" is sparse (flags = 32768)
File "C:\Windows\System32\jscript.dll" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mlang.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msimtf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\jscript9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msls31.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d2d1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\D3D10WARP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcacli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dsound.dll" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\atlthunk.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ctfmon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\MSCTFMONITOR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msutb.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGSYNCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGSYNCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\Taskmgr.exe" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\ImmersiveControlPanel\SYSTEMSETTINGS.EXE" is sparse (flags = 32768)
File "C:\Windows\ImmersiveControlPanel\SYSTEMSETTINGS.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ioqos.sys" is sparse (flags = 32768)
File "C:\Windows\System32\IEETWCOLLECTOR.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mqac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MsMpEng.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tunnel.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\NisSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wpcfltr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\APPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pla.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\iisw3adm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\w3logsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WCSPLUGINSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WSSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WSSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
------------ Kernel report ------------
     03/29/2016 21:21:03
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\System32\drivers\AtiPcie64.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avguniva.sys
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\avgwfpa.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\WINDOWS\System32\drivers\zamguard64.sys
\??\C:\WINDOWS\System32\drivers\zam64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\avgdiska.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\1394ohci.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\parport.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\AtihdWT6.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\HPub4DE3.sys
\SystemRoot\System32\drivers\HPMo4DE3.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\??\C:\Windows\system32\drivers\acedrv11.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\mqac.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\drivers\tunnel.sys
\??\C:\Windows\gdrv.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\cdrom.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
----------- End -----------
File "C:\Users\Craig\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-975849472-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 

 

RogueKiller V12.0.3.0 [Mar 21 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Craig [Administrator]
Started from : C:\Users\Craig\Desktop\RogueKiller.exe
Mode : Scan -- Date : 03/29/2016 23:03:37

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 13 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-572955093-3903481538-3187151276-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.WallPaper] (X64) HKEY_USERS\S-1-5-21-572955093-3903481538-3187151276-1001\Control Panel\Desktop | Wallpaper : C:\Windows\web\wallpaper\Windows\img0.jpg  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP][Folder] C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} -> Found
[PUP][Folder] C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500418AS ATA Device +++++
--- User ---
[MBR] 2f0846046f9d5f8bbbb0a2d2d33af94f
[BSP] 2d5f49e4100c420139d609c22f1f612c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476388 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975849472 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 



#11 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 30 March 2016 - 07:09 AM

Hi again,

 

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
==================================================================
Please run Farbar Service Scanner.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 Walrusface

Walrusface
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 30 March 2016 - 07:18 AM

Here are those logs:

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Craig (administrator) on 30-03-2016 at 13:11:45
Running from "C:\Users\Craig\Desktop"
Microsoft Windows 10 Home  (X64)
Model: GA-MA770T-UD3 Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1 prod.xcom.firaxis.com
127.0.0.1 65.118.245.165
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Craig-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Home

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 6C-F0-49-77-9D-5E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fd13:ca1e:94d7:0:bc42:56ee:a52d:3402(Preferred)
   Temporary IPv6 Address. . . . . . : fd13:ca1e:94d7:0:b9e8:745:67a8:ce9b(Preferred)
   Link-local IPv6 Address . . . . . : fe80::bc42:56ee:a52d:3402%6(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, March 28, 2016 10:40:25 PM
   Lease Expires . . . . . . . . . . : Thursday, March 31, 2016 12:51:15 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 242020425
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-B7-D4-76-6C-F0-49-77-9D-5E
   DNS Servers . . . . . . . . . . . : fd13:ca1e:94d7:0:7e4c:a5ff:fe7b:eee4
                                       192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Home:

   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.0.2%3(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 83886080
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-B7-D4-76-6C-F0-49-77-9D-5E
   DNS Servers . . . . . . . . . . . : fd13:ca1e:94d7:0:7e4c:a5ff:fe7b:eee4
                                       192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:f5:1f41:fd25:6d87(Preferred)
   Link-local IPv6 Address . . . . . : fe80::f5:1f41:fd25:6d87%2(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 134217728
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-B7-D4-76-6C-F0-49-77-9D-5E
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  fd13:ca1e:94d7:0:7e4c:a5ff:fe7b:eee4

Name:    google.com
Addresses:  2a00:1450:4009:811::200e
      216.58.213.174


Pinging google.com [216.58.213.174] with 32 bytes of data:
Reply from 216.58.213.174: bytes=32 time=26ms TTL=57
Reply from 216.58.213.174: bytes=32 time=26ms TTL=57

Ping statistics for 216.58.213.174:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 26ms, Maximum = 26ms, Average = 26ms
Server:  UnKnown
Address:  fd13:ca1e:94d7:0:7e4c:a5ff:fe7b:eee4

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
      2001:4998:44:204::a7
      2001:4998:58:c02::a9
      98.139.183.24
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=141ms TTL=51
Reply from 98.138.253.109: bytes=32 time=141ms TTL=51

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 141ms, Maximum = 141ms, Average = 141ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  6...6c f0 49 77 9d 5e ......Realtek PCIe GBE Family Controller
  3...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  1...........................Software Loopback Interface 1
  2...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.2     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.2    276
      192.168.0.2  255.255.255.255         On-link       192.168.0.2    276
    192.168.0.255  255.255.255.255         On-link       192.168.0.2    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.2    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  2    306 2001::/32                On-link
  2    306 2001:0:9d38:6ab8:f5:1f41:fd25:6d87/128
                                    On-link
  6    276 fd13:ca1e:94d7::/64      On-link
  6    276 fd13:ca1e:94d7:0:b9e8:745:67a8:ce9b/128
                                    On-link
  6    276 fd13:ca1e:94d7:0:bc42:56ee:a52d:3402/128
                                    On-link
  6    276 fe80::/64                On-link
  2    306 fe80::/64                On-link
  3    281 fe80::5efe:192.168.0.2/128
                                    On-link
  2    306 fe80::f5:1f41:fd25:6d87/128
                                    On-link
  6    276 fe80::bc42:56ee:a52d:3402/128
                                    On-link
  1    306 ff00::/8                 On-link
  6    276 ff00::/8                 On-link
  2    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/30/2016 12:51:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Craig-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/29/2016 01:00:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: ZAM.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.10586.122, time stamp: 0x56cc16f5
Exception code: 0xc000070a
Fault offset: 0x000ea1de
Faulting process id: 0x1ddc
Faulting application start time: 0xZAM.exe0
Faulting application path: ZAM.exe1
Faulting module path: ZAM.exe2
Report Id: ZAM.exe3
Faulting package full name: ZAM.exe4
Faulting package-relative application ID: ZAM.exe5

Error: (03/29/2016 12:51:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 44674281

Error: (03/29/2016 12:51:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 44674281

Error: (03/29/2016 12:51:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/28/2016 11:02:32 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/28/2016 10:13:22 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/28/2016 10:12:25 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {87e7b088-9be0-4859-a157-d1afbe24e283}

Error: (03/27/2016 05:28:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: FRST64.exe, version: 5.3.2016.1, time stamp: 0x56daf4cd
Faulting module name: FRST64.exe, version: 5.3.2016.1, time stamp: 0x56daf4cd
Exception code: 0xc0000005
Fault offset: 0x000000000006c44d
Faulting process id: 0x13cc
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3
Faulting package full name: FRST64.exe4
Faulting package-relative application ID: FRST64.exe5

Error: (03/27/2016 01:07:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15609


System errors:
=============
Error: (03/29/2016 11:35:58 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.

Error: (03/29/2016 11:35:17 PM) (Source: Service Control Manager) (User: )
Description: The User Data Access_105aa3a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/29/2016 11:35:17 PM) (Source: Service Control Manager) (User: )
Description: The User Data Storage_105aa3a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/29/2016 11:35:17 PM) (Source: Service Control Manager) (User: )
Description: The Contact Data_105aa3a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/29/2016 11:35:17 PM) (Source: Service Control Manager) (User: )
Description: The Sync Host_105aa3a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/29/2016 10:25:50 PM) (Source: Application Popup) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys

Error: (03/29/2016 01:18:30 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (03/29/2016 01:18:30 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (03/29/2016 01:04:36 PM) (Source: DCOM) (User: Craig-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Craig-PCCraigS-1-5-21-572955093-3903481538-3187151276-1001LocalHost (Using LRPC)Microsoft.WindowsStore_2016.29.13.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157

Error: (03/29/2016 12:27:24 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.


Microsoft Office Sessions:
=========================
Error: (03/30/2016 12:51:48 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Craig-PC)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2147023170

Error: (03/29/2016 01:00:51 PM) (Source: Application Error)(User: )
Description: ZAM.exe0.0.0.000000000ntdll.dll10.0.10586.12256cc16f5c000070a000ea1de1ddc01d189b18f762786C:\Program Files (x86)\Zemana AntiMalware\ZAM.exeC:\WINDOWS\SYSTEM32\ntdll.dll1856913d-770b-449d-9e19-606e7913bd99

Error: (03/29/2016 12:51:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 44674281

Error: (03/29/2016 12:51:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 44674281

Error: (03/29/2016 12:51:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/28/2016 11:02:32 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (03/28/2016 10:13:22 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (03/28/2016 10:12:25 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {87e7b088-9be0-4859-a157-d1afbe24e283}

Error: (03/27/2016 05:28:45 PM) (Source: Application Error)(User: )
Description: FRST64.exe5.3.2016.156daf4cdFRST64.exe5.3.2016.156daf4cdc0000005000000000006c44d13cc01d18845963861c7C:\Users\Craig\Desktop\FRST64.exeC:\Users\Craig\Desktop\FRST64.exeebaaecd9-35fb-40c9-a0a5-345992efd499

Error: (03/27/2016 01:07:53 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15609


CodeIntegrity Errors:
===================================
  Date: 2016-03-30 13:10:58.143
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-30 13:10:58.123
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-30 12:53:46.083
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-30 12:53:46.062
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-28 23:03:50.759
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-28 23:03:50.740
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-28 23:03:50.692
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-28 23:03:50.670
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-28 23:03:50.493
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-28 23:03:50.447
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


=========================== Installed Programs ============================

7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
Acquisition version 0.3a (HKLM-x32\...\{53E25C0C-0305-47BB-9884-F0F202297AF4}_is1) (Version: 0.3a - )
Acrobat.com (HKLM-x32\...\{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}) (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
ADRIFT (HKLM-x32\...\ST6UNST #2) (Version:  - )
ADRIFT Runner (HKLM-x32\...\ST6UNST #4) (Version:  - )
ADRIFT Runner 3.90 (HKLM-x32\...\ST6UNST #1) (Version:  - )
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Anno 2070 (HKLM-x32\...\Steam App 48240) (Version:  - Blue Byte)
Anomaly Warzone Earth Demo (HKLM-x32\...\{92EF36C0-BDBA-4137-AF67-BABA288E4793}_is1) (Version: 1 - 11 bit studios)
AOC UI Installer 3.1.0 (HKLM-x32\...\{87464284-11C8-4F83-88EC-E8013320B789}) (Version: 3.1.0 - VikingWorks)
Apple Application Support (HKLM-x32\...\{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}) (Version: 1.3.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
applicationupdater (HKCU\...\SOE-C:/Users/Craig/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version:  - Sony Online Entertainment)
Armored Warfare MyCom Beta (HKCU\...\Armored Warfare MyCom Beta) (Version: 1.57 - My.com B.V.)
Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version:  - Ubisoft Montreal)
Atom Zombie Smasher (HKLM-x32\...\Atom Zombie Smasher demo_is1) (Version:  - Blendo Games)
Atom Zombie Smasher Demo (HKLM-x32\...\Steam App 55050) (Version:  - )
Avadon: The Black Fortress (HKLM-x32\...\Steam App 112100) (Version:  - Spiderweb Software)
AVG (HKLM\...\{2B8ECD93-21E5-4FC5-9CA6-AD616C42BA63}) (Version: 16.51.7497 - AVG Technologies) Hidden
AVG (HKLM\...\AvgZen) (Version: 1.41.1.56922 - AVG Technologies)
AVG 2016 (HKLM\...\{ACC5B116-C09D-429E-9ACF-768FA52DC072}) (Version: 16.0.4545 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.51.7497 - AVG Technologies)
AVG Zen (HKLM\...\{CEDC1C27-A73A-4779-9121-DB77A8AE2003}) (Version: 1.41.29 - AVG Technologies) Hidden
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
AVStoDVD 2.8.3 (HKLM-x32\...\AVStoDVD) (Version: 2.8.3 - MrC)
Bastion - Demo (HKLM-x32\...\Steam App 107110) (Version:  - SUpergiant Games)
Batman: Arkham City™ (HKLM-x32\...\{57520FA0-A73E-4165-BCA2-D71000018301}) (Version: 1.0.0001.131 - WB Games) Hidden
Batman: Arkham City™ (HKLM-x32\...\{57520FA0-A73E-4165-BCA2-D71000038301}) (Version: 1.0.0003.131 - WB Games) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BB Manager (HKCU\...\fd70079a304fee67) (Version: 4.1.0.9 - BBLigue)
Bionic Dues (HKLM-x32\...\Steam App 238910) (Version:  - Arcen Games, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
BulletStorm (HKLM-x32\...\{45410935-B52C-468A-A836-0D1000018201}) (Version: 1.0.0001.130 - EA) Hidden
BulletStorm (HKLM-x32\...\{45410935-B52C-468A-A836-0D1000018202}) (Version: 1.0.0001.130 - EA) Hidden
championBuilder v0.4.0 (HKLM-x32\...\{B0C60A57-0353-498B-BDF0-AE83BFE3B4B9}_is1) (Version:  - zarzu)
Company of Heroes (HKLM-x32\...\Steam App 4560) (Version:  - Relic)
Creation Kit (HKLM-x32\...\Steam App 202480) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Darkest Dungeon (HKLM-x32\...\Steam App 262060) (Version:  - Red Hook Studios)
Dawngate (HKLM-x32\...\{1330926C-251C-414E-A681-F8CEF84899BC}) (Version: 182.23.92.0 - Electronic Arts, Inc.)
Dead State (HKLM-x32\...\Steam App 239840) (Version:  - DoubleBear Productions)
DEFCON Demo (HKLM-x32\...\Steam App 1522) (Version:  - Introversion Software)
Depth (HKLM-x32\...\Steam App 274940) (Version:  - Digital Confectioners)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 1.0.1.5 - DivX, Inc. )
Door Kickers Lite (HKLM-x32\...\{C5189049-AE5B-4B96-8D94-B9D3D8D384A3}) (Version: 0.0.31 - Kill House Games)
Driver Sweeper version 3.1.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.1.0 - Phyxion.net)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
EA Download Manager (HKLM-x32\...\EADM) (Version: 7.3.7.4 - Electronic Arts, Inc.)
EA Shared Game Component: Activation (HKLM-x32\...\{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}) (Version: 2.2.0 - Electronic Arts) Hidden
EA Shared Game Component: Activation (HKLM-x32\...\com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 2.2.0.62 - Electronic Arts)
EasySaver B9.0904.1  (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
EQ2MAP Updater 1.2.10 (HKLM-x32\...\EQ2MAP Updater) (Version: 1.2.10 - Johan Nilsson)
EverQuest II Extended (HKCU\...\SOE-EverQuest II Extended) (Version:  - Sony Online Entertainment)
Fable III (HKLM-x32\...\{4D53090A-CE35-42BD-B377-831000018301}) (Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
FMW 1 (HKLM\...\{0AB3CCB3-5C0B-4C65-9FA4-CFEF6283F7F1}) (Version: 1.62.2 - AVG Technologies) Hidden
gamelauncher-ps2-psg (HKCU\...\SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG) (Version:  - Sony Online Entertainment)
GamersFirst LIVE! (HKLM-x32\...\GamersFirst LIVE!) (Version:  - GamersFirst)
Gargoyle (HKLM-x32\...\Gargoyle) (Version:  - )
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HTML TADS Player Kit (HKLM-x32\...\htmltads.exe) (Version:  - )
Immersion Overhaul Mutator version v1.14 (HKLM-x32\...\{F6F43717-CC6A-4424-A20A-F3BC1378704E}_is1) (Version: v1.14 - dibbler67)
Inform 7 (HKLM-x32\...\Inform 7) (Version:  - )
Iron Sky Invasion Demo (HKLM-x32\...\Steam App 227960) (Version:  - )
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
K-Lite Mega Codec Pack 7.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
LAV Filters 0.65 (HKLM-x32\...\lavfilters_is1) (Version: 0.65 - Hendrik Leppkes)
LOOT (HKLM-x32\...\LOOT) (Version: 0.7.0 - LOOT Development Team)
LOTRO DefragSuite (HKLM-x32\...\{CE170507-2B4F-47EE-AFAF-7AFB17610CD3}) (Version: 1.2 - José Luis Orihuela Conde)
LOTRO Plugin Compendium (HKLM-x32\...\{3BF7818D-2482-4676-A237-915A11A97847}) (Version: 1.0.3 - Lunarwater)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marvel Heroes Advanced Settings (HKLM-x32\...\{70741578-B784-4F48-A62D-790344BD94BC}) (Version: 1.0.0 - zeCrazyEye)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MiniMod Collection v1.3 (HKCU\...\MiniMod Collection v1.3) (Version:  - )
Mozilla Firefox 45.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-GB)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
MySQL Connector/ODBC 3.51 (HKLM-x32\...\{0CB3C535-1171-4A20-B549-E2CB5DEB9723}) (Version: 3.51.12 - MySQL AB)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.55.0 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version:  - Timeslip)
Odium Demo (HKLM-x32\...\Odium Demo) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.9.13.22054 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Peggle Extreme (HKLM-x32\...\Steam App 3483) (Version:  - PopCap Games, Inc.)
PFPortChecker 1.0.32 (HKLM-x32\...\PFPortChecker) (Version: 1.0.32 - Portforward.com)
PlanetSide 2 (HKCU\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
PlanetSide 2 Beta (HKCU\...\SOE-PlanetSide 2 Beta) (Version:  - Sony Online Entertainment)
PoESkillTree - Ascendancy (HKLM-x32\...\{B5012C21-ECA4-41AF-ABD1-F549D019B7A9}_is1) (Version: 2.2.5 - PoESkillTree Team)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Project Zomboid Demo (HKLM-x32\...\Steam App 264910) (Version:  - Indie Stone Studios)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Python 2.7 comtypes-0.6.2 (HKLM-x32\...\comtypes-py2.7) (Version:  - )
Python 2.7 pywin32-217 (HKLM-x32\...\pywin32-py2.7) (Version:  - )
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Rags Player (HKLM-x32\...\{91A1BF2F-8789-488F-A329-DE2AC701DED9}) (Version: 3.00.0013 - Rags Game LLC)
Rags Suite (HKLM-x32\...\{4BC51DFE-96B7-45DC-ADDE-BD062DFF0265}) (Version: 2.3.0 - RagsGame)
Rags Suite (HKLM-x32\...\{81FB6438-7149-4F09-8741-7AEB12F479C7}) (Version: 2.2.8 - RagsGame)
Rags Suite (HKLM-x32\...\{CFD38873-626C-4A11-9BC6-AA1A0660563D}) (Version: 2.0.0 - RagsGame)
Rags Suite (HKLM-x32\...\{E50D4D29-C7B5-4136-AADE-D85794926840}) (Version: 2.4.0 - RagsGame)
Rainbow Six Siege - Closed Beta (HKLM-x32\...\Uplay Install 1001) (Version:  - Ubisoft)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5897 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
RESIDENT EVIL 5 Benchmark Version (HKLM-x32\...\{A2770F50-89C7-433E-8E19-7148B21172EB}) (Version: 1.00.0000 - CAPCOM CO., LTD.)
RGSS-RTP Standard (HKLM-x32\...\{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}) (Version: 1.0.0 - Enterbrain)
RIFT (HKCU\...\RIFT) (Version:  - Trion Worlds, Inc.)
Rochard Demo (HKLM-x32\...\Steam App 107830) (Version:  - )
Rodina (HKLM-x32\...\{D6405092-0D2E-43BA-8DBE-E05AF988D7FF}) (Version: 1.0.2 - Elliptic Games)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
RPGXP (HKLM-x32\...\{9B34CAC6-738F-4A20-B428-A115C3E3474C}) (Version: 1.0.0 - Enterbrain)
Screen Recorder (HKLM-x32\...\Screen Recorder_is1) (Version: 1.6 - Rylstim)
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Shadwen Demo (HKLM-x32\...\Steam App 435220) (Version:  - Frozenbyte)
Sid Meier's Ace Patrol (HKLM-x32\...\Steam App 244070) (Version:  - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)
Sid Meier's Civilization V SDK (HKLM-x32\...\Steam App 16830) (Version:  - Firaxis Games)
Sol Survivor Demo (HKLM-x32\...\Steam App 45010) (Version:  - Cadenza Interactive Games)
Solium Infernum Demo (HKLM-x32\...\{73B486A1-D997-461D-8C50-6FDEA8B765FE}) (Version:  - )
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 1.0.24.104.g92a22684 - Spotify AB)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Station Launcher (HKLM-x32\...\Station Launcher) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sunless Sea (HKLM-x32\...\Steam App 304650) (Version:  - Failbetter Games)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
System Requirements Lab (HKLM-x32\...\{92482FB3-C05B-41C6-89E7-75D985602A6E}) (Version: 4.1.72.0 - Husdawg, LLC)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{ADECE189-FC5A-43DA-BECF-F3AC5A74EEFB}) (Version: 6.1.6.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TextMaker Viewer (HKLM-x32\...\TextMaker Viewer) (Version:  - SoftMaker Software GmbH)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
theHunter (remove only) (HKLM-x32\...\theHunter) (Version:  - Expansive Worlds)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Universe at War Earth Assault (HKLM-x32\...\{D4658131-9D1A-4395-876D-968E38FE8ED5}) (Version: 1.00.0000 - Petroglyph) Hidden
Unstoppable Gorg Demo (HKLM-x32\...\Steam App 206290) (Version:  - )
Uplay (HKLM-x32\...\Uplay) (Version: 4.6 - Ubisoft)
Uplink (HKLM-x32\...\Uplink) (Version:  - )
VC80CRTRedist - 8.0.50727.4053 (HKLM-x32\...\{5EE7D259-D137-4438-9A5F-42F432EC0421}) (Version: 1.1.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.5.0 - Flagship Industries, Inc.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows Frotz (HKLM-x32\...\WindowsFrotz) (Version:  - )
Windows Glulxe (HKLM-x32\...\WinGlulxe) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.4 - win.rar GmbH)
WinZip 14.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}) (Version: 14.0.9029 - WinZip Computing, S.L. )
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 3.0.2.1 - Wrye & Wrye Bash Development Team)
wxPython 2.8.12.1 (unicode) for Python 2.7 (HKLM-x32\...\wxPython2.8-unicode-py27_is1) (Version: 2.8.12.1-unicode - Total Control Software)
XCOM 2 (HKLM-x32\...\Steam App 268500) (Version:  - Firaxis)
XCom Long War EW Mod version 1.0 (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: 1.0 - JohnnyLump)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XviD Video Codec (remove only) (HKLM-x32\...\XviD Video Codec) (Version:  - )
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.20.100 - Zemana Ltd.)

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 4094.49 MB
Available physical RAM: 2513.73 MB
Total Virtual: 6537.68 MB
Available Virtual: 4929.33 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.22 GB) (Free:77.53 GB) NTFS

========================= Users: ========================================

User accounts for \\CRAIG-PC

Administrator            ASPNET                   Craig                    
DefaultAccount           Guest                    


**** End of log ****
 

Farbar Service Scanner Version: 27-01-2016
Ran by Craig (administrator) on 30-03-2016 at 13:15:02
Running from "C:\Users\Craig\Desktop"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#13 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 30 March 2016 - 08:40 AM

Hi again,
 
Open an elevated command prompt (a command prompt opened with Admin Rights);

  • Enter the following command : net stop wuauserv
  • Enter the following command : net start wuauserv
  • Enter ''Exit''

Restart your computer
==================================================================================

Hosts File
Replace your current HOSTS file with a tweaked one, as the MVPS Host file, that restricts access to known bad sites improving your security.
It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer.

To do it:

  • Download hosts.zip and save it to your desktop
  • Right click the file you just downloaded on your desktop and select => Extract to "hosts\"
  • In the hosts folder on your desktop, double click on mvps.bat file to run the program
  • A prompt will appear, press any key to continue

A good source of information about safe computing is this topic by quietman7.

==================================================================================
Run FRST fixlist
 
Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt

start
C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
end

NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press the Fix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.

=============================================================================

Run Eset Online Scan

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option "Scan Archives" and Remove found threats is ticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
  • Also a log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

Edited by olgun52, 30 March 2016 - 08:52 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 Walrusface

Walrusface
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 30 March 2016 - 02:24 PM

ESET scan just finished. This is the FRST fixlog, and both the exported text and log.txt from ESET.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Craig (2016-03-30 14:58:34) Run:2
Running from C:\Users\Craig\Desktop
Loaded Profiles: Craig (Available Profiles: Craig & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
end
*****************

C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} => moved successfully
C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} => moved successfully

==== End of Fixlog 14:58:35 ====

 

C:\Program Files (x86)\Steam\SteamApps\common\Bullet Run\binaries\Win32\protection\themida\ProtectedBulletRun.exe    a variant of Win32/Packed.Themida suspicious application    cleaned by deleting
C:\Users\Craig\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-uk.cab    Win32/OpenCandy potentially unsafe application    deleted
C:\Users\Craig\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.01\agent\stub_data\askrt_en.cab    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    deleted
C:\Users\Craig\Documents\ageofconan-en.exe    a variant of Win32/Toolbar.Conduit.AI potentially unwanted application    deleted
C:\Users\Craig\Documents\asc-setup.exe    a variant of Win32/Toolbar.Widgi potentially unwanted application    deleted
C:\Users\Craig\Documents\RagsGames\setup.exe    Win32/Toolbar.Conduit.S potentially unwanted application    deleted
C:\Users\Craig\Documents\TADS\cbsidlm-cbsi118-Advanced_SystemCare-BP-10407614.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    cleaned by deleting
 

 

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5566c11622962942b192eaee6ed56577
# end=init
# utc_time=2016-03-30 02:00:54
# local_time=2016-03-30 03:00:54 (+0000, GMT Daylight Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 28821
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5566c11622962942b192eaee6ed56577
# end=updated
# utc_time=2016-03-30 02:05:24
# local_time=2016-03-30 03:05:24 (+0000, GMT Daylight Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=5566c11622962942b192eaee6ed56577
# engine=28821
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-03-30 07:14:58
# local_time=2016-03-30 08:14:58 (+0000, GMT Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1='AVG AntiVirus Free Edition'
# compatibility_mode=1057 16777213 100 100 26428 2454870 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 13169535 14635670 0 0
# scanned=586936
# found=7
# cleaned=7
# scan_time=18573
sh=346061C5B2CD704107F2FC674D2B34666156C057 ft=1 fh=1183a20a070826ba vn="a variant of Win32/Packed.Themida suspicious application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\Steam\SteamApps\common\Bullet Run\binaries\Win32\protection\themida\ProtectedBulletRun.exe"
sh=4D34BB639CC44CE0DEE37134638AFE1276DA53C6 ft=0 fh=0000000000000000 vn="Win32/OpenCandy potentially unsafe application (deleted)" ac=C fn="C:\Users\Craig\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-uk.cab"
sh=9E4138C80F3E4C6EF19D4E1B6E3ED4263640F333 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted)" ac=C fn="C:\Users\Craig\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.01\agent\stub_data\askrt_en.cab"
sh=E206D92938EF98EDC76345CC9BB31080D37782B8 ft=1 fh=3dcd6cabcce488aa vn="a variant of Win32/Toolbar.Conduit.AI potentially unwanted application (deleted)" ac=C fn="C:\Users\Craig\Documents\ageofconan-en.exe"
sh=03A7D97387FBF9BAC969A591B68A8EDC2D493417 ft=1 fh=02850d967aa2d2ec vn="a variant of Win32/Toolbar.Widgi potentially unwanted application (deleted)" ac=C fn="C:\Users\Craig\Documents\asc-setup.exe"
sh=C5B68C17A699E38506B793FDAE7406E5841FEE64 ft=1 fh=80aa2a0ac83ad06d vn="Win32/Toolbar.Conduit.S potentially unwanted application (deleted)" ac=C fn="C:\Users\Craig\Documents\RagsGames\setup.exe"
sh=4753D89650A73BB5FF94B8C61716DE2A5ECD8796 ft=1 fh=4888d5a0cb663a72 vn="a variant of Win32/CNETInstaller.B potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\Craig\Documents\TADS\cbsidlm-cbsi118-Advanced_SystemCare-BP-10407614.exe"
 



#15 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 30 March 2016 - 03:45 PM

Hi again.

 

Your machine is clean.

 

Thank you for your patience.  Please do the following:

In any case please download delfix to your desktop.

  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

You can do fllowing:
 
The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

to remove all but the most recently created Restore Point.

  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.

ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
 
Please take the time to carefully review this info contained below. Its invaluable.
Answers to common security questions - Best Practices

How Malware Spreads - How your system gets infected

Best Practices for Safe Computing - Prevention of Malware Infection

 

Some safety suggestions !

Best regards.wave.gif


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users