Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC riddled with malware plus SpyHunter [Solved]


  • This topic is locked This topic is locked

#1
peter plus

peter plus

    Member

  • Member
  • PipPipPip
  • 163 posts

My laptop is badly infected and to add fuel to the fire I downloaded Spyhunter 4 which I cant uninstall

My Malwarebytes trial period is finished.

Have attached OTL report.  help!!

 

 OTL logfile created on: 27/12/2014 12:03:55 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nigel\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17498)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.88 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 53.61% Memory free
4.57 Gb Paging File | 2.17 Gb Available in Paging File | 47.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 404.05 Gb Total Space | 287.28 Gb Free Space | 71.10% Space Free | Partition Type: NTFS
Drive D: | 60.00 Gb Total Space | 39.34 Gb Free Space | 65.56% Space Free | Partition Type: NTFS
Drive F: | 982.13 Mb Total Space | 554.16 Mb Free Space | 56.42% Space Free | Partition Type: FAT
Drive G: | 931.51 Gb Total Space | 358.69 Gb Free Space | 38.51% Space Free | Partition Type: NTFS
Drive H: | 980.22 Mb Total Space | 313.70 Mb Free Space | 32.00% Space Free | Partition Type: FAT
 
Computer Name: NIGEL-PC | User Name: Nigel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2014/12/27 12:03:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nigel\Downloads\OTL (4).exe
PRC - [2014/12/06 01:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/11/21 01:04:35 | 002,039,192 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2014/11/15 09:36:47 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/10/30 16:56:23 | 000,166,296 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2014/09/25 14:52:34 | 000,027,904 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\ace_engine.exe
PRC - [2014/09/03 19:39:18 | 000,196,504 | ---- | M] (APN LLC.) -- C:\Users\Nigel\AppData\Local\VNT\vntldr.exe
PRC - [2013/10/15 23:06:12 | 001,016,712 | ---- | M] (Flux Software LLC) -- C:\Users\Nigel\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2013/08/27 15:37:52 | 000,026,744 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\ace_update.exe
PRC - [2013/08/22 04:17:05 | 000,374,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2012/11/27 14:18:46 | 002,215,424 | ---- | M] () -- C:\Program Files (x86)\PHotkey\PHotkey.exe
PRC - [2012/10/23 17:07:02 | 003,471,872 | ---- | M] () -- C:\Program Files (x86)\PHotkey\POsd.exe
PRC - [2012/09/30 11:01:24 | 001,132,480 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012/09/30 11:00:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/09/01 17:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/09/01 17:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/08/08 17:10:10 | 007,536,128 | ---- | M] () -- C:\Program Files (x86)\PHotkey\GPMTray.exe
PRC - [2012/07/30 09:48:16 | 001,518,504 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
PRC - [2012/07/17 16:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 16:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/17 16:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/08 03:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2011/08/22 12:44:48 | 001,421,216 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
PRC - [2011/04/13 14:37:06 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
PRC - [2011/04/13 14:37:04 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
PRC - [2010/01/12 16:36:00 | 000,117,256 | ---- | M] () -- C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
PRC - [2009/12/18 14:38:18 | 000,345,608 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\PHotkey\HCSynApi.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/06 01:50:51 | 014,913,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
MOD - [2014/12/06 01:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/06 01:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/06 01:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/06 01:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/10/31 17:07:58 | 003,067,392 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
MOD - [2014/10/31 17:07:58 | 001,472,512 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
MOD - [2014/10/31 17:07:58 | 000,251,392 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
MOD - [2014/09/25 14:52:34 | 000,027,904 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\ace_engine.exe
MOD - [2014/01/28 11:57:20 | 000,061,952 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
MOD - [2014/01/28 11:57:20 | 000,053,248 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
MOD - [2014/01/28 11:57:20 | 000,040,448 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
MOD - [2014/01/28 11:57:20 | 000,036,352 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
MOD - [2013/08/27 15:37:52 | 000,026,744 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\ace_update.exe
MOD - [2013/03/29 09:57:10 | 000,018,944 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
MOD - [2013/01/29 16:20:40 | 000,082,944 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
MOD - [2013/01/29 16:20:40 | 000,066,048 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
MOD - [2012/06/08 10:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/08 03:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012/02/07 16:38:58 | 000,358,912 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
MOD - [2012/02/07 16:38:58 | 000,358,912 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
MOD - [2012/02/07 16:37:24 | 000,098,816 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
MOD - [2012/02/07 16:37:24 | 000,098,816 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
MOD - [2012/02/07 16:36:30 | 000,024,064 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd
MOD - [2012/02/07 16:36:30 | 000,024,064 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
MOD - [2012/02/07 16:36:08 | 000,111,616 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
MOD - [2012/02/07 16:36:08 | 000,111,616 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
MOD - [2012/02/07 16:35:46 | 000,110,080 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
MOD - [2012/02/07 16:35:46 | 000,110,080 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
MOD - [2011/07/15 19:38:22 | 000,674,816 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
MOD - [2011/07/15 19:38:22 | 000,674,816 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
MOD - [2011/07/15 19:38:12 | 000,966,144 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
MOD - [2011/07/15 19:38:12 | 000,966,144 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
MOD - [2011/07/15 19:38:06 | 000,670,720 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
MOD - [2011/07/15 19:38:06 | 000,670,720 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
MOD - [2011/07/15 19:38:00 | 000,746,496 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
MOD - [2011/07/15 19:38:00 | 000,746,496 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
MOD - [2011/07/15 19:37:48 | 000,981,504 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
MOD - [2011/07/15 19:37:48 | 000,981,504 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
MOD - [2011/07/15 19:34:26 | 000,479,744 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_html_vc.dll
MOD - [2011/07/15 19:34:26 | 000,479,744 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_html_vc.dll
MOD - [2011/07/15 19:34:16 | 000,730,112 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_adv_vc.dll
MOD - [2011/07/15 19:34:16 | 000,730,112 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_adv_vc.dll
MOD - [2011/07/15 19:34:10 | 003,165,184 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_core_vc.dll
MOD - [2011/07/15 19:34:10 | 003,165,184 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_core_vc.dll
MOD - [2011/07/15 19:33:40 | 000,122,368 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\wxbase28uh_net_vc.dll
MOD - [2011/07/15 19:33:40 | 000,122,368 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_net_vc.dll
MOD - [2011/07/15 19:33:38 | 001,300,992 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\wxbase28uh_vc.dll
MOD - [2011/07/15 19:33:38 | 001,300,992 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_vc.dll
MOD - [2011/06/12 13:09:18 | 000,720,896 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
MOD - [2011/06/12 13:09:18 | 000,720,896 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
MOD - [2011/06/12 13:09:18 | 000,038,400 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
MOD - [2011/06/12 13:09:18 | 000,038,400 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
MOD - [2011/06/12 13:06:24 | 000,152,576 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
MOD - [2011/06/12 13:06:24 | 000,152,576 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
MOD - [2011/06/12 13:06:22 | 000,287,232 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
MOD - [2011/06/12 13:06:22 | 000,287,232 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
MOD - [2011/06/12 13:06:22 | 000,106,496 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
MOD - [2011/06/12 13:06:22 | 000,011,776 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\select.pyd
MOD - [2011/06/12 13:06:22 | 000,011,776 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\select.pyd
MOD - [2011/06/12 13:06:20 | 000,688,128 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
MOD - [2011/02/13 15:02:12 | 000,031,232 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
MOD - [2011/01/18 21:56:22 | 000,334,336 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
MOD - [2011/01/18 21:56:22 | 000,334,336 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
MOD - [2010/10/10 22:23:52 | 000,723,968 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/12/27 11:07:42 | 001,025,920 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2014/10/31 04:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/07 01:54:27 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/09/22 03:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/09/22 03:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/08/16 03:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/08/16 00:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/08/16 00:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/07/24 07:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/03/14 06:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/03/08 05:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/03/06 07:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/02/22 15:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/02/22 09:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/02/22 09:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/02/22 09:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/02/22 09:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/12/10 07:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/08/22 11:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 11:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 11:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 11:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 11:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 10:36:01 | 000,321,024 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2013/08/22 10:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 10:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 09:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 09:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 09:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 09:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 09:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 09:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 09:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 09:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/09/24 15:03:12 | 001,153,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/09/24 15:02:54 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/09/24 15:02:42 | 000,617,776 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/09/24 15:02:16 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/09/13 03:33:50 | 000,731,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2012/08/15 16:08:14 | 000,135,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/04/20 13:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2008/05/07 23:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\SysNative\Crypserv.exe -- (Crypkey License)
SRV - [2014/10/30 16:56:23 | 000,166,296 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2014/08/16 03:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/03/14 06:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/10/03 23:43:02 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/08/22 03:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 02:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012/11/29 12:53:40 | 000,805,888 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe -- (GFNEXSrv)
SRV - [2012/09/30 11:01:24 | 001,132,480 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012/09/30 11:00:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012/09/01 17:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/07/30 09:48:16 | 001,518,504 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe -- (AHDDC2)
SRV - [2012/07/17 16:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 16:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/17 16:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/08/22 12:44:48 | 001,421,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe -- (ACT2_Service)
SRV - [2011/04/13 14:37:06 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 10 MS Service)
SRV - [2011/04/13 14:37:04 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 10 MS Monitor Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/27 11:07:46 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2014/10/13 02:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/10/13 02:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/10/13 02:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/10 01:58:57 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/09/22 03:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/09/22 03:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/09/22 02:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/08/15 00:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/07/24 15:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/07/24 15:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/07/24 11:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/05/01 13:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/03/20 03:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/13 12:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/08 20:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/02/22 15:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/02/22 15:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/02/22 15:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 15:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/02/22 12:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/12/04 18:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/10/26 01:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/05 15:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/10/03 23:42:44 | 004,185,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/09/30 04:11:07 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/30 03:58:53 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/09/26 09:08:22 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/09/26 09:08:22 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/09/04 18:03:50 | 003,345,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2013/08/22 13:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 13:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 12:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 12:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 12:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 12:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 12:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 12:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 12:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 12:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 12:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 12:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 12:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 12:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 12:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 12:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 12:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 12:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 12:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 12:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 12:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 12:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 12:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 12:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 12:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 12:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 12:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 12:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 12:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 11:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 11:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 11:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 11:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 11:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 11:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 11:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 11:38:30 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthA2DP.sys -- (BthA2DP)
DRV:64bit: - [2013/08/22 11:38:26 | 000,032,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthHfAud.sys -- (BthHFAud)
DRV:64bit: - [2013/08/22 11:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 11:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 11:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 11:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 11:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 11:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 11:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 11:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 11:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 11:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 11:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 11:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 11:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 11:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 08:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 23:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 00:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 18:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 19:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 14:46:17 | 000,591,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/01 13:41:40 | 001,337,216 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012/09/21 08:55:40 | 000,457,528 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/09/21 08:55:40 | 000,044,344 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/09/21 08:55:38 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/09/13 03:35:08 | 000,162,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/09/01 17:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/06 10:07:08 | 000,068,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2012/07/02 14:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/25 09:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/19 07:40:52 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/13 17:24:00 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2008/03/17 17:12:26 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV - [2011/06/10 02:19:52 | 000,015,160 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys -- (ACT2PM)
DRV - [2009/09/11 13:11:46 | 000,014,344 | ---- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys -- (PEGAGFN)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {E1E217CF-1AC3-41A8-9F94-597A22387CF3}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{8167DD58-A87D-47B0-9018-25695DBB852E}: "URL" = http://www.bing.com/...E10TR&pc=MALNJS
IE - HKCU\..\SearchScopes\{E1E217CF-1AC3-41A8-9F94-597A22387CF3}: "URL" = https://uk.search.ya...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.1.7.2: C:\Users\Nigel\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - default_search_provider: 3D7EBA780377A8A40D78D2E4C03B277F2886E2B8EFEA03499BB7F0ED19B8895E (Enabled)
CHR - default_search_provider: search_url = A3F53BB4EE73130E965FB043ADBDC8F9BAF77330CC4203C135FBF23285A952AB
CHR - default_search_provider: suggest_url = 
CHR - homepage: C422AE0CC1956B4155A2B6144EE5074EFA761986C91A3DFE352D4D1F598D8655
CHR - Extension: Google Docs = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.8_0\
CHR - Extension: Google Search = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: TLDR = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\giepilabiomhlcmlefmbfkgeoccfhhhc\159\
CHR - Extension: Magic Player = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio\1.1.36_0\
CHR - Extension: AS Magic Player = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\
CHR - Extension: Google Wallet = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/08/22 13:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VNT] C:\Program Files (x86)\VNT\vntldr.exe (APN LLC.)
O4 - HKLM..\Run: [YouCam Service] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AceStream] C:\Users\Nigel\AppData\Roaming\ACEStream\engine\ace_engine.exe ()
O4 - HKCU..\Run: [F.lux] C:\Users\Nigel\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [uTorrent] C:\Users\Nigel\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ConfirmFileDelete = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O9:64bit: - Extra Button: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.co...4513-44482-14/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.co...4513-44482-14/4 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66CB41A6-C2E0-4E78-8A4C-EF22656AF993}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/12/27 11:08:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e5dccb2a-8a7c-11e4-bf47-606c66baf86e}\Shell - "" = AutoRun
O33 - MountPoints2\{e5dccb2a-8a7c-11e4-bf47-606c66baf86e}\Shell\AutoRun\command - "" = "I:\Startme.exe" 
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/27 11:08:32 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\Enigma Software Group
[2014/12/27 11:08:28 | 000,000,000 | ---D | C] -- C:\Users\Nigel\Start Menu
[2014/12/27 11:08:22 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2014/12/27 11:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/12/26 18:45:24 | 000,261,056 | ---- | C] (BitDefender) -- C:\WINDOWS\SysNative\drivers\avchv.sys
[2014/12/26 18:40:42 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\QuickScan
[2014/12/26 16:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2014/12/24 14:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TLDR
[2014/12/24 14:30:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouetubeAdBlockee
[2014/12/24 14:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\1032840937467210185
[2014/12/24 14:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BuuyNsave
[2014/12/24 14:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\oemkbagpgddchkpbijjdmakpihnphepc
[2014/12/22 17:55:52 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Local\MPlayer
[2014/12/22 17:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UMPlayer
[2014/12/10 22:59:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\appraiser
[2014/12/01 10:42:48 | 000,000,000 | -HSD | C] -- C:\Users\Nigel\AppData\Local\EmieBrowserModeList
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/27 12:06:05 | 000,865,408 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/12/27 12:06:05 | 000,736,970 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/12/27 12:06:05 | 000,140,352 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/12/27 12:01:06 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/12/27 11:59:40 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/27 11:59:07 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/12/27 11:58:51 | 3336,114,176 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/27 11:42:01 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/27 11:08:47 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/12/27 11:08:28 | 000,001,107 | ---- | M] () -- C:\Users\Nigel\Desktop\SpyHunter.lnk
[2014/12/27 11:07:46 | 000,022,704 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\EsgScanner.sys
[2014/12/26 20:19:33 | 000,135,658 | ---- | M] () -- C:\Users\Nigel\AppData\Local\census.cache
[2014/12/26 20:19:29 | 000,085,130 | ---- | M] () -- C:\Users\Nigel\AppData\Local\ars.cache
[2014/12/26 20:16:57 | 000,000,010 | ---- | M] () -- C:\Users\Nigel\AppData\Local\sponge.last.runtime.cache
[2014/12/26 20:11:35 | 000,000,036 | ---- | M] () -- C:\Users\Nigel\AppData\Local\housecall.guid.cache
[2014/12/26 20:08:48 | 000,098,176 | ---- | M] () -- C:\ProgramData\1419624488.bdinstall.bin
[2014/12/26 20:08:08 | 000,037,670 | ---- | M] () -- C:\ProgramData\1419624472.bdinstall.bin
[2014/12/26 18:49:07 | 000,248,096 | ---- | M] () -- C:\ProgramData\1419619243.bdinstall.bin
[2014/12/24 16:30:06 | 000,001,691 | ---- | M] () -- C:\Users\Nigel\Desktop\Pod.prikritie.S02E01.lnk
[2014/12/12 09:43:31 | 000,002,207 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/01 10:29:34 | 000,000,355 | ---- | M] () -- C:\Users\Nigel\Desktop\Homegroup - Shortcut.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/27 11:08:47 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/12/27 11:08:27 | 000,001,107 | ---- | C] () -- C:\Users\Nigel\Desktop\SpyHunter.lnk
[2014/12/27 11:07:46 | 000,022,704 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\EsgScanner.sys
[2014/12/26 20:19:33 | 000,135,658 | ---- | C] () -- C:\Users\Nigel\AppData\Local\census.cache
[2014/12/26 20:19:29 | 000,085,130 | ---- | C] () -- C:\Users\Nigel\AppData\Local\ars.cache
[2014/12/26 20:16:57 | 000,000,010 | ---- | C] () -- C:\Users\Nigel\AppData\Local\sponge.last.runtime.cache
[2014/12/26 20:11:35 | 000,000,036 | ---- | C] () -- C:\Users\Nigel\AppData\Local\housecall.guid.cache
[2014/12/26 20:08:48 | 000,098,176 | ---- | C] () -- C:\ProgramData\1419624488.bdinstall.bin
[2014/12/26 20:08:08 | 000,037,670 | ---- | C] () -- C:\ProgramData\1419624472.bdinstall.bin
[2014/12/26 18:49:07 | 000,248,096 | ---- | C] () -- C:\ProgramData\1419619243.bdinstall.bin
[2014/12/24 16:30:06 | 000,001,691 | ---- | C] () -- C:\Users\Nigel\Desktop\Pod.prikritie.S02E01.lnk
[2014/12/01 10:29:34 | 000,000,355 | ---- | C] () -- C:\Users\Nigel\Desktop\Homegroup - Shortcut.lnk
[2014/05/01 13:50:15 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/04/29 18:18:31 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/11/12 13:50:08 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2013/11/12 13:49:32 | 000,000,074 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2013/11/12 13:49:29 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2013/11/12 13:49:29 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2013/11/12 13:49:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2013/10/03 23:42:46 | 000,343,040 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013/10/03 23:42:40 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013/10/03 23:42:38 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/09/04 12:50:53 | 000,000,855 | ---- | C] () -- C:\Users\Nigel\µTorrent.lnk
[2013/08/22 15:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 15:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 14:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 07:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 03:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 23:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 23:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/04/09 11:39:47 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/04/09 10:53:26 | 000,872,086 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/04/09 10:30:38 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2013/04/09 10:30:31 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/31 00:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/30 22:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 09:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 02:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 09:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/12/21 20:39:58 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\.ACEStream
[2013/10/24 17:47:06 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\ACEStream
[2014/05/31 22:39:56 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\Ashampoo
[2014/09/30 08:01:42 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\Audacity
[2014/12/27 11:08:32 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\Enigma Software Group
[2014/12/26 18:41:14 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\QuickScan
[2014/08/03 11:30:56 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\Search Protection
[2014/10/26 16:18:35 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\StreamTorrent
[2014/12/26 16:44:56 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\uTorrent
[2013/08/27 20:06:38 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 237 bytes -> C:\Users\Nigel\SkyDrive:ms-properties
 
< End of report >
 

  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, as you are running Windows 8 we'll need to use a different tool to get a look at your system and see what's going on. :)


Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

  • 0

#3
peter plus

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 163 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by Nigel (administrator) on NIGEL-PC on 27-12-2014 18:47:49
Running from C:\Users\Nigel\Downloads
Loaded Profile: Nigel (Available profiles: Nigel)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Flux Software LLC) C:\Users\Nigel\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Users\Nigel\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(APN LLC.) C:\Users\Nigel\AppData\Local\VNT\vntldr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Users\Nigel\AppData\Roaming\ACEStream\updater\ace_update.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Nigel\Downloads\FRST64 (2).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258592 2012-11-27] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-21] (APN)
HKLM-x32\...\Run: [VNT] => C:\Program Files (x86)\VNT\vntldr.exe [196504 2014-09-03] (APN LLC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\Run: [F.lux] => C:\Users\Nigel\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\Run: [AceStream] => C:\Users\Nigel\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-09-25] ()
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\Run: [uTorrent] => C:\Users\Nigel\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-21] (BitTorrent Inc.)
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\MountPoints2: {e5dccb2a-8a7c-11e4-bf47-606c66baf86e} - "I:\Startme.exe" 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
SearchScopes: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001 -> DefaultScope {E1E217CF-1AC3-41A8-9F94-597A22387CF3} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001 -> {E1E217CF-1AC3-41A8-9F94-597A22387CF3} URL = https://uk.search.ya...p={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-4040141387-3011007431-2631040067-1001: @acestream.net/acestreamplugin,version=2.1.7.2 -> C:\Users\Nigel\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-27]
CHR Extension: (Google Drive) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-27]
CHR Extension: (Adblock Plus) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-13]
CHR Extension: (Google Search) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-27]
CHR Extension: (TLDR) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\giepilabiomhlcmlefmbfkgeoccfhhhc [2014-12-24]
CHR Extension: (Magic Player) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio [2013-10-24]
CHR Extension: (AS Magic Player) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-09-29]
CHR Extension: (Google Wallet) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (Gmail) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-27]
CHR Extension: (BuuyNsave) - C:\ProgramData\oemkbagpgddchkpbijjdmakpihnphepc\ [2013-08-27]
CHR HKLM\...\Chrome\Extension: [aaaajabnoiehionljhjpclogplgillib] - C:\ProgramData\AskPartnerNetwork\Toolbar\CME-V7\CRX\ToolbarCR.crx [2014-11-27]
CHR HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\Chrome\Extension: [kpckgflgdapkpabemgkielbefdildaio] - C:\Users\Nigel\AppData\Roaming\ACEStream\extensions\chrome_new\magicplayer.crx [2013-10-10]
CHR HKLM-x32\...\Chrome\Extension: [aaaajabnoiehionljhjpclogplgillib] - C:\ProgramData\AskPartnerNetwork\Toolbar\CME-V7\CRX\ToolbarCR.crx [2014-11-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] ()
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.)
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
S2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2014-12-27] (Enigma Software Group USA, LLC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] ()
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-12-27] ()
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-27 18:47 - 2014-12-27 18:48 - 00017350 _____ () C:\Users\Nigel\Downloads\FRST.txt
2014-12-27 18:47 - 2014-12-27 18:47 - 02122752 _____ (Farbar) C:\Users\Nigel\Downloads\FRST64 (2).exe
2014-12-27 18:47 - 2014-12-27 18:47 - 00000000 ____D () C:\FRST
2014-12-27 18:46 - 2014-12-27 18:46 - 01114624 _____ (Farbar) C:\Users\Nigel\Downloads\FRST.exe
2014-12-27 18:45 - 2014-12-27 18:45 - 02122752 _____ (Farbar) C:\Users\Nigel\Downloads\FRST64 (1).exe
2014-12-27 12:37 - 2014-12-27 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-12-27 12:15 - 2014-12-27 12:15 - 00092502 _____ () C:\Users\Nigel\Downloads\Extras.Txt
2014-12-27 12:14 - 2014-12-27 12:14 - 00133242 _____ () C:\Users\Nigel\Downloads\OTL.Txt
2014-12-27 12:03 - 2014-12-27 12:03 - 00602112 _____ (OldTimer Tools) C:\Users\Nigel\Downloads\OTL (4).exe
2014-12-27 12:03 - 2014-12-27 12:03 - 00602112 _____ (OldTimer Tools) C:\Users\Nigel\Downloads\OTL (3).exe
2014-12-27 12:03 - 2014-12-27 12:03 - 00602112 _____ (OldTimer Tools) C:\Users\Nigel\Downloads\OTL (2).exe
2014-12-27 11:51 - 2014-12-27 11:51 - 00602112 _____ (OldTimer Tools) C:\Users\Nigel\Downloads\OTL (1).exe
2014-12-27 11:50 - 2014-12-27 11:50 - 00602632 _____ () C:\Users\Nigel\Downloads\Unconfirmed 281224.crdownload
2014-12-27 11:45 - 2014-12-27 11:45 - 00347816 _____ (Microsoft Corporation) C:\Users\Nigel\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.1343107777377621.1.1.Run.exe
2014-12-27 11:08 - 2014-12-27 11:08 - 00003326 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2014-12-27 11:08 - 2014-12-27 11:08 - 00001107 _____ () C:\Users\Nigel\Desktop\SpyHunter.lnk
2014-12-27 11:08 - 2014-12-27 11:08 - 00000000 ____D () C:\Users\Nigel\AppData\Roaming\Enigma Software Group
2014-12-27 11:08 - 2014-12-27 11:08 - 00000000 ____D () C:\sh4ldr
2014-12-27 11:08 - 2014-12-27 11:08 - 00000000 _____ () C:\autoexec.bat
2014-12-27 11:07 - 2014-12-27 11:07 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Nigel\Downloads\SpyHunter-Installer.exe
2014-12-27 11:07 - 2014-12-27 11:07 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2014-12-27 11:07 - 2014-12-27 11:07 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-12-26 20:19 - 2014-12-26 20:19 - 00135658 _____ () C:\Users\Nigel\AppData\Local\census.cache
2014-12-26 20:19 - 2014-12-26 20:19 - 00085130 _____ () C:\Users\Nigel\AppData\Local\ars.cache
2014-12-26 20:16 - 2014-12-26 20:16 - 00000010 _____ () C:\Users\Nigel\AppData\Local\sponge.last.runtime.cache
2014-12-26 20:11 - 2014-12-26 20:11 - 02073112 _____ (Trend Micro Inc.) C:\Users\Nigel\Downloads\HousecallLauncher.exe
2014-12-26 20:11 - 2014-12-26 20:11 - 00000036 _____ () C:\Users\Nigel\AppData\Local\housecall.guid.cache
2014-12-26 20:08 - 2014-12-26 20:08 - 00098176 _____ () C:\ProgramData\1419624488.bdinstall.bin
2014-12-26 20:08 - 2014-12-26 20:08 - 00037670 _____ () C:\ProgramData\1419624472.bdinstall.bin
2014-12-26 18:49 - 2014-12-26 18:49 - 00248096 _____ () C:\ProgramData\1419619243.bdinstall.bin
2014-12-26 18:45 - 2014-12-26 18:45 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-12-26 18:45 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2014-12-26 18:40 - 2014-12-26 18:41 - 00000000 ____D () C:\Users\Nigel\AppData\Roaming\QuickScan
2014-12-26 18:39 - 2014-12-26 18:40 - 10447328 _____ () C:\Users\Nigel\Downloads\Antivirus_Free_Edition_x64.exe
2014-12-26 18:39 - 2014-12-26 18:39 - 00162208 _____ () C:\Users\Nigel\Downloads\Antivirus_Free_Edition.exe
2014-12-26 16:12 - 2014-12-26 16:17 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nigel\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-26 16:00 - 2014-12-26 16:31 - 00000000 ____D () C:\Users\Nigel\Downloads\Downton.Abbey.S05.Christmas.Special.HDTV.x264-RiVER[ettv]
2014-12-26 16:00 - 2014-12-26 16:00 - 00049134 _____ () C:\Users\Nigel\Downloads\[kickass.so]downton.abbey.s05.christmas.special.hdtv.x264.river.ettv.torrent
2014-12-25 12:15 - 2014-12-25 12:15 - 00012768 _____ () C:\Users\Nigel\Downloads\173193-pod.prikritie.episode.2.1._2011_.eng.1cd._5220711_ (2).zip
2014-12-25 12:15 - 2014-12-25 12:15 - 00012768 _____ () C:\Users\Nigel\Downloads\173193-pod.prikritie.episode.2.1._2011_.eng.1cd._5220711_ (1).zip
2014-12-25 12:14 - 2014-12-25 12:14 - 01263808 _____ () C:\Users\Nigel\Downloads\pod-prikritie-s02e01-english-subtitle (2).exe
2014-12-25 12:13 - 2014-12-25 12:14 - 01263808 _____ () C:\Users\Nigel\Downloads\pod-prikritie-s02e01-english-subtitle (1).exe
2014-12-25 12:13 - 2014-12-25 12:13 - 01263808 _____ () C:\Users\Nigel\Downloads\pod-prikritie-s02e01-english-subtitle.exe
2014-12-24 16:30 - 2014-12-24 16:30 - 00001691 _____ () C:\Users\Nigel\Desktop\Pod.prikritie.S02E01.lnk
2014-12-24 16:23 - 2014-12-24 16:23 - 00012768 _____ () C:\Users\Nigel\Downloads\173193-pod.prikritie.episode.2.1._2011_.eng.1cd._5220711_.zip
2014-12-24 14:30 - 2014-12-26 16:44 - 00000000 ____D () C:\Program Files (x86)\YouetubeAdBlockee
2014-12-24 14:30 - 2014-12-25 15:20 - 00000000 ____D () C:\Program Files (x86)\TLDR
2014-12-24 14:29 - 2014-12-26 16:44 - 00000000 ____D () C:\Program Files (x86)\BuuyNsave
2014-12-24 14:29 - 2014-12-24 14:29 - 00000000 ____D () C:\ProgramData\1032840937467210185
2014-12-24 14:28 - 2014-12-24 14:28 - 00000000 ____D () C:\ProgramData\oemkbagpgddchkpbijjdmakpihnphepc
2014-12-24 14:18 - 2014-12-24 14:18 - 00012696 _____ () C:\Users\Nigel\Downloads\82ccc425770ea347f7c3fc21e91fc781b6d2bc93 (1).zip
2014-12-24 14:16 - 2014-12-24 14:16 - 00012696 _____ () C:\Users\Nigel\Downloads\82ccc425770ea347f7c3fc21e91fc781b6d2bc93.zip
2014-12-24 10:09 - 2014-12-24 14:19 - 00000000 ____D () C:\Users\Nigel\Downloads\Pod.Prikritie.S02.WEB-DL.XviD-ZmN
2014-12-24 10:09 - 2014-12-24 10:09 - 00016805 _____ () C:\Users\Nigel\Downloads\[kickass.so]pod.prikritie.s02.web.dl.xvid.zmn.torrent
2014-12-23 20:12 - 2014-12-23 20:12 - 00013768 _____ () C:\Users\Nigel\Downloads\e5ad0792730009a6975c6fea34e52c019978813f.zip
2014-12-23 19:14 - 2014-12-23 19:14 - 00013327 _____ () C:\Users\Nigel\Downloads\f837647c3f3106e51cf2e0ee3d0631e57a341faa.zip
2014-12-23 17:59 - 2014-12-23 17:59 - 00016688 _____ () C:\Users\Nigel\Downloads\a9b28f0d33187495f6467ac5c217fbad51997359 (1).zip
2014-12-23 17:11 - 2014-12-23 17:11 - 00016688 _____ () C:\Users\Nigel\Downloads\a9b28f0d33187495f6467ac5c217fbad51997359.zip
2014-12-23 16:13 - 2014-12-23 16:13 - 00013438 _____ () C:\Users\Nigel\Downloads\672a41e16a49fc0a9a24fe52519dcf93ad87f2ef.zip
2014-12-23 10:37 - 2014-12-23 10:37 - 00013573 _____ () C:\Users\Nigel\Downloads\f1bb70eef9597b0158fa324b48c2162fd022c611 (1).zip
2014-12-23 10:36 - 2014-12-23 10:36 - 00013573 _____ () C:\Users\Nigel\Downloads\f1bb70eef9597b0158fa324b48c2162fd022c611.zip
2014-12-23 09:25 - 2014-12-23 09:25 - 00013724 _____ () C:\Users\Nigel\Downloads\200810d9f5df27ed2d95a61579a8045bec38abe9.zip
2014-12-23 08:26 - 2014-12-23 08:26 - 00013321 _____ () C:\Users\Nigel\Downloads\65477b91711d40ff7e75cd4ce1772f5862fafa5c.zip
2014-12-22 22:31 - 2014-12-22 22:31 - 00012101 _____ () C:\Users\Nigel\Downloads\114e66752334af2e8ee0b961e6a275050cbea7ac.zip
2014-12-22 21:31 - 2014-12-22 21:32 - 00014908 _____ () C:\Users\Nigel\Downloads\333148da5eabd03e39b00b9d523e3592d387f2f3 (1).zip
2014-12-22 21:31 - 2014-12-22 21:31 - 00012344 _____ () C:\Users\Nigel\Downloads\b62910ee4c5900bb0f6377f61a1ea7035276417c (1).zip
2014-12-22 21:30 - 2014-12-22 21:30 - 00014908 _____ () C:\Users\Nigel\Downloads\333148da5eabd03e39b00b9d523e3592d387f2f3.zip
2014-12-22 20:32 - 2014-12-22 20:32 - 00012344 _____ () C:\Users\Nigel\Downloads\b62910ee4c5900bb0f6377f61a1ea7035276417c.zip
2014-12-22 19:27 - 2014-12-22 19:27 - 00014668 _____ () C:\Users\Nigel\Downloads\Pod-prikritie-01x02-episode-2-TBO-English-orig.zip
2014-12-22 17:55 - 2014-12-22 17:55 - 00000000 ____D () C:\Users\Nigel\AppData\Local\MPlayer
2014-12-22 17:54 - 2014-12-22 18:07 - 00000000 ____D () C:\Program Files (x86)\UMPlayer
2014-12-22 17:49 - 2014-12-22 17:49 - 00012025 _____ () C:\Users\Nigel\Downloads\0080f96a485976896d659045de687a62f32cd3c5 (1).zip
2014-12-22 17:26 - 2014-12-22 17:26 - 00012025 _____ () C:\Users\Nigel\Downloads\0080f96a485976896d659045de687a62f32cd3c5.zip
2014-12-22 15:45 - 2014-12-23 20:13 - 00000000 ____D () C:\Users\Nigel\Downloads\Pod.Prikritie.S01.WEB-DL.XviD-TBO
2014-12-22 15:43 - 2014-12-22 15:43 - 00015239 _____ () C:\Users\Nigel\Downloads\[kickass.so]pod.prikritie.s01.web.dl.xvid.tbo.torrent
2014-12-22 15:26 - 2014-12-22 17:57 - 00000000 ____D () C:\Users\Nigel\Downloads\Strike Back - Season 1
2014-12-22 15:25 - 2014-12-22 15:25 - 00016501 _____ () C:\Users\Nigel\Downloads\[kickass.so]strike.back.season.1.torrent
2014-12-22 11:32 - 2014-12-22 11:38 - 350813661 _____ () C:\Users\Nigel\Downloads\Fleming.The.Man.Who.Would.Be.Bond.Part1.HDTV.x264-BWB.mp4
2014-12-22 11:31 - 2014-12-22 11:39 - 287989450 _____ () C:\Users\Nigel\Downloads\Fleming.The.Man.Who.Would.Be.Bond.Part.4.HDTV.x264-BATV.mp4
2014-12-22 11:31 - 2014-12-22 11:33 - 00000000 ____D () C:\Users\Nigel\Downloads\Fleming.S01E03.720p.WEB-DL.DD5.1.H.264-NTb [PublicHD]
2014-12-22 11:31 - 2014-12-22 11:31 - 00013878 _____ () C:\Users\Nigel\Downloads\[kickass.so]fleming.the.man.who.would.be.bond.part1.hdtv.x264.bwb.eztv.torrent
2014-12-22 11:31 - 2014-12-22 11:31 - 00011480 _____ () C:\Users\Nigel\Downloads\[kickass.so]fleming.the.man.who.would.be.bond.part.4.hdtv.x264.batv.eztv.torrent
2014-12-22 11:30 - 2014-12-22 11:35 - 281893530 _____ () C:\Users\Nigel\Downloads\Fleming.The.Man.Who.Would.Be.Bond.Part.2.HDTV.x264-BATV.mp4
2014-12-22 11:30 - 2014-12-22 11:31 - 00000000 ____D () C:\Users\Nigel\Downloads\Fleming.S01E01.720p.WEB-DL.DD5.1.H.264-NTb [PublicHD]
2014-12-22 11:30 - 2014-12-22 11:30 - 00011240 _____ () C:\Users\Nigel\Downloads\[kickass.so]fleming.the.man.who.would.be.bond.part.2.hdtv.x264.batv.eztv.torrent
2014-12-22 11:30 - 2014-12-22 11:30 - 00007559 _____ () C:\Users\Nigel\Downloads\[kickass.so]fleming.s01e03.720p.web.dl.dd5.1.h.264.ntb.publichd.torrent
2014-12-22 11:29 - 2014-12-22 11:29 - 00008059 _____ () C:\Users\Nigel\Downloads\[kickass.so]fleming.s01e01.720p.web.dl.dd5.1.h.264.ntb.publichd.torrent
2014-12-22 09:15 - 2014-12-22 09:15 - 00026281 _____ () C:\Users\Nigel\Downloads\[kickass.so]the.affair.s01e10.webrip.x264.kyr.ettv.torrent
2014-12-20 13:27 - 2014-12-20 13:27 - 00028305 _____ () C:\Users\Nigel\Downloads\[kickass.so]the.affair.s01e09.hdtv.x264.killers.ettv.torrent
2014-12-20 13:26 - 2014-12-20 13:26 - 00081216 _____ () C:\Users\Nigel\Downloads\[kickass.so]the.affair.s01e08.720p.hdtv.x264.killers.rartv.torrent
2014-12-20 13:25 - 2014-12-20 13:25 - 00015111 _____ () C:\Users\Nigel\Downloads\[kickass.so]the.affair.s01e07.hdtv.x264.killers.eztv.torrent
2014-12-20 13:24 - 2014-12-20 13:24 - 00029055 _____ () C:\Users\Nigel\Downloads\[kickass.so]the.affair.s01e06.hdtv.x264.killers.ettv.torrent
2014-12-20 13:21 - 2014-12-20 13:21 - 00016371 _____ () C:\Users\Nigel\Downloads\[kickass.so]the.affair.s01e05.hdtv.x264.killers.eztv.torrent
2014-12-20 13:20 - 2014-12-20 13:20 - 00014879 _____ () C:\Users\Nigel\Downloads\[kickass.so]the.affair.s01e04.hdtv.x264.killers.eztv.torrent
2014-12-20 13:19 - 2014-12-20 13:19 - 00013971 _____ () C:\Users\Nigel\Downloads\[kickass.so]the.affair.s01e03.hdtv.x264.killers.eztv.torrent
2014-12-20 13:18 - 2014-12-20 13:18 - 00028729 _____ () C:\Users\Nigel\Downloads\[kickass.so]the.affair.s01e02.hdtv.x264.killers.ettv.torrent
2014-12-20 13:17 - 2014-12-20 13:17 - 00019076 _____ () C:\Users\Nigel\Downloads\[kickass.so]the.affair.s01e01.hdtv.x264.batv.eztv.torrent
2014-12-19 19:45 - 2014-10-30 22:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-19 19:45 - 2014-10-30 22:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-16 17:59 - 2014-12-16 17:59 - 00015008 _____ () C:\Users\Nigel\Downloads\Alex.rss
2014-12-10 22:59 - 2014-12-10 22:59 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-10 09:24 - 2014-10-30 23:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-10 09:24 - 2014-10-30 23:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-10 09:23 - 2014-12-03 23:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-10 09:23 - 2014-12-03 23:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-10 09:23 - 2014-12-02 23:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-10 09:23 - 2014-12-02 23:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-10 09:23 - 2014-12-02 23:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-10 09:23 - 2014-12-02 23:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-10 09:23 - 2014-12-02 23:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-10 09:23 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 09:23 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 09:23 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 09:23 - 2014-11-22 02:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-10 09:23 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 09:23 - 2014-11-22 02:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 09:23 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 09:23 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 09:23 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 09:23 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 09:23 - 2014-11-22 02:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-10 09:23 - 2014-11-22 02:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-10 09:23 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 09:23 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-10 09:23 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 09:23 - 2014-11-22 01:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-10 09:23 - 2014-11-22 01:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 09:23 - 2014-11-22 01:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-10 09:23 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 09:23 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 09:23 - 2014-11-22 01:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 09:23 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 09:23 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 09:23 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 09:23 - 2014-11-22 01:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-10 09:23 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 09:23 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 09:23 - 2014-11-22 01:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-10 09:23 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 09:23 - 2014-11-22 01:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-10 09:23 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 09:23 - 2014-11-22 01:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 09:23 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 09:23 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 09:23 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 09:23 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 09:23 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 09:23 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 09:23 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-10 09:23 - 2014-11-10 02:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-10 09:23 - 2014-11-10 01:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 09:23 - 2014-11-07 04:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 09:23 - 2014-11-07 03:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-10 09:23 - 2014-10-31 23:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-10 09:23 - 2014-10-31 23:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-10 09:23 - 2014-10-13 02:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-10 09:23 - 2014-10-13 02:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-10 09:23 - 2014-10-13 02:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-10 09:23 - 2014-10-13 02:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-09 17:59 - 2014-12-09 17:59 - 00064725 _____ () C:\Users\Nigel\Downloads\[kickass.so]discovery.channel.eaten.alive.hdtv.x264.fum.ettv.torrent
2014-12-05 22:09 - 2014-12-06 11:54 - 00000000 ____D () C:\Users\Nigel\Downloads\The.Apprentice.UK.S10E09.HDTV.x264-iNGOT[rarbg]
2014-12-01 10:42 - 2014-12-01 10:42 - 00000000 __SHD () C:\Users\Nigel\AppData\Local\EmieBrowserModeList
2014-12-01 10:29 - 2014-12-01 10:29 - 00000355 _____ () C:\Users\Nigel\Desktop\Homegroup - Shortcut.lnk
2014-11-27 09:54 - 2014-11-28 13:11 - 00000000 ____D () C:\Users\Nigel\Downloads\The.Apprentice.UK.S10E08.HDTV.x264-BARGE[rarbg]
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-27 18:43 - 2013-11-17 10:30 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B36B5B0B-3BFB-42EB-BDEA-CF50958C5376}
2014-12-27 18:42 - 2013-08-27 19:34 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-27 18:40 - 2013-11-12 01:08 - 01995468 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-27 18:40 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-27 12:06 - 2013-09-30 04:11 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-27 11:59 - 2013-11-12 13:49 - 00023808 _____ () C:\WINDOWS\error.log
2014-12-27 11:59 - 2013-11-12 10:05 - 00000000 ___DO () C:\Users\Nigel\SkyDrive
2014-12-27 11:59 - 2013-08-27 19:34 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-27 11:59 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-27 11:58 - 2013-11-12 13:49 - 00006721 _____ () C:\WINDOWS\errord.log
2014-12-27 11:58 - 2013-08-22 13:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-27 11:48 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-27 11:08 - 2013-11-12 00:52 - 00000000 ____D () C:\Users\Nigel
2014-12-26 21:44 - 2013-08-28 20:27 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4040141387-3011007431-2631040067-1001
2014-12-26 21:28 - 2013-09-29 20:03 - 00147360 _____ () C:\WINDOWS\PFRO.log
2014-12-26 18:45 - 2013-08-22 14:46 - 00314537 _____ () C:\WINDOWS\setupact.log
2014-12-26 18:08 - 2013-08-27 20:23 - 00000000 ____D () C:\Users\Nigel\AppData\Roaming\vlc
2014-12-26 16:45 - 2013-11-14 10:27 - 00000000 ___RD () C:\WINDOWS\BrowserChoice
2014-12-26 16:44 - 2013-09-04 12:49 - 00000000 ____D () C:\Users\Nigel\AppData\Roaming\uTorrent
2014-12-26 16:05 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-21 20:39 - 2013-10-24 17:45 - 00000000 ___HD () C:\_acestream_cache_
2014-12-21 20:39 - 2013-10-24 17:45 - 00000000 ____D () C:\Users\Nigel\AppData\Roaming\.ACEStream
2014-12-20 14:35 - 2013-10-09 10:49 - 00540672 ___SH () C:\Users\Nigel\Downloads\Thumbs.db
2014-12-20 13:48 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-14 17:46 - 2013-08-29 00:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-14 17:40 - 2013-03-22 17:03 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-12 09:43 - 2013-08-27 19:34 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 16:30 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-10 22:59 - 2014-07-09 22:55 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-10 22:59 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2014-12-10 22:59 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-10 22:59 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-10 22:59 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-12-10 22:59 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-10 12:25 - 2013-08-29 14:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-04 14:53 - 2013-08-29 14:48 - 00000000 ____D () C:\Users\Nigel\AppData\Local\Microsoft Help
2014-11-29 18:29 - 2013-11-08 23:04 - 00000000 ____D () C:\Program Files (x86)\VNT
2014-11-28 13:11 - 2014-11-17 18:20 - 00000000 ____D () C:\Users\Nigel\Downloads\12 Angry Men 1997
2014-11-28 13:11 - 2014-11-17 18:11 - 00000000 ____D () C:\Users\Nigel\Downloads\12 Angry Men (1957)
 
Some content of TEMP:
====================
C:\Users\Nigel\AppData\Local\Temp\AppLauncher.exe
C:\Users\Nigel\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Nigel\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Nigel\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\Nigel\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Nigel\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Nigel\AppData\Local\Temp\vlc-2.1.5-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-27 14:11
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014
Ran by Nigel at 2014-12-27 18:48:58
Running from C:\Users\Nigel\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Ace Stream Media 2.1.7.2 (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\AceStream) (Version: 2.1.7.2 - Ace Stream Media)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo AppLauncher v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 11 v.11.0.4 (HKLM-x32\...\Ashampoo Burning Studio 11_is1) (Version: 11.0.4 - Ashampoo GmbH & Co. KG)
Ashampoo Core Tuner 2 v.2.0.1 (HKLM-x32\...\Ashampoo Core Tuner 2_is1) (Version: 2.01 - Ashampoo GmbH & Co. KG)
Ashampoo GetBack Photo v.1.0.1 (HKLM-x32\...\Ashampoo GetBack Photo_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\Ashampoo HDD Control 2_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 4 v.4.0.1 (HKLM-x32\...\Ashampoo Music Studio 4_is1) (Version: 4.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 10 v.10.1.3 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.1.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer 5 v.5.1.2 (HKLM-x32\...\Ashampoo Photo Optimizer 5_is1) (Version: 5.1.2 - Ashampoo GmbH & Co. KG)
Ashampoo Slideshow Studio HD 2 v.2.0.5 (HKLM-x32\...\Ashampoo Slideshow Studio HD 2_is1) (Version: 2.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 5 v.5.1.5 (HKLM-x32\...\Ashampoo Snap 5_is1) (Version: 5.1.5 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 4 v.4.30 (HKLM-x32\...\Ashampoo UnInstaller 4_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Ashampoo Video Styler v.1.0.1 (HKLM-x32\...\Ashampoo Video Styler_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM-x32\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
Ask Toolbar (HKLM-x32\...\{434D452D-5637-006A-76A7-A758B70C1500}) (Version: 12.21.0.3966 - APN, LLC) <==== ATTENTION
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
f.lux (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\Flux) (Version:  - )
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mediathek (HKLM-x32\...\{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}) (Version: 1.4.0 - Medion)
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Medion Home Cinema 10 (x32 Version: 10.1924 - CyberLink Corp.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0081 - Pegatron Corporation)
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6722 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
Stellar Phoenix Outlook PST Repair (HKLM-x32\...\Stellar Phoenix Outlook PST Repair_is1) (Version: 5.0.0.0 - Stellar Information Systems Ltd.)
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
VipBoxSportsApp (HKLM-x32\...\1ClickDownload) (Version: 2.1 Build 26473 - VipBoxSportsApp.com) <==== ATTENTION
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebConnect 3.0.0 (HKLM\...\WebConnect) (Version: 3.0.0 - Web Connect) <==== ATTENTION
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
10-12-2014 12:12:49 Windows Update
14-12-2014 17:38:42 Windows Update
18-12-2014 13:34:18 Windows Update
26-12-2014 22:01:30 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {079C6B2F-A2DE-4695-830C-6E3A1790C12E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-14] (Microsoft Corporation)
Task: {5B8A304B-C2C0-4C55-9C7D-58CA3D3A8708} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-27] (Google Inc.)
Task: {6087B43D-6CAD-4401-B75B-0A743CE9AB12} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {62C4A8CD-9106-4A28-ADC3-EA65B0C2CEF0} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {88C2DD99-9005-4BA8-9752-E3FC8750C43A} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-21] (Synaptics Incorporated)
Task: {E2065669-53B0-4D48-A806-3E338F2DC123} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-27] (Google Inc.)
Task: {EA3DF895-5C42-4166-B4CB-FFB19DD1CF9A} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-12-27] (Enigma Software Group USA, LLC.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-04-09 11:58 - 2012-11-29 12:53 - 00805888 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2013-04-09 12:22 - 2011-08-22 12:44 - 01421216 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
2013-04-09 12:21 - 2012-07-30 09:48 - 01518504 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
2013-04-09 11:58 - 2012-11-27 14:18 - 02215424 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2013-04-09 11:58 - 2010-01-12 16:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2013-04-09 11:58 - 2010-01-12 16:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2013-04-09 11:58 - 2012-10-23 17:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2013-04-09 11:58 - 2012-08-08 17:10 - 07536128 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe
2013-10-03 23:42 - 2013-10-03 23:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-26 13:22 - 2014-09-25 14:52 - 00027904 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\ace_engine.exe
2013-08-27 15:37 - 2013-08-27 15:37 - 00026744 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\updater\ace_update.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-09 11:58 - 2009-12-18 14:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2013-04-09 11:58 - 2009-12-18 14:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2013-09-26 13:23 - 2014-10-31 17:07 - 00251392 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
2011-06-12 13:09 - 2011-06-12 13:09 - 00038400 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
2011-06-12 13:09 - 2011-06-12 13:09 - 00720896 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
2013-03-29 09:57 - 2013-03-29 09:57 - 00018944 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
2011-06-12 13:06 - 2011-06-12 13:06 - 00287232 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
2014-01-28 15:51 - 2014-10-31 17:07 - 01472512 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
2014-01-28 15:51 - 2014-01-28 11:57 - 00036352 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
2014-01-28 15:51 - 2014-01-28 11:57 - 00053248 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
2011-06-12 13:06 - 2011-06-12 13:06 - 00106496 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
2014-01-28 15:51 - 2014-01-28 11:57 - 00040448 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
2011-06-12 13:06 - 2011-06-12 13:06 - 00011776 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\select.pyd
2011-01-18 21:56 - 2011-01-18 21:56 - 00334336 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
2011-06-12 13:06 - 2011-06-12 13:06 - 00152576 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
2011-02-13 15:02 - 2011-02-13 15:02 - 00031232 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
2013-09-26 13:29 - 2014-10-31 17:07 - 03067392 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
2012-02-07 16:37 - 2012-02-07 16:37 - 00098816 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
2012-02-07 16:35 - 2012-02-07 16:35 - 00110080 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
2012-02-07 16:38 - 2012-02-07 16:38 - 00358912 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
2012-02-07 16:36 - 2012-02-07 16:36 - 00111616 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
2012-02-07 16:36 - 2012-02-07 16:36 - 00024064 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
2010-10-10 22:23 - 2010-10-10 22:23 - 00723968 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
2013-01-29 16:20 - 2013-01-29 16:20 - 00082944 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
2011-07-15 19:37 - 2011-07-15 19:37 - 00981504 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
2011-07-15 19:38 - 2011-07-15 19:38 - 00746496 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
2011-07-15 19:38 - 2011-07-15 19:38 - 00670720 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
2011-07-15 19:38 - 2011-07-15 19:38 - 00966144 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
2011-07-15 19:38 - 2011-07-15 19:38 - 00674816 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
2011-06-12 13:06 - 2011-06-12 13:06 - 00688128 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
2014-01-28 15:51 - 2014-01-28 11:57 - 00061952 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
2013-01-29 16:20 - 2013-01-29 16:20 - 00066048 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
2013-04-09 12:10 - 2012-06-08 03:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2011-06-12 13:09 - 2011-06-12 13:09 - 00038400 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
2011-06-12 13:09 - 2011-06-12 13:09 - 00720896 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
2011-07-15 19:37 - 2011-07-15 19:37 - 00981504 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
2011-07-15 19:38 - 2011-07-15 19:38 - 00746496 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
2011-07-15 19:38 - 2011-07-15 19:38 - 00670720 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
2011-07-15 19:38 - 2011-07-15 19:38 - 00966144 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
2011-07-15 19:38 - 2011-07-15 19:38 - 00674816 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
2011-06-12 13:06 - 2011-06-12 13:06 - 00287232 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
2011-01-18 21:56 - 2011-01-18 21:56 - 00334336 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 13:06 - 2011-06-12 13:06 - 00011776 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\select.pyd
2011-06-12 13:06 - 2011-06-12 13:06 - 00152576 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
2012-02-07 16:37 - 2012-02-07 16:37 - 00098816 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
2012-02-07 16:35 - 2012-02-07 16:35 - 00110080 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
2012-02-07 16:38 - 2012-02-07 16:38 - 00358912 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
2012-02-07 16:36 - 2012-02-07 16:36 - 00111616 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
2012-02-07 16:36 - 2012-02-07 16:36 - 00024064 _____ () C:\Users\Nigel\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd
2014-10-17 11:52 - 2014-10-17 11:52 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\1706c668394b6917a63634ebd3bedcf2\PSIClient.ni.dll
2014-12-12 09:43 - 2014-12-06 01:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 09:43 - 2014-12-06 01:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 09:43 - 2014-12-06 01:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 09:43 - 2014-12-06 01:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2013-04-09 10:36 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-12-12 09:43 - 2014-12-06 01:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 10:46 - 2011-06-22 10:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\Users\Nigel\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Nigel\Downloads\Alex.rss:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "uTorrent"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4040141387-3011007431-2631040067-500 - Administrator - Disabled)
Guest (S-1-5-21-4040141387-3011007431-2631040067-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4040141387-3011007431-2631040067-1005 - Limited - Enabled)
Nigel (S-1-5-21-4040141387-3011007431-2631040067-1001 - Administrator - Enabled) => C:\Users\Nigel
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/27/2014 06:40:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7878094
 
Error: (12/27/2014 06:40:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7878094
 
Error: (12/27/2014 06:40:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/27/2014 04:29:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16906
 
Error: (12/27/2014 04:29:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16906
 
Error: (12/27/2014 04:29:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/27/2014 04:29:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15703
 
Error: (12/27/2014 04:29:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15703
 
Error: (12/27/2014 04:29:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/27/2014 04:29:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14594
 
 
System errors:
=============
Error: (12/27/2014 04:29:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 10 MS Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (12/27/2014 02:58:30 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (12/27/2014 02:27:07 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{a43ef02e-989e-4283-af56-6419ff036dd1}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{36C36178-2699-45B9-AD46-ACF44A3458DD}
 
Error: (12/27/2014 02:26:01 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{a43ef02e-989e-4283-af56-6419ff036dd1}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{334E4FA6-84FE-47C6-85DE-E3272DD991DE}
 
Error: (12/27/2014 02:25:08 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (12/27/2014 11:58:23 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error: (12/27/2014 11:58:03 AM) (Source: DCOM) (EventID: 10010) (User: NIGEL-PC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (12/27/2014 10:48:18 AM) (Source: DCOM) (EventID: 10016) (User: NIGEL-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Nigel-PCNigelS-1-5-21-4040141387-3011007431-2631040067-1001LocalHost (Using LRPC)Microsoft.BingNews_3.0.4.213_x64__8wekyb3d8bbweS-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257
 
Error: (12/26/2014 10:40:04 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (12/26/2014 10:04:24 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{a43ef02e-989e-4283-af56-6419ff036dd1}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D8F6E96C-8A01-4F34-93D2-060AFED2936B}
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-25 09:24:44.536
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-24 16:30:28.932
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-24 16:30:28.769
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-24 10:24:09.011
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-22 10:31:38.160
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-21 21:41:56.260
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-19 12:22:47.937
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-19 12:22:47.759
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-19 12:22:47.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-19 12:22:47.243
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 1000M @ 1.80GHz
Percentage of memory in use: 58%
Total physical RAM: 3976.96 MB
Available physical RAM: 1638.07 MB
Total Pagefile: 4680.96 MB
Available Pagefile: 1385.23 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Boot) (Fixed) (Total:404.05 GB) (Free:286.89 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:39.34 GB) NTFS
Drive f: () (Removable) (Total:0.96 GB) (Free:0.54 GB) FAT
Drive g: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:358.69 GB) NTFS
Drive h: () (Removable) (Total:0.96 GB) (Free:0.31 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 980.5 MB) (Disk ID: 00605F34)
Partition 1: (Active) - (Size=980 MB) - (Type=06)
 
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 28676295)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Size: 982.5 MB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello, let's get started. :)

One of the infections has turned your current installation of Chrome into a dev build, which vastly lowers the security of Chrome. When we are finished with the cleaning, we will need to uninstall your current copy of Chrome and then install the latest version.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: P2P Warning and Program Uninstalls

The Dangers of P2P Programs

I noticed that you have a P2P file sharing program on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Program Uninstalls

Please uninstall the following programs as they are adware/malware related programs or are a risk to your computer's security.

Ask Toolbar

VipBoxSportsApp

WebConnect 3.0.0



Step 2: Fix with FRST

Note: Before performing this step, please move FRST64.exe from C:\Users\Nigel\Downloads to your desktop or the fix will not work.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
C:\Program Files\Enigma Software Group
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\AskPartnerNetwork
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(APN LLC.) C:\Users\Nigel\AppData\Local\VNT\vntldr.exe
C:\Users\Nigel\AppData\Local\VNT
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-21] (APN)
HKLM-x32\...\Run: [VNT] => C:\Program Files (x86)\VNT\vntldr.exe [196504 2014-09-03] (APN LLC.)
C:\Program Files (x86)\VNT
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (BuuyNsave) - C:\ProgramData\oemkbagpgddchkpbijjdmakpihnphepc\ [2013-08-27]
CHR HKLM\...\Chrome\Extension: [aaaajabnoiehionljhjpclogplgillib] - C:\ProgramData\AskPartnerNetwork\Toolbar\CME-V7\CRX\ToolbarCR.crx [2014-11-27]
C:\ProgramData\oemkbagpgddchkpbijjdmakpihnphepc
C:\ProgramData\AskPartnerNetwork
CHR HKLM-x32\...\Chrome\Extension: [aaaajabnoiehionljhjpclogplgillib] - C:\ProgramData\AskPartnerNetwork\Toolbar\CME-V7\CRX\ToolbarCR.crx [2014-11-27]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2014-12-27] (Enigma Software Group USA, LLC.)
2014-12-27 11:08 - 2014-12-27 11:08 - 00003326 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2014-12-27 11:08 - 2014-12-27 11:08 - 00001107 _____ () C:\Users\Nigel\Desktop\SpyHunter.lnk
2014-12-27 11:08 - 2014-12-27 11:08 - 00000000 ____D () C:\Users\Nigel\AppData\Roaming\Enigma Software Group
2014-12-27 11:07 - 2014-12-27 11:07 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Nigel\Downloads\SpyHunter-Installer.exe
2014-12-27 11:07 - 2014-12-27 11:07 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2014-12-27 11:07 - 2014-12-27 11:07 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-12-24 14:29 - 2014-12-26 16:44 - 00000000 ____D () C:\Program Files (x86)\BuuyNsave
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 5: Scan with TDSSKiller


Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!


Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

TDSSKiller Log

  • 0

#5
peter plus

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 163 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-12-2014
Ran by Nigel at 2014-12-27 22:19:15 Run:1
Running from C:\Users\Nigel\Desktop
Loaded Profile: Nigel (Available profiles: Nigel)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
C:\Program Files\Enigma Software Group
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\AskPartnerNetwork
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(APN LLC.) C:\Users\Nigel\AppData\Local\VNT\vntldr.exe
C:\Users\Nigel\AppData\Local\VNT
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-21] (APN)
HKLM-x32\...\Run: [VNT] => C:\Program Files (x86)\VNT\vntldr.exe [196504 2014-09-03] (APN LLC.)
C:\Program Files (x86)\VNT
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (BuuyNsave) - C:\ProgramData\oemkbagpgddchkpbijjdmakpihnphepc\ [2013-08-27]
CHR HKLM\...\Chrome\Extension: [aaaajabnoiehionljhjpclogplgillib] - C:\ProgramData\AskPartnerNetwork\Toolbar\CME-V7\CRX\ToolbarCR.crx [2014-11-27]
C:\ProgramData\oemkbagpgddchkpbijjdmakpihnphepc
C:\ProgramData\AskPartnerNetwork
CHR HKLM-x32\...\Chrome\Extension: [aaaajabnoiehionljhjpclogplgillib] - C:\ProgramData\AskPartnerNetwork\Toolbar\CME-V7\CRX\ToolbarCR.crx [2014-11-27]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2014-12-27] (Enigma Software Group USA, LLC.)
2014-12-27 11:08 - 2014-12-27 11:08 - 00003326 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2014-12-27 11:08 - 2014-12-27 11:08 - 00001107 _____ () C:\Users\Nigel\Desktop\SpyHunter.lnk
2014-12-27 11:08 - 2014-12-27 11:08 - 00000000 ____D () C:\Users\Nigel\AppData\Roaming\Enigma Software Group
2014-12-27 11:07 - 2014-12-27 11:07 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Nigel\Downloads\SpyHunter-Installer.exe
2014-12-27 11:07 - 2014-12-27 11:07 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2014-12-27 11:07 - 2014-12-27 11:07 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-12-24 14:29 - 2014-12-26 16:44 - 00000000 ____D () C:\Program Files (x86)\BuuyNsave
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe => No running process found
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe => No running process found
"C:\Program Files (x86)\AskPartnerNetwork" => File/Directory not found.
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe => No running process found
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe => No running process found
C:\Users\Nigel\AppData\Local\VNT\vntldr.exe => No running process found
"C:\Users\Nigel\AppData\Local\VNT" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\VNT => Value not found.
"C:\Program Files (x86)\VNT" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\ProgramData\oemkbagpgddchkpbijjdmakpihnphepc\ => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\aaaajabnoiehionljhjpclogplgillib => Key not found. 
"C:\ProgramData\AskPartnerNetwork\Toolbar\CME-V7\CRX\ToolbarCR.crx" => File/Directory not found.
"C:\ProgramData\oemkbagpgddchkpbijjdmakpihnphepc" => File/Directory not found.
"C:\ProgramData\AskPartnerNetwork" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaajabnoiehionljhjpclogplgillib => Key not found. 
"C:\ProgramData\AskPartnerNetwork\Toolbar\CME-V7\CRX\ToolbarCR.crx" => File/Directory not found.
APNMCP => Service not found.
SpyHunter 4 Service => Service deleted successfully.
C:\WINDOWS\System32\Tasks\SpyHunter4Startup => Moved successfully.
C:\Users\Nigel\Desktop\SpyHunter.lnk => Moved successfully.
C:\Users\Nigel\AppData\Roaming\Enigma Software Group => Moved successfully.
C:\Users\Nigel\Downloads\SpyHunter-Installer.exe => Moved successfully.
C:\WINDOWS\system32\Drivers\EsgScanner.sys => Moved successfully.
"C:\Program Files\Enigma Software Group" => File/Directory not found.
C:\Program Files (x86)\BuuyNsave => Moved successfully.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 38 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 22:22:26 ====

  • 0

#6
peter plus

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 163 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 x64
Ran by Nigel on 27/12/2014 at 22:33:04.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update webconnect
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Nigel\AppData\Roaming\search protection"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/12/2014 at 22:35:24.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#7
peter plus

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 163 posts

  # AdwCleaner v4.106 - Report created 27/12/2014 at 22:42:08

# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Nigel - NIGEL-PC
# Running from : C:\Users\Nigel\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\MountainApp
Folder Deleted : C:\ProgramData\1032840937467210185
Folder Deleted : C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio
Folder Deleted : C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
File Deleted : C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage
File Deleted : C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Deleted : C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
File Deleted : C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\kpckgflgdapkpabemgkielbefdildaio
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta-search.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
[C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : ieakfmpjhljbpbfpldjkddkjmmgjmgon
[C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kpckgflgdapkpabemgkielbefdildaio
[C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : mfhnkgpdlogbknkhlgdjlejeljbhflim
 
*************************
 
AdwCleaner[R0].txt - [3158 octets] - [27/12/2014 22:40:21]
AdwCleaner[S0].txt - [3074 octets] - [27/12/2014 22:42:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3134 octets] ##########

  • 0

#8
peter plus

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 163 posts
22:48:54.0745 0x0dc0  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
22:48:54.0745 0x0dc0  UEFI system
22:49:10.0791 0x0dc0  ============================================================
22:49:10.0791 0x0dc0  Current date / time: 2014/12/27 22:49:10.0791
22:49:10.0791 0x0dc0  SystemInfo:
22:49:10.0791 0x0dc0  
22:49:10.0791 0x0dc0  OS Version: 6.3.9600 ServicePack: 0.0
22:49:10.0791 0x0dc0  Product type: Workstation
22:49:10.0791 0x0dc0  ComputerName: NIGEL-PC
22:49:10.0791 0x0dc0  UserName: Nigel
22:49:10.0791 0x0dc0  Windows directory: C:\WINDOWS
22:49:10.0791 0x0dc0  System windows directory: C:\WINDOWS
22:49:10.0791 0x0dc0  Running under WOW64
22:49:10.0791 0x0dc0  Processor architecture: Intel x64
22:49:10.0791 0x0dc0  Number of processors: 2
22:49:10.0791 0x0dc0  Page size: 0x1000
22:49:10.0791 0x0dc0  Boot type: Normal boot
22:49:10.0791 0x0dc0  ============================================================
22:49:11.0297 0x0dc0  KLMD registered as C:\WINDOWS\system32\drivers\05863838.sys
22:49:11.0717 0x0dc0  System UUID: {EA2C3C0B-A5EE-FA54-E423-1B4436A5B9F6}
22:49:12.0715 0x0dc0  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:49:12.0732 0x0dc0  Drive \Device\Harddisk1\DR1 - Size: 0x3D486E00 ( 0.96 Gb ), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:49:12.0733 0x0dc0  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:49:15.0145 0x0dc0  Drive \Device\Harddisk3\DR3 - Size: 0x3D680000 ( 0.96 Gb ), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:49:15.0146 0x0dc0  ============================================================
22:49:15.0146 0x0dc0  \Device\Harddisk0\DR0:
22:49:15.0167 0x0dc0  GPT partitions:
22:49:15.0178 0x0dc0  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {28093404-C710-4E21-8095-578ED04EA020}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xF9800
22:49:15.0178 0x0dc0  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {1B7803EF-DEDF-4406-BBFC-E017C55C457F}, Name: EFI system partition, StartLBA 0xFA000, BlocksNum 0x32000
22:49:15.0178 0x0dc0  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {51858F6C-BB1E-4B75-95C0-E2784014CC90}, Name: Microsoft reserved partition, StartLBA 0x12C000, BlocksNum 0x40000
22:49:15.0178 0x0dc0  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {8D7F0CC6-879E-47F6-A767-0ED8FD3B0659}, UniqueGUID: {EAAE954F-437A-4616-8513-79A48F4C9C0E}, Name: Basic data partition, StartLBA 0x16C000, BlocksNum 0x200000
22:49:15.0179 0x0dc0  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A43EF02E-989E-4283-AF56-6419FF036DD1}, Name: Basic data partition, StartLBA 0x36C000, BlocksNum 0x32819800
22:49:15.0179 0x0dc0  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {82F82E89-604A-4F6A-9A2E-26D444BC9568}, Name: Basic data partition, StartLBA 0x32B85800, BlocksNum 0x7800000
22:49:15.0179 0x0dc0  MBR partitions:
22:49:15.0179 0x0dc0  \Device\Harddisk1\DR1:
22:49:15.0180 0x0dc0  MBR partitions:
22:49:15.0180 0x0dc0  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x50, BlocksNum 0x1EA3E7
22:49:15.0180 0x0dc0  \Device\Harddisk2\DR2:
22:49:15.0180 0x0dc0  MBR partitions:
22:49:15.0180 0x0dc0  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0x74705981
22:49:15.0180 0x0dc0  \Device\Harddisk3\DR3:
22:49:15.0181 0x0dc0  MBR partitions:
22:49:15.0181 0x0dc0  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x6, StartLBA 0xF3, BlocksNum 0x1EB30D
22:49:15.0181 0x0dc0  ============================================================
22:49:15.0252 0x0dc0  C: <-> \Device\Harddisk0\DR0\Partition5
22:49:15.0381 0x0dc0  D: <-> \Device\Harddisk0\DR0\Partition6
22:49:15.0410 0x0dc0  G: <-> \Device\Harddisk2\DR2\Partition1
22:49:15.0410 0x0dc0  ============================================================
22:49:15.0410 0x0dc0  Initialize success
22:49:15.0410 0x0dc0  ============================================================
22:49:36.0678 0x1344  ============================================================
22:49:36.0678 0x1344  Scan started
22:49:36.0678 0x1344  Mode: Manual; SigCheck; TDLFS; 
22:49:36.0678 0x1344  ============================================================
22:49:36.0678 0x1344  KSN ping started
22:49:39.0073 0x1344  KSN ping finished: true
22:49:40.0554 0x1344  ================ Scan system memory ========================
22:49:40.0554 0x1344  System memory - ok
22:49:40.0555 0x1344  ================ Scan services =============================
22:49:41.0216 0x1344  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
22:49:41.0310 0x1344  1394ohci - ok
22:49:41.0330 0x1344  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
22:49:41.0346 0x1344  3ware - ok
22:49:41.0380 0x1344  [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
22:49:41.0415 0x1344  ACPI - ok
22:49:41.0431 0x1344  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
22:49:41.0446 0x1344  acpiex - ok
22:49:41.0460 0x1344  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
22:49:41.0488 0x1344  acpipagr - ok
22:49:41.0518 0x1344  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
22:49:41.0567 0x1344  AcpiPmi - ok
22:49:41.0573 0x1344  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
22:49:41.0613 0x1344  acpitime - ok
22:49:41.0717 0x1344  [ 2D766591E87FFFF237C0C9C16CDDECAB, AF04A4C029FD34A5F16B689A4F7F328FCEE11B0033E077FF5FC154C6021B2986 ] ACT2PM          C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys
22:49:41.0741 0x1344  ACT2PM - ok
22:49:41.0943 0x1344  [ C47D15FC2CA269DD2EC5946953C5BF03, 20C9CEDECE45E24AA9C78A1FFE4BE6D150B10B726F6F576889971E40CDA267C4 ] ACT2_Service    C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
22:49:41.0999 0x1344  ACT2_Service - ok
22:49:42.0081 0x1344  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
22:49:42.0121 0x1344  ADP80XX - ok
22:49:42.0181 0x1344  [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
22:49:42.0249 0x1344  AeLookupSvc - ok
22:49:42.0289 0x1344  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
22:49:42.0362 0x1344  AFD - ok
22:49:42.0416 0x1344  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
22:49:42.0430 0x1344  agp440 - ok
22:49:42.0444 0x1344  [ 8E8E34B7BA059050EED827410D0697A2, 85B6684709F24729A6497563812A90A54068AC2DD9EEA03037CB1EEF5C85AAA9 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
22:49:42.0480 0x1344  ahcache - ok
22:49:42.0857 0x1344  [ 1CC3E547FE3DEC8272780F24F3059519, 72400F60D41239E9F2493DF71472704ECB006F5871E3CBB125DE2D0303051617 ] AHDDC2          C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
22:49:42.0913 0x1344  AHDDC2 - ok
22:49:42.0959 0x1344  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG             C:\WINDOWS\System32\alg.exe
22:49:42.0987 0x1344  ALG - ok
22:49:43.0026 0x1344  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
22:49:43.0093 0x1344  AmdK8 - ok
22:49:43.0115 0x1344  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
22:49:43.0161 0x1344  AmdPPM - ok
22:49:43.0190 0x1344  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
22:49:43.0205 0x1344  amdsata - ok
22:49:43.0227 0x1344  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
22:49:43.0249 0x1344  amdsbs - ok
22:49:43.0262 0x1344  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
22:49:43.0274 0x1344  amdxata - ok
22:49:43.0302 0x1344  [ 0C3D62CB6B8F2B3CC42369BAC0F58AD5, F0121EACB6060DF1F6C5F79C15D5B483F301EF85B3C79F67806520BE9CEE398E ] AMPPAL          C:\WINDOWS\System32\drivers\AMPPAL.sys
22:49:43.0316 0x1344  AMPPAL - ok
22:49:43.0608 0x1344  [ 11DA9AEDEDE229C6BDF6889298E91FDD, BDA9EB3E92CC5D30ABF39DAFF7197C1179E6616A06025093ABD04D0DC3F36740 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
22:49:43.0643 0x1344  AMPPALR3 - ok
22:49:43.0668 0x1344  [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID           C:\WINDOWS\system32\drivers\appid.sys
22:49:43.0741 0x1344  AppID - ok
22:49:43.0761 0x1344  [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
22:49:43.0787 0x1344  AppIDSvc - ok
22:49:43.0818 0x1344  [ 034ED41F13D9C1845C1E081F05B640DB, E4E17BA0B22C464DE60A6BF68D4D035D1B838DE4F0361029DED1AE00503E135C ] Appinfo         C:\WINDOWS\System32\appinfo.dll
22:49:43.0877 0x1344  Appinfo - ok
22:49:43.0996 0x1344  [ F518545E5B7623AD49ABE7F8776EFA46, CD39B6EC0D80C6DB857F34D4AC5C31085271B51B8851A56FEFC052B20B7CC40C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:49:44.0023 0x1344  Apple Mobile Device - ok
22:49:44.0095 0x1344  [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
22:49:44.0179 0x1344  AppReadiness - ok
22:49:44.0398 0x1344  [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
22:49:44.0493 0x1344  AppXSvc - ok
22:49:44.0515 0x1344  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
22:49:44.0531 0x1344  arcsas - ok
22:49:44.0560 0x1344  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
22:49:44.0572 0x1344  atapi - ok
22:49:44.0615 0x1344  [ 7F70B1044272982AAEA7C16E83424770, A7694D38DF5A0E1040688017DB811EF0788874FE505ADD572DE4D4647073DC12 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
22:49:44.0853 0x1344  AudioEndpointBuilder - ok
22:49:45.0015 0x1344  [ C0484CA5C7F87E38909746B63C7FC868, 65159639E2300AEA886184E9D47D449350DAF69A8AA2F9DBD6BD8A474BA73177 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
22:49:45.0073 0x1344  Audiosrv - ok
22:49:45.0099 0x1344  [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
22:49:45.0138 0x1344  AxInstSV - ok
22:49:45.0171 0x1344  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
22:49:45.0203 0x1344  b06bdrv - ok
22:49:45.0220 0x1344  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
22:49:45.0275 0x1344  BasicDisplay - ok
22:49:45.0322 0x1344  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
22:49:45.0384 0x1344  BasicRender - ok
22:49:45.0401 0x1344  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
22:49:45.0411 0x1344  bcmfn2 - ok
22:49:45.0440 0x1344  [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
22:49:45.0488 0x1344  BDESVC - ok
22:49:45.0511 0x1344  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
22:49:45.0554 0x1344  Beep - ok
22:49:45.0597 0x1344  [ 20FB137ADDE1255F15F265A7BD9579BE, 87B4D5C91EFEAD987AAC3491A4360F82824C46AFF958B6F4CAED7C12224EF159 ] BFE             C:\WINDOWS\System32\bfe.dll
22:49:45.0660 0x1344  BFE - ok
22:49:45.0720 0x1344  [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS            C:\WINDOWS\System32\qmgr.dll
22:49:45.0793 0x1344  BITS - ok
22:49:46.0099 0x1344  [ BAE8683BE3463B25E51875B380AB695A, 3EDB44560F798BB05AB7F534CEC4688C35AD9092B7D1CC5F58B47E82BD8EA270 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
22:49:46.0139 0x1344  Bluetooth Device Monitor - ok
22:49:46.0416 0x1344  [ AF06006C7A8B6CE409ABD351867A9544, AB985CEB86E57AB99E8D273058533CD3D04FF3232C62688DFD8F9D6A5B6586CD ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
22:49:46.0461 0x1344  Bluetooth OBEX Service - ok
22:49:46.0597 0x1344  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:49:46.0631 0x1344  Bonjour Service - ok
22:49:46.0645 0x1344  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
22:49:46.0695 0x1344  bowser - ok
22:49:46.0728 0x1344  [ E325BCD68EC0CF2E2EDD0AB7CC17C698, 4DEDEF91F6BD1CC8DBE118AC28CA6BD874449A053B9CDE9FFEB1C7B98501D938 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
22:49:46.0796 0x1344  BrokerInfrastructure - ok
22:49:46.0825 0x1344  [ 041A999E4FF9A7CDBE67357751881FB8, 356C52637EA715D6FA2B65BD311C9BF1635A582023434902EC2DE4A2448961F8 ] Browser         C:\WINDOWS\System32\browser.dll
22:49:46.0915 0x1344  Browser - ok
22:49:46.0948 0x1344  [ 8F7A6409A76914E203423A384A4E1C11, 567D1B456F6457C2D2612D048B7E59C41504565E67BB7F349530249274BF3C3B ] BthA2DP         C:\WINDOWS\system32\drivers\BthA2DP.sys
22:49:46.0995 0x1344  BthA2DP - ok
22:49:47.0015 0x1344  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
22:49:47.0041 0x1344  BthAvrcpTg - ok
22:49:47.0062 0x1344  [ 131F1C8573E7BFB41C54FBF5309CCD94, DAFE51E3BADBD82A33B580F212B2D6520A120877C23F6D675521FEA2F4BA5A1F ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
22:49:47.0128 0x1344  BthEnum - ok
22:49:47.0155 0x1344  [ E4A1863A32606C95F993345F1D28C86C, 3BED422D932A22F0CB923FE7FFDA0A8EC6E01AD1FB8F616F39E016A19221AD6F ] BthHFAud        C:\WINDOWS\system32\DRIVERS\BthHfAud.sys
22:49:47.0182 0x1344  BthHFAud - ok
22:49:47.0202 0x1344  [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
22:49:47.0217 0x1344  BthHFEnum - ok
22:49:47.0240 0x1344  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
22:49:47.0268 0x1344  bthhfhid - ok
22:49:47.0314 0x1344  [ 52AB4FA794AE775BDAF63BBF28ADE65D, DB8C9DA9A2F7E96110C793A35AC7CFA8E324173DAEDEFCC700A9652E389D46FE ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
22:49:47.0358 0x1344  BthHFSrv - ok
22:49:47.0399 0x1344  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\WINDOWS\System32\drivers\BthLEEnum.sys
22:49:47.0443 0x1344  BthLEEnum - ok
22:49:47.0466 0x1344  [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
22:49:47.0489 0x1344  BTHMODEM - ok
22:49:47.0524 0x1344  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\WINDOWS\System32\drivers\bthpan.sys
22:49:47.0558 0x1344  BthPan - ok
22:49:47.0660 0x1344  [ 97B9076611291AE4C4C107BC915BD026, 0A77873AAF1ADB76CAB98A84D2242781E34E2699632E45EB92ED7DB20B2BE0C1 ] BTHPORT         C:\WINDOWS\System32\Drivers\BTHport.sys
22:49:47.0725 0x1344  BTHPORT - ok
22:49:47.0750 0x1344  [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv         C:\WINDOWS\system32\bthserv.dll
22:49:47.0780 0x1344  bthserv - ok
22:49:47.0801 0x1344  [ 53ECA72327243009C4D49BF934134A1B, 910CE8EA6921304B0DF13227CA2DC0FE18A57E9633C885EE7AE7F71AD536EB6E ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
22:49:47.0813 0x1344  BTHSSecurityMgr - ok
22:49:47.0862 0x1344  [ 23E75BED9076F856B36F5F934BBD5795, CCEB72B788522B7D52A6C07646005EBC68F9599D3714ECACF3A194CA47A1BE85 ] BTHUSB          C:\WINDOWS\System32\Drivers\BTHUSB.sys
22:49:47.0890 0x1344  BTHUSB - ok
22:49:47.0954 0x1344  [ FD6DCB9E986D4B88655370C7F3976F78, F106BBC3147BF4FFEE3A56B477BA7F26A269CAE659570930860AF033F1171A70 ] btmhsf          C:\WINDOWS\system32\DRIVERS\btmhsf.sys
22:49:48.0007 0x1344  btmhsf - ok
22:49:48.0030 0x1344  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
22:49:48.0061 0x1344  cdfs - ok
22:49:48.0098 0x1344  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
22:49:48.0117 0x1344  cdrom - ok
22:49:48.0163 0x1344  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
22:49:48.0210 0x1344  CertPropSvc - ok
22:49:48.0236 0x1344  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
22:49:48.0263 0x1344  circlass - ok
22:49:48.0305 0x1344  [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
22:49:48.0341 0x1344  CLFS - ok
22:49:48.0380 0x1344  [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive  C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
22:49:48.0430 0x1344  CLVirtualDrive - ok
22:49:48.0461 0x1344  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
22:49:48.0570 0x1344  CmBatt - ok
22:49:48.0622 0x1344  [ 4E1207CE16E615B0B7A70DC889F4500E, 1778D5AC0AF5F5DD1551192F4CDBCCB9878995155CF337EBB03460A6FD5C6B78 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
22:49:48.0741 0x1344  CNG - ok
22:49:48.0765 0x1344  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
22:49:48.0802 0x1344  CompositeBus - ok
22:49:48.0807 0x1344  COMSysApp - ok
22:49:48.0819 0x1344  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
22:49:48.0848 0x1344  condrv - ok
22:49:49.0174 0x1344  [ 034643AFE2973A175E782AE530A0683C, C488572B971144D8A10F6EC8480175868913942896144D38BF49E3D8D1BC54F3 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
22:49:49.0209 0x1344  cphs - ok
22:49:49.0213 0x1344  Crypkey License - ok
22:49:49.0261 0x1344  [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
22:49:49.0331 0x1344  CryptSvc - ok
22:49:49.0517 0x1344  [ 7F5CD87CA5BDB4D83F992D8C77201483, 01818EF455833CA3396C8EA4696B8DC28E3A6A3618C081D046C8F207FACAB788 ] CyberLink PowerDVD 10 MS Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
22:49:49.0539 0x1344  CyberLink PowerDVD 10 MS Monitor Service - ok
22:49:49.0563 0x1344  [ 9FAF58E876A3B1DB3030A0A5805F2D86, 682939B774DF6A28268897A7E113F6D2DF9AD73DBF1994F937FB48818478B7FE ] CyberLink PowerDVD 10 MS Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
22:49:49.0580 0x1344  CyberLink PowerDVD 10 MS Service - ok
22:49:49.0600 0x1344  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
22:49:49.0663 0x1344  dam - ok
22:49:49.0832 0x1344  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
22:49:49.0898 0x1344  DcomLaunch - ok
22:49:49.0937 0x1344  [ D249C3A58A4FCF755EF4C94F7047E015, 68C044CE2DB93FB502F85F6E081EA164F6E6DCBA6B3EE2A5CBDA122065E522F8 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
22:49:49.0980 0x1344  defragsvc - ok
22:49:50.0028 0x1344  [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\WINDOWS\system32\das.dll
22:49:50.0083 0x1344  DeviceAssociationService - ok
22:49:50.0114 0x1344  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
22:49:50.0175 0x1344  DeviceInstall - ok
22:49:50.0192 0x1344  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
22:49:50.0255 0x1344  Dfsc - ok
22:49:50.0299 0x1344  [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
22:49:50.0397 0x1344  Dhcp - ok
22:49:50.0430 0x1344  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
22:49:50.0450 0x1344  disk - ok
22:49:50.0464 0x1344  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
22:49:50.0505 0x1344  dmvsc - ok
22:49:50.0543 0x1344  [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
22:49:50.0591 0x1344  Dnscache - ok
22:49:50.0631 0x1344  [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
22:49:50.0660 0x1344  dot3svc - ok
22:49:50.0691 0x1344  [ 27069CFFF29B7F04F4B1BB10154BE52B, 6869626F9A1D3F64224883C5E661638CEE893A3E29651C7B9302A03E52180415 ] dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
22:49:50.0703 0x1344  dot4 - ok
22:49:50.0724 0x1344  [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print       C:\WINDOWS\System32\drivers\Dot4Prt.sys
22:49:50.0733 0x1344  Dot4Print - ok
22:49:50.0751 0x1344  [ B7D595F2F464F7B628AD53F06547792C, F5D06A91EF54FBF56305FCC882B854350B266B2A005D80CC77AEBC2929440729 ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
22:49:50.0760 0x1344  dot4usb - ok
22:49:50.0782 0x1344  [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS             C:\WINDOWS\system32\dps.dll
22:49:50.0843 0x1344  DPS - ok
22:49:50.0868 0x1344  [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
22:49:50.0879 0x1344  drmkaud - ok
22:49:50.0917 0x1344  [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
22:49:50.0955 0x1344  DsmSvc - ok
22:49:51.0027 0x1344  [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
22:49:51.0098 0x1344  DXGKrnl - ok
22:49:51.0150 0x1344  [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
22:49:51.0175 0x1344  Eaphost - ok
22:49:51.0557 0x1344  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
22:49:51.0702 0x1344  ebdrv - ok
22:49:51.0743 0x1344  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS             C:\WINDOWS\System32\lsass.exe
22:49:51.0766 0x1344  EFS - ok
22:49:51.0783 0x1344  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
22:49:51.0798 0x1344  EhStorClass - ok
22:49:51.0817 0x1344  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
22:49:51.0834 0x1344  EhStorTcgDrv - ok
22:49:51.0846 0x1344  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
22:49:51.0875 0x1344  ErrDev - ok
22:49:51.0883 0x1344  EsgScanner - ok
22:49:51.0920 0x1344  [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem     C:\WINDOWS\system32\es.dll
22:49:51.0978 0x1344  EventSystem - ok
22:49:52.0119 0x1344  [ 933723A47E9B7B22208F79F0F40A249A, EFD22310737743E213D59DCF07C04B5E2DE7F7ABFED23D98DE8525A6256914D0 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:49:52.0147 0x1344  EvtEng - ok
22:49:52.0174 0x1344  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
22:49:52.0214 0x1344  exfat - ok
22:49:52.0238 0x1344  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
22:49:52.0258 0x1344  fastfat - ok
22:49:52.0380 0x1344  [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax             C:\WINDOWS\system32\fxssvc.exe
22:49:52.0449 0x1344  Fax - ok
22:49:52.0462 0x1344  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
22:49:52.0485 0x1344  fdc - ok
22:49:52.0516 0x1344  [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
22:49:52.0537 0x1344  fdPHost - ok
22:49:52.0555 0x1344  [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
22:49:52.0586 0x1344  FDResPub - ok
22:49:52.0610 0x1344  [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
22:49:52.0641 0x1344  fhsvc - ok
22:49:52.0678 0x1344  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
22:49:52.0692 0x1344  FileInfo - ok
22:49:52.0707 0x1344  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
22:49:52.0737 0x1344  Filetrace - ok
22:49:52.0758 0x1344  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
22:49:52.0787 0x1344  flpydisk - ok
22:49:52.0848 0x1344  [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
22:49:52.0873 0x1344  FltMgr - ok
22:49:53.0210 0x1344  [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache       C:\WINDOWS\system32\FntCache.dll
22:49:53.0295 0x1344  FontCache - ok
22:49:53.0460 0x1344  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:49:53.0519 0x1344  FontCache3.0.0.0 - ok
22:49:53.0564 0x1344  [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
22:49:53.0596 0x1344  FsDepends - ok
22:49:53.0613 0x1344  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:49:53.0625 0x1344  Fs_Rec - ok
22:49:53.0777 0x1344  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
22:49:53.0823 0x1344  fvevol - ok
22:49:53.0838 0x1344  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
22:49:53.0887 0x1344  FxPPM - ok
22:49:53.0899 0x1344  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
22:49:53.0913 0x1344  gagp30kx - ok
22:49:53.0947 0x1344  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:49:53.0955 0x1344  GEARAspiWDM - ok
22:49:53.0979 0x1344  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
22:49:53.0991 0x1344  gencounter - ok
22:49:54.0197 0x1344  [ 9162ECA694162A77679950CF2E27D3C1, 7EADEDE34A8E7458D2DDEE294D0789E9FD1EE822AB627D7E4ECAEDDD5D3EE81D ] GFNEXSrv        C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
22:49:54.0240 0x1344  GFNEXSrv - detected UnsignedFile.Multi.Generic ( 1 )
22:49:56.0684 0x1344  GFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
22:49:59.0134 0x1344  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
22:49:59.0163 0x1344  GPIOClx0101 - ok
22:49:59.0504 0x1344  [ 69DB09F0263C637DA8568D404842466A, D042194266978AAD31E04DAF7018CD50754077212DC74A4D8AFF6BFEE80CDD20 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
22:49:59.0632 0x1344  gpsvc - ok
22:49:59.0728 0x1344  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:49:59.0745 0x1344  gupdate - ok
22:49:59.0754 0x1344  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:49:59.0769 0x1344  gupdatem - ok
22:49:59.0809 0x1344  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
22:49:59.0858 0x1344  HDAudBus - ok
22:49:59.0885 0x1344  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
22:49:59.0912 0x1344  HidBatt - ok
22:49:59.0940 0x1344  [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
22:49:59.0965 0x1344  HidBth - ok
22:49:59.0982 0x1344  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
22:50:00.0009 0x1344  hidi2c - ok
22:50:00.0029 0x1344  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
22:50:00.0049 0x1344  HidIr - ok
22:50:00.0072 0x1344  [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv         C:\WINDOWS\system32\hidserv.dll
22:50:00.0102 0x1344  hidserv - ok
22:50:00.0128 0x1344  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
22:50:00.0183 0x1344  HidUsb - ok
22:50:00.0223 0x1344  [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
22:50:00.0279 0x1344  hkmsvc - ok
22:50:00.0301 0x1344  [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
22:50:00.0347 0x1344  HomeGroupListener - ok
22:50:00.0391 0x1344  [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
22:50:00.0439 0x1344  HomeGroupProvider - ok
22:50:00.0449 0x1344  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
22:50:00.0462 0x1344  HpSAMD - ok
22:50:00.0509 0x1344  [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
22:50:00.0565 0x1344  HTTP - ok
22:50:00.0593 0x1344  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
22:50:00.0604 0x1344  hwpolicy - ok
22:50:00.0622 0x1344  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
22:50:00.0660 0x1344  hyperkbd - ok
22:50:00.0673 0x1344  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
22:50:00.0691 0x1344  HyperVideo - ok
22:50:00.0712 0x1344  [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
22:50:00.0744 0x1344  i8042prt - ok
22:50:00.0762 0x1344  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
22:50:00.0771 0x1344  iaLPSSi_GPIO - ok
22:50:00.0786 0x1344  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
22:50:00.0799 0x1344  iaLPSSi_I2C - ok
22:50:00.0852 0x1344  [ 6C91E425ACE29594BD574DE38AC9B76D, 697784E4C7AF08B1F35662D8AD871E6890CECE22B6E64985B7C1A66C10DA390D ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
22:50:00.0879 0x1344  iaStorA - ok
22:50:01.0010 0x1344  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
22:50:01.0050 0x1344  iaStorAV - ok
22:50:01.0157 0x1344  [ 0AB254994A460550258446950BB58311, BD10811912680DD3B814B7D1303785C996D892C79108110A2257E9BD0C28245C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
22:50:01.0179 0x1344  IAStorDataMgrSvc - ok
22:50:01.0218 0x1344  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
22:50:01.0258 0x1344  iaStorV - ok
22:50:01.0280 0x1344  [ C430482AC892D52CED021EDDD4D368A2, C54C12EAC14F40BE3E7D7159F8876A664D00CA928000E25306071D28B52EA33A ] iBtFltCoex      C:\WINDOWS\system32\DRIVERS\iBtFltCoex.sys
22:50:01.0302 0x1344  iBtFltCoex - ok
22:50:01.0307 0x1344  IEEtwCollectorService - ok
22:50:01.0930 0x1344  [ 7A5A61997B5404C8EDDFCC62378164DC, C2BCA8A2AA2DFCCF3489FC7F0F366ABBDC8606CFC6397CD7B17C8CD4A28DD17F ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
22:50:02.0118 0x1344  igfx - ok
22:50:02.0186 0x1344  [ DEA76F90F9777E3427D70E380222B23B, B917BA423896A12E45623E3D494CA03317A6FC612CA433C62C897524DC3E756B ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
22:50:02.0242 0x1344  IKEEXT - ok
22:50:02.0272 0x1344  [ 4011430BC9DA46ADFAE9915EFEC312FB, 925DDDA187AE7C46C94FBBFA18FC602260957B6BA891D65DFC09385B6DDEAB58 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
22:50:02.0281 0x1344  intaud_WaveExtensible - ok
22:50:02.0646 0x1344  [ 900A45658DCB6BAE1003764991BB5FAB, 125D048024946C13643E8D6E719687F31CD0EB10591C5AFA1AE0FD9EB7216816 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
22:50:02.0790 0x1344  IntcAzAudAddService - ok
22:50:02.0873 0x1344  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
22:50:02.0913 0x1344  IntcDAud - ok
22:50:03.0091 0x1344  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
22:50:03.0119 0x1344  Intel® Capability Licensing Service Interface - ok
22:50:03.0135 0x1344  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
22:50:03.0147 0x1344  intelide - ok
22:50:03.0171 0x1344  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
22:50:03.0184 0x1344  intelpep - ok
22:50:03.0213 0x1344  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
22:50:03.0228 0x1344  intelppm - ok
22:50:03.0246 0x1344  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:50:03.0271 0x1344  IpFilterDriver - ok
22:50:03.0352 0x1344  [ ACFEE9487693C2BD573DFCA71D98E17C, A347FD476147CD3568EEE6993B46AFC05A66A4269094CA51572D0FD013FCB535 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
22:50:03.0531 0x1344  iphlpsvc - ok
22:50:03.0561 0x1344  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
22:50:03.0596 0x1344  IPMIDRV - ok
22:50:03.0626 0x1344  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
22:50:03.0659 0x1344  IPNAT - ok
22:50:03.0729 0x1344  [ F7ED08D4BC89D7AC6135C1556A89157F, 8F15F1E528F6513FCEF5D966880CBA8A2C7A4816393393F4B201CDD6227F36A3 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:50:03.0797 0x1344  iPod Service - ok
22:50:03.0820 0x1344  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
22:50:03.0852 0x1344  IRENUM - ok
22:50:03.0905 0x1344  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
22:50:03.0929 0x1344  isapnp - ok
22:50:03.0963 0x1344  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
22:50:03.0992 0x1344  iScsiPrt - ok
22:50:04.0015 0x1344  [ EE03564B7FAFE2E44EDA33D52E83B4A3, 53C917EEC92B813EB0C86B225E9887C9CDFDD7708AEA71BFAC0A3039E26D7BEB ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
22:50:04.0024 0x1344  iwdbus - ok
22:50:04.0103 0x1344  [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
22:50:04.0119 0x1344  jhi_service - ok
22:50:04.0146 0x1344  [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
22:50:04.0159 0x1344  kbdclass - ok
22:50:04.0172 0x1344  [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
22:50:04.0193 0x1344  kbdhid - ok
22:50:04.0212 0x1344  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
22:50:04.0258 0x1344  kdnic - ok
22:50:04.0279 0x1344  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso          C:\WINDOWS\system32\lsass.exe
22:50:04.0292 0x1344  KeyIso - ok
22:50:04.0307 0x1344  [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
22:50:04.0329 0x1344  KSecDD - ok
22:50:04.0361 0x1344  [ 6D2EE96150E35B9EA49F2B481DE0369A, AC5915219FD81D89E444F6E86D71F7C495108FC35E7BD683321FC7006161AFE1 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
22:50:04.0379 0x1344  KSecPkg - ok
22:50:04.0400 0x1344  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
22:50:04.0424 0x1344  ksthunk - ok
22:50:04.0454 0x1344  [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
22:50:04.0494 0x1344  KtmRm - ok
22:50:04.0523 0x1344  [ 793EACA6BAE9F481C2059BCB3743EB4A, 2624905C6B6A1227BD1CAC7D4FE55A5F6543E1278DAB31EC553748472D180D1D ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
22:50:04.0586 0x1344  LanmanServer - ok
22:50:04.0671 0x1344  [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
22:50:04.0758 0x1344  LanmanWorkstation - ok
22:50:04.0818 0x1344  [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
22:50:04.0875 0x1344  lfsvc - ok
22:50:04.0900 0x1344  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
22:50:04.0933 0x1344  lltdio - ok
22:50:04.0967 0x1344  [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
22:50:05.0005 0x1344  lltdsvc - ok
22:50:05.0056 0x1344  [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
22:50:05.0118 0x1344  lmhosts - ok
22:50:05.0155 0x1344  [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:50:05.0171 0x1344  LMS - ok
22:50:05.0198 0x1344  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
22:50:05.0213 0x1344  LSI_SAS - ok
22:50:05.0227 0x1344  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
22:50:05.0242 0x1344  LSI_SAS2 - ok
22:50:05.0261 0x1344  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
22:50:05.0277 0x1344  LSI_SAS3 - ok
22:50:05.0289 0x1344  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
22:50:05.0304 0x1344  LSI_SSS - ok
22:50:05.0391 0x1344  [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM             C:\WINDOWS\System32\lsm.dll
22:50:05.0447 0x1344  LSM - ok
22:50:05.0473 0x1344  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
22:50:05.0489 0x1344  luafv - ok
22:50:05.0507 0x1344  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
22:50:05.0521 0x1344  megasas - ok
22:50:05.0562 0x1344  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
22:50:05.0609 0x1344  megasr - ok
22:50:05.0635 0x1344  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
22:50:05.0653 0x1344  MEIx64 - ok
22:50:05.0814 0x1344  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:50:05.0833 0x1344  Microsoft Office Groove Audit Service - ok
22:50:05.0865 0x1344  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS           C:\WINDOWS\system32\mmcss.dll
22:50:05.0900 0x1344  MMCSS - ok
22:50:05.0931 0x1344  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
22:50:05.0948 0x1344  Modem - ok
22:50:05.0961 0x1344  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
22:50:06.0010 0x1344  monitor - ok
22:50:06.0029 0x1344  [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
22:50:06.0043 0x1344  mouclass - ok
22:50:06.0058 0x1344  [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
22:50:06.0084 0x1344  mouhid - ok
22:50:06.0107 0x1344  [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
22:50:06.0123 0x1344  mountmgr - ok
22:50:06.0136 0x1344  [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
22:50:06.0171 0x1344  mpsdrv - ok
22:50:06.0281 0x1344  [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
22:50:06.0336 0x1344  MpsSvc - ok
22:50:06.0398 0x1344  [ 1D55DADC22D21883A2F80297F5A5AE48, B79DF4AFC2A9CBC54E74233596544D6E41C8CAA0516BD57CA695D051EC780265 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
22:50:06.0451 0x1344  MRxDAV - ok
22:50:06.0492 0x1344  [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:50:06.0573 0x1344  mrxsmb - ok
22:50:06.0599 0x1344  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
22:50:06.0641 0x1344  mrxsmb10 - ok
22:50:06.0668 0x1344  [ C910E5D18958914A66F0E45689D0B40A, AD7C91DD8A60A511E580DD56BACC97F85075A539E7C5D95040A8F870A621DAF4 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
22:50:06.0723 0x1344  mrxsmb20 - ok
22:50:06.0744 0x1344  [ E0927EFA25D473367C3341B9F5969779, B77A162BD3334557623674373D8EC2BE7CC0B359DF06304E467ABFFEE0530271 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
22:50:06.0798 0x1344  MsBridge - ok
22:50:06.0828 0x1344  [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
22:50:06.0859 0x1344  MSDTC - ok
22:50:06.0880 0x1344  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
22:50:06.0894 0x1344  Msfs - ok
22:50:06.0922 0x1344  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
22:50:06.0952 0x1344  msgpiowin32 - ok
22:50:06.0963 0x1344  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
22:50:06.0981 0x1344  mshidkmdf - ok
22:50:06.0996 0x1344  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
22:50:07.0019 0x1344  mshidumdf - ok
22:50:07.0064 0x1344  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
22:50:07.0076 0x1344  msisadrv - ok
22:50:07.0114 0x1344  [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
22:50:07.0132 0x1344  MSiSCSI - ok
22:50:07.0151 0x1344  msiserver - ok
22:50:07.0160 0x1344  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:50:07.0178 0x1344  MSKSSRV - ok
22:50:07.0199 0x1344  [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
22:50:07.0230 0x1344  MsLldp - ok
22:50:07.0247 0x1344  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:50:07.0259 0x1344  MSPCLOCK - ok
22:50:07.0275 0x1344  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
22:50:07.0301 0x1344  MSPQM - ok
22:50:07.0327 0x1344  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
22:50:07.0352 0x1344  MsRPC - ok
22:50:07.0372 0x1344  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
22:50:07.0384 0x1344  mssmbios - ok
22:50:07.0389 0x1344  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
22:50:07.0407 0x1344  MSTEE - ok
22:50:07.0429 0x1344  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
22:50:07.0448 0x1344  MTConfig - ok
22:50:07.0467 0x1344  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
22:50:07.0481 0x1344  Mup - ok
22:50:07.0497 0x1344  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
22:50:07.0513 0x1344  mvumis - ok
22:50:07.0551 0x1344  [ D8C1FE237762249C879760E7F3ABFC1F, 81FB26AF560E7F73A7CB0AC53ECF991C20701B6117C436197B75C3F1F0417BEC ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
22:50:07.0575 0x1344  MyWiFiDHCPDNS - ok
22:50:07.0669 0x1344  [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent        C:\WINDOWS\system32\qagentRT.dll
22:50:07.0699 0x1344  napagent - ok
22:50:07.0836 0x1344  [ 26ACA481FAFEC59FE311D719E3027BBA, 16A24CCA95A38BDFE970580159F6ACAA13FF1B74CF2290B1B020D909F90D3347 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
22:50:07.0887 0x1344  NativeWifiP - ok
22:50:07.0928 0x1344  [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
22:50:07.0962 0x1344  NcaSvc - ok
22:50:07.0978 0x1344  [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
22:50:08.0037 0x1344  NcbService - ok
22:50:08.0062 0x1344  [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
22:50:08.0121 0x1344  NcdAutoSetup - ok
22:50:08.0222 0x1344  [ E4B4BE2D7750849C07589DA0B0AABA01, BB5AA727BA018A94B5DE2C4E0B594DD2E7A2B3457885446EE568F3A1E18AB3B0 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
22:50:08.0277 0x1344  NDIS - ok
22:50:08.0318 0x1344  [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
22:50:08.0402 0x1344  NdisCap - ok
22:50:08.0434 0x1344  [ B1AA3B19A2E596A59224F893E01A5A75, E08696CA5E087E51AC3E64D4FB8490EEADD612DDF30C9A94DD1BD1BA124B71B7 ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
22:50:08.0529 0x1344  NdisImPlatform - ok
22:50:08.0546 0x1344  [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:50:08.0565 0x1344  NdisTapi - ok
22:50:08.0583 0x1344  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:50:08.0597 0x1344  Ndisuio - ok
22:50:08.0624 0x1344  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
22:50:08.0649 0x1344  NdisVirtualBus - ok
22:50:08.0672 0x1344  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:50:08.0705 0x1344  NdisWan - ok
22:50:08.0715 0x1344  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:50:08.0736 0x1344  NdisWanLegacy - ok
22:50:08.0752 0x1344  [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
22:50:08.0777 0x1344  NDProxy - ok
22:50:08.0793 0x1344  [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
22:50:08.0824 0x1344  Ndu - ok
22:50:08.0844 0x1344  [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
22:50:08.0875 0x1344  NetBIOS - ok
22:50:08.0906 0x1344  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
22:50:08.0946 0x1344  NetBT - ok
22:50:08.0961 0x1344  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon        C:\WINDOWS\system32\lsass.exe
22:50:08.0974 0x1344  Netlogon - ok
22:50:09.0062 0x1344  [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman          C:\WINDOWS\System32\netman.dll
22:50:09.0103 0x1344  Netman - ok
22:50:09.0182 0x1344  [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
22:50:09.0218 0x1344  netprofm - ok
22:50:09.0360 0x1344  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:50:09.0443 0x1344  NetTcpPortSharing - ok
22:50:09.0470 0x1344  [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc          C:\WINDOWS\system32\DRIVERS\netvsc63.sys
22:50:09.0505 0x1344  netvsc - ok
22:50:10.0045 0x1344  [ 75B9B86878CC159FBC40C4F9202ADBE3, 80D9176112BAFB42E6568E723781E5C03BD5472AB382496C1BD784DB9B2FB6E6 ] NETwNe64        C:\WINDOWS\system32\DRIVERS\NETwew00.sys
22:50:10.0165 0x1344  NETwNe64 - ok
22:50:10.0205 0x1344  [ 2263727032E9B19231A706046B8C82D3, AAAE23FF8164BC03F9C331C324F4C4AC7298535CC0BBBB14E9319D009D92D9E1 ] NetworkX        C:\WINDOWS\system32\ckldrv.sys
22:50:10.0227 0x1344  NetworkX - ok
22:50:10.0265 0x1344  [ 3A280F3B3C7A46E29C404ACD46ECBF5E, 81C3367A2A212DBCC65B8A0166FD092E3205AB31A146B4B737061335CEC51F9D ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
22:50:10.0307 0x1344  NlaSvc - ok
22:50:10.0326 0x1344  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
22:50:10.0357 0x1344  Npfs - ok
22:50:10.0388 0x1344  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
22:50:10.0429 0x1344  npsvctrig - ok
22:50:10.0442 0x1344  [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi             C:\WINDOWS\system32\nsisvc.dll
22:50:10.0468 0x1344  nsi - ok
22:50:10.0487 0x1344  [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
22:50:10.0518 0x1344  nsiproxy - ok
22:50:10.0991 0x1344  [ 038C77D577900EE39410662478BB0D50, A33AAFD5750245C17A47EC71F3C6EAD2E0925CAD34C65AB3E6CEE44756C668E6 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
22:50:11.0083 0x1344  Ntfs - ok
22:50:11.0115 0x1344  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
22:50:11.0152 0x1344  Null - ok
22:50:11.0166 0x1344  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
22:50:11.0183 0x1344  nvraid - ok
22:50:11.0203 0x1344  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
22:50:11.0221 0x1344  nvstor - ok
22:50:11.0245 0x1344  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
22:50:11.0261 0x1344  nv_agp - ok
22:50:11.0448 0x1344  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:50:11.0474 0x1344  odserv - ok
22:50:11.0506 0x1344  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:50:11.0523 0x1344  ose - ok
22:50:11.0559 0x1344  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
22:50:11.0629 0x1344  p2pimsvc - ok
22:50:11.0663 0x1344  [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
22:50:11.0710 0x1344  p2psvc - ok
22:50:11.0730 0x1344  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
22:50:11.0754 0x1344  Parport - ok
22:50:11.0775 0x1344  [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
22:50:11.0789 0x1344  partmgr - ok
22:50:11.0829 0x1344  [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
22:50:11.0886 0x1344  PcaSvc - ok
22:50:11.0917 0x1344  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
22:50:11.0940 0x1344  pci - ok
22:50:11.0969 0x1344  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
22:50:11.0980 0x1344  pciide - ok
22:50:11.0999 0x1344  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
22:50:12.0016 0x1344  pcmcia - ok
22:50:12.0030 0x1344  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
22:50:12.0043 0x1344  pcw - ok
22:50:12.0077 0x1344  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
22:50:12.0091 0x1344  pdc - ok
22:50:12.0244 0x1344  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
22:50:12.0300 0x1344  PEAUTH - ok
22:50:12.0323 0x1344  [ EE926C59CBD4DC4DC9FBB85014A2F1A5, 777459BD30A480E03EA5D0BBA431C2CD573403687FAA0B29F172086A0304E230 ] PEGAGFN         C:\Program Files (x86)\PHotkey\PEGAGFN.sys
22:50:12.0331 0x1344  PEGAGFN - ok
22:50:12.0413 0x1344  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
22:50:12.0479 0x1344  PerfHost - ok
22:50:12.0830 0x1344  [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla             C:\WINDOWS\system32\pla.dll
22:50:12.0911 0x1344  pla - ok
22:50:12.0946 0x1344  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
22:50:12.0961 0x1344  PlugPlay - ok
22:50:12.0985 0x1344  [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
22:50:13.0023 0x1344  PNRPAutoReg - ok
22:50:13.0068 0x1344  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
22:50:13.0092 0x1344  PNRPsvc - ok
22:50:13.0163 0x1344  [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
22:50:13.0201 0x1344  PolicyAgent - ok
22:50:13.0248 0x1344  [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power           C:\WINDOWS\system32\umpo.dll
22:50:13.0300 0x1344  Power - ok
22:50:13.0796 0x1344  [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
22:50:13.0955 0x1344  PrintNotify - ok
22:50:14.0015 0x1344  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
22:50:14.0062 0x1344  Processor - ok
22:50:14.0092 0x1344  [ EF1F8B57323E5D3FC6A0A25F98F90DBC, F50E81151604DCD59BB647FD6767C1631AE48B5FCA6D3423C4E32535C94D6369 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
22:50:14.0141 0x1344  ProfSvc - ok
22:50:14.0173 0x1344  [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
22:50:14.0207 0x1344  Psched - ok
22:50:14.0235 0x1344  [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE           C:\WINDOWS\system32\qwave.dll
22:50:14.0272 0x1344  QWAVE - ok
22:50:14.0291 0x1344  [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
22:50:14.0308 0x1344  QWAVEdrv - ok
22:50:14.0326 0x1344  [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:50:14.0341 0x1344  RasAcd - ok
22:50:14.0377 0x1344  [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
22:50:14.0397 0x1344  RasAuto - ok
22:50:14.0435 0x1344  [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan          C:\WINDOWS\System32\rasmans.dll
22:50:14.0493 0x1344  RasMan - ok
22:50:14.0515 0x1344  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:50:14.0534 0x1344  RasPppoe - ok
22:50:14.0573 0x1344  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:50:14.0785 0x1344  rdbss - ok
22:50:14.0806 0x1344  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
22:50:14.0841 0x1344  rdpbus - ok
22:50:14.0862 0x1344  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
22:50:14.0895 0x1344  RDPDR - ok
22:50:14.0938 0x1344  [ 9F08A6608F98B5407E7DDBCF306573EF, 92812F97CFDB2EC128BC48143DE215B7D012B15D3FB4D2199222AD8C31DA5016 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
22:50:14.0950 0x1344  RdpVideoMiniport - ok
22:50:14.0985 0x1344  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
22:50:15.0006 0x1344  rdyboost - ok
22:50:15.0172 0x1344  [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
22:50:15.0229 0x1344  ReFS - ok
22:50:15.0427 0x1344  [ 695C4AC7D0B5002040C7540364C43940, 9DA5455057F11ADA471D0C02A2728490565B27840ACA68577694FAD1CC854ED3 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:50:15.0451 0x1344  RegSrvc - ok
22:50:15.0517 0x1344  [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
22:50:15.0543 0x1344  RemoteAccess - ok
22:50:15.0584 0x1344  [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
22:50:15.0633 0x1344  RemoteRegistry - ok
22:50:15.0667 0x1344  [ 0527EF6E23B9FAB37DDCBC479C6CFA28, C004CE600074AC434F8B24A3383F8C0ACFA5476D9E3B1493B40911C78B028D64 ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
22:50:15.0717 0x1344  RFCOMM - ok
22:50:15.0750 0x1344  [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
22:50:15.0774 0x1344  RpcEptMapper - ok
22:50:15.0801 0x1344  [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator      C:\WINDOWS\system32\locator.exe
22:50:15.0824 0x1344  RpcLocator - ok
22:50:15.0872 0x1344  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
22:50:15.0907 0x1344  RpcSs - ok
22:50:15.0946 0x1344  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
22:50:15.0976 0x1344  rspndr - ok
22:50:16.0007 0x1344  [ 0E32A8922DCFD28EA00AAEC07CB3F331, 27F329C6A66DB01C291E1EDCEB7781A05658520B12FF8ECD1FBD3B86EF78DF30 ] RSUSBSTOR       C:\WINDOWS\System32\Drivers\RtsUStor.sys
22:50:16.0030 0x1344  RSUSBSTOR - ok
22:50:16.0069 0x1344  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
22:50:16.0111 0x1344  RTL8168 - ok
22:50:16.0156 0x1344  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
22:50:16.0174 0x1344  s3cap - ok
22:50:16.0194 0x1344  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs           C:\WINDOWS\system32\lsass.exe
22:50:16.0208 0x1344  SamSs - ok
22:50:16.0272 0x1344  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
22:50:16.0298 0x1344  sbp2port - ok
22:50:16.0336 0x1344  [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
22:50:16.0381 0x1344  SCardSvr - ok
22:50:16.0397 0x1344  [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
22:50:16.0425 0x1344  ScDeviceEnum - ok
22:50:16.0441 0x1344  [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
22:50:16.0469 0x1344  scfilter - ok
22:50:16.0534 0x1344  [ D3AE5DB16EAF913860EC28654CE00E6B, AD76B6044F7247C6E86F6DCB7CFD6B25BCA2B9F09A97A419F043A999E66726A2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
22:50:16.0610 0x1344  Schedule - ok
22:50:16.0641 0x1344  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
22:50:16.0661 0x1344  SCPolicySvc - ok
22:50:16.0788 0x1344  [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
22:50:16.0818 0x1344  sdbus - ok
22:50:16.0867 0x1344  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
22:50:16.0887 0x1344  sdstor - ok
22:50:16.0902 0x1344  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
22:50:16.0921 0x1344  secdrv - ok
22:50:16.0946 0x1344  [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon        C:\WINDOWS\system32\seclogon.dll
22:50:16.0963 0x1344  seclogon - ok
22:50:16.0976 0x1344  [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS            C:\WINDOWS\System32\sens.dll
22:50:17.0025 0x1344  SENS - ok
22:50:17.0050 0x1344  [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
22:50:17.0085 0x1344  SensrSvc - ok
22:50:17.0113 0x1344  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
22:50:17.0126 0x1344  SerCx - ok
22:50:17.0172 0x1344  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
22:50:17.0201 0x1344  SerCx2 - ok
22:50:17.0215 0x1344  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
22:50:17.0237 0x1344  Serenum - ok
22:50:17.0257 0x1344  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
22:50:17.0282 0x1344  Serial - ok
22:50:17.0301 0x1344  [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
22:50:17.0314 0x1344  sermouse - ok
22:50:17.0352 0x1344  [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
22:50:17.0406 0x1344  SessionEnv - ok
22:50:17.0427 0x1344  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
22:50:17.0439 0x1344  sfloppy - ok
22:50:17.0513 0x1344  [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
22:50:17.0579 0x1344  SharedAccess - ok
22:50:17.0651 0x1344  [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:50:17.0693 0x1344  ShellHWDetection - ok
22:50:17.0720 0x1344  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
22:50:17.0743 0x1344  SiSRaid2 - ok
22:50:17.0771 0x1344  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
22:50:17.0785 0x1344  SiSRaid4 - ok
22:50:17.0808 0x1344  [ 07CEDCCDB208905867EBAD761EA4E057, F1EF70ED2132E537EFDE2B26436239723F8C05AAFF170FD24EE91DB38AC9957E ] SmbDrv          C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys
22:50:17.0818 0x1344  SmbDrv - ok
22:50:17.0845 0x1344  [ 74BF7AF7D1B642044BE5CCC93884C2F3, 5505124D375FDD1B26373C45E6FD289C8E35DB99066D4B5614E39AFF8B60639E ] SmbDrvI         C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
22:50:17.0854 0x1344  SmbDrvI - ok
22:50:17.0884 0x1344  [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost         C:\WINDOWS\System32\smphost.dll
22:50:17.0938 0x1344  smphost - ok
22:50:17.0970 0x1344  [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
22:50:17.0998 0x1344  SNMPTRAP - ok
22:50:18.0043 0x1344  [ 240C5C3793206725AA05665851E8C214, 96ADFB85EB1623EB00C251C1C6A1F441A1795F0EBFD10B17DD1CA58E3AE8A90D ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
22:50:18.0076 0x1344  spaceport - ok
22:50:18.0092 0x1344  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
22:50:18.0106 0x1344  SpbCx - ok
22:50:18.0185 0x1344  [ 42FEA9E0BA9761D9E65A4F167D91515B, 9A34CE83F3ACD50608671BDABE5E475F8E0C8335D3B8B7B3D7E84B2A319FA29F ] Spooler         C:\WINDOWS\System32\spoolsv.exe
22:50:18.0276 0x1344  Spooler - ok
22:50:18.0997 0x1344  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
22:50:19.0335 0x1344  sppsvc - ok
22:50:19.0480 0x1344  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
22:50:19.0543 0x1344  srv - ok
22:50:19.0585 0x1344  [ 5BED3AB69797C8786EF70AEA8C33748B, 0474EE6C43D437CBA9848BCF25D1341B122D7E9F371A0FF3C62C83D14B2CB095 ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
22:50:19.0632 0x1344  srv2 - ok
22:50:19.0725 0x1344  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
22:50:19.0764 0x1344  srvnet - ok
22:50:19.0882 0x1344  [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
22:50:19.0914 0x1344  SSDPSRV - ok
22:50:19.0944 0x1344  [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
22:50:19.0975 0x1344  SstpSvc - ok
22:50:19.0994 0x1344  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
22:50:20.0006 0x1344  stexstor - ok
22:50:20.0057 0x1344  [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
22:50:20.0113 0x1344  stisvc - ok
22:50:20.0127 0x1344  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
22:50:20.0143 0x1344  storahci - ok
22:50:20.0173 0x1344  [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt         C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
22:50:20.0186 0x1344  storflt - ok
22:50:20.0206 0x1344  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
22:50:20.0219 0x1344  stornvme - ok
22:50:20.0235 0x1344  [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
22:50:20.0284 0x1344  StorSvc - ok
22:50:20.0298 0x1344  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
22:50:20.0310 0x1344  storvsc - ok
22:50:20.0330 0x1344  [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc           C:\WINDOWS\system32\svsvc.dll
22:50:20.0356 0x1344  svsvc - ok
22:50:20.0370 0x1344  [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
22:50:20.0382 0x1344  swenum - ok
22:50:20.0444 0x1344  [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv           C:\WINDOWS\System32\swprv.dll
22:50:20.0509 0x1344  swprv - ok
22:50:20.0544 0x1344  [ 530EF17999990539CC56474252802364, EF9233B3FB4509C0285376CB84564DF6A6F1F8B12BB8D6DBA0A7990B484F550B ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:50:20.0567 0x1344  SynTP - ok
22:50:20.0818 0x1344  [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain         C:\WINDOWS\system32\sysmain.dll
22:50:20.0900 0x1344  SysMain - ok
22:50:20.0934 0x1344  [ FD4EA8E9232ADD51DC31C295DDEF2768, 3EA40D7376AB5AA5DA2BCF4745C79F7BF819363466967ECC3CD15ADECBFD7244 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
22:50:20.0997 0x1344  SystemEventsBroker - ok
22:50:21.0034 0x1344  [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
22:50:21.0069 0x1344  TabletInputService - ok
22:50:21.0100 0x1344  [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
22:50:21.0159 0x1344  TapiSrv - ok
22:50:21.0429 0x1344  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
22:50:21.0540 0x1344  Tcpip - ok
22:50:21.0717 0x1344  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:50:21.0814 0x1344  TCPIP6 - ok
22:50:21.0862 0x1344  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
22:50:21.0930 0x1344  tcpipreg - ok
22:50:21.0965 0x1344  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
22:50:22.0047 0x1344  tdx - ok
22:50:22.0096 0x1344  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
22:50:22.0109 0x1344  terminpt - ok
22:50:22.0264 0x1344  [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService     C:\WINDOWS\System32\termsrv.dll
22:50:22.0320 0x1344  TermService - ok
22:50:22.0351 0x1344  [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes          C:\WINDOWS\system32\themeservice.dll
22:50:22.0384 0x1344  Themes - ok
22:50:22.0418 0x1344  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
22:50:22.0433 0x1344  THREADORDER - ok
22:50:22.0459 0x1344  [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
22:50:22.0504 0x1344  TimeBroker - ok
22:50:22.0528 0x1344  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
22:50:22.0546 0x1344  TPM - ok
22:50:22.0591 0x1344  [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
22:50:22.0622 0x1344  TrkWks - ok
22:50:22.0682 0x1344  [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
22:50:22.0733 0x1344  TrustedInstaller - ok
22:50:22.0755 0x1344  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
22:50:22.0795 0x1344  TsUsbFlt - ok
22:50:22.0820 0x1344  [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
22:50:22.0840 0x1344  TsUsbGD - ok
22:50:22.0857 0x1344  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
22:50:22.0881 0x1344  tunnel - ok
22:50:22.0897 0x1344  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
22:50:22.0911 0x1344  uagp35 - ok
22:50:22.0926 0x1344  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
22:50:22.0940 0x1344  UASPStor - ok
22:50:22.0958 0x1344  [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
22:50:22.0977 0x1344  UCX01000 - ok
22:50:23.0007 0x1344  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
22:50:23.0035 0x1344  udfs - ok
22:50:23.0050 0x1344  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
22:50:23.0062 0x1344  UEFI - ok
22:50:23.0095 0x1344  [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
22:50:23.0139 0x1344  UI0Detect - ok
22:50:23.0164 0x1344  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
22:50:23.0178 0x1344  uliagpkx - ok
22:50:23.0194 0x1344  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
22:50:23.0207 0x1344  umbus - ok
22:50:23.0227 0x1344  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
22:50:23.0239 0x1344  UmPass - ok
22:50:23.0286 0x1344  [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
22:50:23.0321 0x1344  UmRdpService - ok
22:50:23.0606 0x1344  [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:50:23.0625 0x1344  UNS - ok
22:50:23.0657 0x1344  [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost        C:\WINDOWS\System32\upnphost.dll
22:50:23.0704 0x1344  upnphost - ok
22:50:23.0726 0x1344  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
22:50:23.0751 0x1344  USBAAPL64 - ok
22:50:23.0782 0x1344  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
22:50:23.0799 0x1344  usbccgp - ok
22:50:23.0830 0x1344  [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
22:50:23.0846 0x1344  usbcir - ok
22:50:23.0875 0x1344  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
22:50:23.0890 0x1344  usbehci - ok
22:50:23.0929 0x1344  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
22:50:23.0958 0x1344  usbhub - ok
22:50:23.0990 0x1344  [ 65392F3F3F65E4C6CC82A0F4F8A0B051, C11B662A28D95820717DFFC6B76DBB755E4876009A2342E5E3992DE32D6BFF61 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
22:50:24.0023 0x1344  USBHUB3 - ok
22:50:24.0063 0x1344  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
22:50:24.0115 0x1344  usbohci - ok
22:50:24.0134 0x1344  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
22:50:24.0179 0x1344  usbprint - ok
22:50:24.0201 0x1344  [ F04D164C4168701A4E7835607722E5F1, 6F743CF2CF73945B4A4B1C4402744BC2FE1624F1346C194493AD2F7110F9EB35 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:50:24.0215 0x1344  usbscan - ok
22:50:24.0247 0x1344  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
22:50:24.0265 0x1344  USBSTOR - ok
22:50:24.0288 0x1344  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
22:50:24.0308 0x1344  usbuhci - ok
22:50:24.0343 0x1344  [ 18F744E8CCEB2670040EBAF7AD77B8C6, C5E2DF4EA0D946B4DA67DE29FA9D0F079DED35EC59B98E532C4C2D5F8E86DA0A ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
22:50:24.0373 0x1344  usbvideo - ok
22:50:24.0407 0x1344  [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
22:50:24.0432 0x1344  USBXHCI - ok
22:50:24.0448 0x1344  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
22:50:24.0461 0x1344  VaultSvc - ok
22:50:24.0478 0x1344  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
22:50:24.0491 0x1344  vdrvroot - ok
22:50:24.0568 0x1344  [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds             C:\WINDOWS\System32\vds.exe
22:50:24.0633 0x1344  vds - ok
22:50:24.0659 0x1344  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
22:50:24.0676 0x1344  VerifierExt - ok
22:50:24.0886 0x1344  [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
22:50:24.0921 0x1344  vhdmp - ok
22:50:24.0939 0x1344  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
22:50:24.0951 0x1344  viaide - ok
22:50:24.0967 0x1344  [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
22:50:24.0982 0x1344  vmbus - ok
22:50:25.0000 0x1344  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
22:50:25.0018 0x1344  VMBusHID - ok
22:50:25.0071 0x1344  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
22:50:25.0101 0x1344  vmicguestinterface - ok
22:50:25.0119 0x1344  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
22:50:25.0147 0x1344  vmicheartbeat - ok
22:50:25.0165 0x1344  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
22:50:25.0193 0x1344  vmickvpexchange - ok
22:50:25.0211 0x1344  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
22:50:25.0238 0x1344  vmicrdv - ok
22:50:25.0257 0x1344  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
22:50:25.0283 0x1344  vmicshutdown - ok
22:50:25.0301 0x1344  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
22:50:25.0328 0x1344  vmictimesync - ok
22:50:25.0346 0x1344  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
22:50:25.0373 0x1344  vmicvss - ok
22:50:25.0396 0x1344  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
22:50:25.0410 0x1344  volmgr - ok
22:50:25.0453 0x1344  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
22:50:25.0485 0x1344  volmgrx - ok
22:50:25.0615 0x1344  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
22:50:25.0653 0x1344  volsnap - ok
22:50:25.0681 0x1344  [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
22:50:25.0694 0x1344  vpci - ok
22:50:25.0715 0x1344  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
22:50:25.0732 0x1344  vsmraid - ok
22:50:25.0832 0x1344  [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS             C:\WINDOWS\system32\vssvc.exe
22:50:25.0903 0x1344  VSS - ok
22:50:25.0934 0x1344  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
22:50:25.0956 0x1344  VSTXRAID - ok
22:50:25.0989 0x1344  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
22:50:26.0069 0x1344  vwifibus - ok
22:50:26.0107 0x1344  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
22:50:26.0131 0x1344  vwififlt - ok
22:50:26.0142 0x1344  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
22:50:26.0170 0x1344  vwifimp - ok
22:50:26.0211 0x1344  [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time         C:\WINDOWS\system32\w32time.dll
22:50:26.0240 0x1344  W32Time - ok
22:50:26.0259 0x1344  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
22:50:26.0288 0x1344  WacomPen - ok
22:50:26.0480 0x1344  [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
22:50:26.0561 0x1344  wbengine - ok
22:50:26.0606 0x1344  [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
22:50:26.0662 0x1344  WbioSrvc - ok
22:50:26.0720 0x1344  [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
22:50:26.0759 0x1344  Wcmsvc - ok
22:50:26.0807 0x1344  [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
22:50:26.0871 0x1344  wcncsvc - ok
22:50:26.0887 0x1344  [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
22:50:26.0934 0x1344  WcsPlugInService - ok
22:50:26.0953 0x1344  [ 0359607177E5E9F6041136CC0A5CB0B6, 16687BE2639648CF46E8768BA1798030472C525612C629BF134D053240E2195B ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
22:50:26.0966 0x1344  WdBoot - ok
22:50:27.0014 0x1344  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
22:50:27.0052 0x1344  Wdf01000 - ok
22:50:27.0074 0x1344  [ DE8D12B4C3F55FA2C5E9774314F6C58A, C3E835DC066A94E1431BCDC90D7EA27AAC6F82826F4A5527B37D865241D7A366 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
22:50:27.0095 0x1344  WdFilter - ok
22:50:27.0110 0x1344  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
22:50:27.0133 0x1344  WdiServiceHost - ok
22:50:27.0149 0x1344  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
22:50:27.0172 0x1344  WdiSystemHost - ok
22:50:27.0185 0x1344  [ 4AD874CDC812EC156265E451B6B09DAB, 6E3E05B8301841425E9BB0D54B35EF386B78EEB307B5A6153FD1F366D30F23FA ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
22:50:27.0200 0x1344  WdNisDrv - ok
22:50:27.0232 0x1344  WdNisSvc - ok
22:50:27.0266 0x1344  [ 91B18D7A1702ED589E67C6C81052B955, 5D1DA8B86106A28E50BBCCB36527CC130D41201F5BE1D3DC5F1D6F7ECCF807BA ] WebClient       C:\WINDOWS\System32\webclnt.dll
22:50:27.0296 0x1344  WebClient - ok
22:50:27.0317 0x1344  [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
22:50:27.0340 0x1344  Wecsvc - ok
22:50:27.0363 0x1344  [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
22:50:27.0389 0x1344  WEPHOSTSVC - ok
22:50:27.0423 0x1344  [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
22:50:27.0461 0x1344  wercplsupport - ok
22:50:27.0495 0x1344  [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
22:50:27.0526 0x1344  WerSvc - ok
22:50:27.0556 0x1344  [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
22:50:27.0572 0x1344  WFPLWFS - ok
22:50:27.0616 0x1344  [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
22:50:27.0643 0x1344  WiaRpc - ok
22:50:27.0665 0x1344  [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
22:50:27.0677 0x1344  WIMMount - ok
22:50:27.0680 0x1344  WinDefend - ok
22:50:27.0744 0x1344  [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
22:50:27.0795 0x1344  WinHttpAutoProxySvc - ok
22:50:27.0864 0x1344  [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
22:50:27.0895 0x1344  Winmgmt - ok
22:50:28.0007 0x1344  [ 9CE162EB9057CF079736F4DD00FC0D6C, 412C34557866D2A3B3CDAFA5A03B87C01AACF75E349802E511098B20137028D9 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
22:50:28.0146 0x1344  WinRM - ok
22:50:28.0180 0x1344  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\WINDOWS\system32\DRIVERS\WinUsb.sys
22:50:28.0196 0x1344  WinUsb - ok
22:50:28.0292 0x1344  [ 3F5EF31C6AA204B099EE76497DF80A26, CBE648A4E7E1D98A3D8C72582C1CB3C2FD2329EAA24EE4DCAD271AAA6F4D82CE ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
22:50:28.0396 0x1344  WlanSvc - ok
22:50:28.0577 0x1344  [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
22:50:28.0651 0x1344  wlidsvc - ok
22:50:28.0672 0x1344  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
22:50:28.0692 0x1344  WmiAcpi - ok
22:50:28.0726 0x1344  [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
22:50:28.0764 0x1344  wmiApSrv - ok
22:50:28.0797 0x1344  WMPNetworkSvc - ok
22:50:28.0820 0x1344  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
22:50:28.0838 0x1344  Wof - ok
22:50:28.0929 0x1344  [ 61BF52E9FFAB27A0B6D621BE26088373, 81291D52C381360E69D51E7DEB05CFAC651A7E9EF781CA23062C0583D0C94708 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
22:50:29.0017 0x1344  workfolderssvc - ok
22:50:29.0053 0x1344  [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
22:50:29.0067 0x1344  wpcfltr - ok
22:50:29.0095 0x1344  [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
22:50:29.0134 0x1344  WPCSvc - ok
22:50:29.0168 0x1344  [ 618A19EB31ECA7B7F2AA0207BAF598A5, CB18CF9B781EAB3D775F8201F294A7135E058D6C963D2CC759DCA14D95EED538 ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
22:50:29.0222 0x1344  WPDBusEnum - ok
22:50:29.0246 0x1344  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
22:50:29.0277 0x1344  WpdUpFltr - ok
22:50:29.0298 0x1344  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
22:50:29.0329 0x1344  ws2ifsl - ok
22:50:29.0357 0x1344  [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
22:50:29.0419 0x1344  wscsvc - ok
22:50:29.0424 0x1344  WSearch - ok
22:50:29.0595 0x1344  [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService       C:\WINDOWS\System32\WSService.dll
22:50:29.0740 0x1344  WSService - ok
22:50:29.0894 0x1344  [ DCD090318EC800CF6275C6835900B0C6, 9E72762EEE46CC0606B909850E6D22E9C8E5C88E82F7C974B2B7C1E5160BEBA7 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
22:50:30.0064 0x1344  wuauserv - ok
22:50:30.0089 0x1344  [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
22:50:30.0120 0x1344  WudfPf - ok
22:50:30.0143 0x1344  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
22:50:30.0161 0x1344  WUDFRd - ok
22:50:30.0171 0x1344  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP    C:\WINDOWS\System32\drivers\WUDFRd.sys
22:50:30.0189 0x1344  WUDFSensorLP - ok
22:50:30.0215 0x1344  [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
22:50:30.0231 0x1344  wudfsvc - ok
22:50:30.0243 0x1344  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
22:50:30.0261 0x1344  WUDFWpdFs - ok
22:50:30.0271 0x1344  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
22:50:30.0289 0x1344  WUDFWpdMtp - ok
22:50:30.0330 0x1344  [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
22:50:30.0364 0x1344  WwanSvc - ok
22:50:30.0477 0x1344  [ 7055B389BD0DA0B19236BF43CDDF0E1A, AC9A47C4E5C87A29951993EA4D23CF9E159681DCEE60BBF2350DBB9AA5AAFA21 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
22:50:30.0521 0x1344  ZeroConfigService - ok
22:50:30.0535 0x1344  ================ Scan global ===============================
22:50:30.0575 0x1344  [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\WINDOWS\system32\basesrv.dll
22:50:30.0626 0x1344  [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\WINDOWS\system32\winsrv.dll
22:50:30.0660 0x1344  [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\WINDOWS\system32\sxssrv.dll
22:50:30.0690 0x1344  [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\WINDOWS\system32\services.exe
22:50:30.0704 0x1344  [ Global ] - ok
22:50:30.0704 0x1344  ================ Scan MBR ==================================
22:50:30.0718 0x1344  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
22:50:30.0784 0x1344  \Device\Harddisk0\DR0 - ok
22:50:30.0789 0x1344  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1
22:50:31.0412 0x1344  \Device\Harddisk1\DR1 - ok
22:50:31.0415 0x1344  [ 180DBDE3AF7EA48B3DB3AC27B1DDF401 ] \Device\Harddisk2\DR2
22:50:31.0841 0x1344  \Device\Harddisk2\DR2 - ok
22:50:31.0850 0x1344  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
22:50:31.0946 0x1344  \Device\Harddisk3\DR3 - ok
22:50:31.0947 0x1344  ================ Scan VBR ==================================
22:50:31.0968 0x1344  [ 53F584355267043E3B0860E8CFF6215A ] \Device\Harddisk0\DR0\Partition1
22:50:32.0044 0x1344  \Device\Harddisk0\DR0\Partition1 - ok
22:50:32.0076 0x1344  [ E729B42EE44F3FF4DEB93D9F4AB1BA86 ] \Device\Harddisk0\DR0\Partition2
22:50:32.0114 0x1344  \Device\Harddisk0\DR0\Partition2 - ok
22:50:32.0138 0x1344  [ 9D327BA77F9A4BB193707A464C3EE21D ] \Device\Harddisk0\DR0\Partition3
22:50:32.0151 0x1344  \Device\Harddisk0\DR0\Partition3 - ok
22:50:32.0167 0x1344  [ B657260BFD36B6D56BE9ECA20268ECF8 ] \Device\Harddisk0\DR0\Partition4
22:50:32.0194 0x1344  \Device\Harddisk0\DR0\Partition4 - ok
22:50:32.0211 0x1344  [ B9C56A5A41A41976049469A22465BB4C ] \Device\Harddisk0\DR0\Partition5
22:50:32.0246 0x1344  \Device\Harddisk0\DR0\Partition5 - ok
22:50:32.0275 0x1344  [ 48FFB1BBA352DD22CC3A87DB1BD1D43A ] \Device\Harddisk0\DR0\Partition6
22:50:32.0318 0x1344  \Device\Harddisk0\DR0\Partition6 - ok
22:50:32.0322 0x1344  [ E658489F2A782D32446A832721669FC1 ] \Device\Harddisk1\DR1\Partition1
22:50:32.0324 0x1344  \Device\Harddisk1\DR1\Partition1 - ok
22:50:32.0328 0x1344  [ 3405266773E87D154907975A2069C725 ] \Device\Harddisk2\DR2\Partition1
22:50:32.0380 0x1344  \Device\Harddisk2\DR2\Partition1 - ok
22:50:32.0385 0x1344  [ E1FF86BA8FE5949089F21C22A56C8456 ] \Device\Harddisk3\DR3\Partition1
22:50:32.0386 0x1344  \Device\Harddisk3\DR3\Partition1 - ok
22:50:32.0387 0x1344  ================ Scan generic autorun ======================
22:50:32.0488 0x1344  [ 51F358BE1583FB3246020E36DEEB3E0F, 23E096D57FF2D45168FF5AFF48C10A2E0A144708CD046B1C4F3897205CC8A147 ] C:\WINDOWS\system32\igfxtray.exe
22:50:32.0514 0x1344  IgfxTray - ok
22:50:32.0554 0x1344  [ 1218C5653632440C18ECEA89D1CA4575, AF0E7AA60890C52A257D3501FFE652E95F095407A7C6F6F4F00162A9F7DE7C2D ] C:\WINDOWS\system32\hkcmd.exe
22:50:32.0586 0x1344  HotKeysCmds - ok
22:50:32.0669 0x1344  [ CC8EB098AEDF4BC97D3004A182099EED, 6ADFB7CB5047C47D86C769F21191B12D2F3FD3BC96665B4CCFD8C8DA44C64ED9 ] C:\WINDOWS\system32\igfxpers.exe
22:50:32.0709 0x1344  Persistence - ok
22:50:34.0874 0x1344  [ B3B1175C96F8E01EC5D37F6C0B965F6F, F0330B4B1CBF2D5C4570E53CE6DE2BA6DE14A7156C368458A0B4B59BDBF45DD5 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
22:50:35.0394 0x1344  RTHDVCPL - ok
22:50:35.0412 0x1344  BTMTrayAgent - ok
22:50:35.0412 0x1344  SynTPEnh - ok
22:50:35.0510 0x1344  [ E7861EAA7881E086B2DB88ADF4279D4B, D040BCEC5B7519357D4E28653FC0F9F4FEAA88D291726A0763EA5E84C8C5D840 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
22:50:35.0527 0x1344  IAStorIcon - ok
22:50:35.0657 0x1344  [ 724CB7A116F7E1A67009D751BCF86586, F0C4BE7451C5573AD584F5EF125C0702841E30D928909B5B3EA702831EF2FD9B ] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
22:50:35.0678 0x1344  CLMLServer_For_P2G8 - ok
22:50:35.0720 0x1344  [ BE14AD6D80F9A3B33262C62479199E61, DA661F2821235018BE22CB1B459DDC99BE6D969C754096A83B2B85C1E2E46651 ] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
22:50:35.0744 0x1344  CLVirtualDrive - ok
22:50:35.0792 0x1344  [ A2221900B57AEC20577996744FA4A56A, AFEF9176DBA86CDB16A7E84AD0DF6433D4F5865948774FB6B619CBEBEC004592 ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
22:50:35.0816 0x1344  RemoteControl10 - ok
22:50:35.0892 0x1344  [ AD73BFB6A9B7DE6B490794A3AF02B5AA, 8D5E36BEDBB3B863A7AAEE58F9F74981594B122C8044088E620F5271AA85A548 ] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
22:50:35.0913 0x1344  YouCam Service - ok
22:50:36.0027 0x1344  [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
22:50:36.0053 0x1344  GrooveMonitor - ok
22:50:36.0242 0x1344  [ EE1111977B9995D5E8CBB72C0591EA0E, E96503B78041412EEBE639FFCFBEF81EF900EA5AA4D8D8744CF5711007CEDF56 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
22:50:36.0282 0x1344  APSDaemon - ok
22:50:36.0357 0x1344  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
22:50:36.0384 0x1344  SunJavaUpdateSched - ok
22:50:36.0482 0x1344  [ 085BE68B52CE5A5FA4621507AD518CF3, A1761157760F68FE00F34B0182D1D8629EFE7753F4582C6F5ECD422627A8489E ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
22:50:36.0506 0x1344  iTunesHelper - ok
22:50:36.0847 0x1344  [ DA5FBAA5D62B4FD393947DE5EE8715BE, BA3FDF00AFCF2859585FB9D934E67D31CC7960C093A09F73F8F6AEFE86E9528E ] C:\Users\Nigel\AppData\Local\FluxSoftware\Flux\flux.exe
22:50:36.0897 0x1344  F.lux - ok
22:50:37.0009 0x1344  [ A4410BCB2B6760D92E2770B4779C730E, 83A7A849C9ACC0EB3536096C903F21CDA77FD9253A6FDE084C03023FE38FEEEF ] C:\Users\Nigel\AppData\Roaming\ACEStream\engine\ace_engine.exe
22:50:37.0025 0x1344  AceStream - ok
22:50:37.0734 0x1344  [ C10E5EF1B85DE5B79AC2815C9A677D1F, 33162556A7F41CF107480A788104DD28A0C73C4AFFB224124A6C474D9B47A4DD ] C:\Users\Nigel\AppData\Roaming\uTorrent\uTorrent.exe
22:50:37.0786 0x1344  uTorrent - ok
22:50:37.0788 0x1344  Waiting for KSN requests completion. In queue: 13
22:50:38.0790 0x1344  Waiting for KSN requests completion. In queue: 13
22:50:39.0790 0x1344  Waiting for KSN requests completion. In queue: 13
22:50:40.0833 0x1344  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.6.305.0 ), 0x60100 ( disabled : updated )
22:50:40.0845 0x1344  Win FW state via NFP2: enabled
22:50:43.0213 0x1344  ============================================================
22:50:43.0213 0x1344  Scan finished
22:50:43.0213 0x1344  ============================================================
22:50:43.0223 0x14f4  Detected object count: 1
22:50:43.0224 0x14f4  Actual detected object count: 1
22:51:14.0165 0x14f4  GFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:14.0165 0x14f4  GFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:51:56.0772 0x1230  Deinitialize success

  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Looking good, and the TDSSKiller scan came back clean, so no rootkits hiding. Let's continue and look for orphans and remnants drifting around. How is the machine running?

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log
  • How is the machine running?

  • 0

#10
peter plus

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 163 posts

Do I need to buy Malwarebytes premium or is there another option?

My free trial period has expired

 

Spyhunter is uninstalled.

 

Still many pop-ups


  • 0

Advertisements


#11
peter plus

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 163 posts

Do I need to buy Malwarebytes premium or is there another option?

My free trial period has expired

 

Spyhunter is uninstalled.

 

Still many pop-ups


  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Do I need to buy Malwarebytes premium or is there another option?
My free trial period has expired
 
Spyhunter is uninstalled.
 
Still many pop-ups


Uninstall your current version of MBAM first and then use this tool to completely remove any traces of it. Then, try a re-install of it, but during the re-install Do Not check the premium option when it is offered to you.

Also, what kind of popups are you still getting? Are they within your browser, or are they warnings from your anti-virus program.

Once you have completed the removal of MBAM and reinstalled it, please proceed with the steps in Post #9.


Download and run MBAM Cleaning Tool

Please download mbam-clean.exe from here to your desktop and save it.
  • Please close all open applications and temporarily shutdown your antivirus to avoid any conflicts when running the tool.
  • Locate the file mbam-clean.exe and double-click to run it and follow the onscreen prompts.
  • It will ask to restart your computer, please allow it to do so, its very important
  • After the computer restarts, ensure that your antivirus is enabled and download the latest version of Malwarebytes Anti-Malware from here and save it to your desktop.
  • Now close all open applications including your browser and again temporarily disable your antivirus as before and launch the Malwarebytes installer you just downloaded.
  • Please make sure to uncheck the Trial checkmark near the end of the installation.
  • Please make sure you check for updates at the end of the installation as well.
  • Make sure you have re-enabled your Anti-Virus/Internet-Security applications.

  • 0

#13
peter plus

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 163 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 28/12/2014
Scan Time: 12:18:18
Logfile: mbam2.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.28.05
Rootkit Database: v2014.12.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Nigel
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337787
Time Elapsed: 12 min, 9 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.ReMarkable.A, C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, , [ae8793d5f58788ae573f8b50eb19a35d], 
PUP.Optional.ReMarkable.A, C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, , [f540fc6c5923ad89b2e4bd1e8a7a49b7], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#14
peter plus

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 163 posts
[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3eee36a5d5e8ba4a915b6a4159af7b6e
# engine=21728
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-12-28 02:39:51
# local_time=2014-12-28 02:39:51 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.3.9600 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 166750 10081910 0 0
# scanned=218589
# found=13
# cleaned=12
# scan_time=6553
sh=C2CA3F383B4B06C9B2BB64291C4F07AA2DFFC72D ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{9A57F033-F89B-497A-AB91-B0B941B4D2C5}\Custom.dll"
sh=8742B87E71156FA1D88A8AB5B5F5F32FD4AE3067 ft=1 fh=33f552af56336f35 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Config.Msi\20c38879.rbf"
sh=33247C26DF77F5654FCC313902DF43B7EF30D18F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\ProgramData\oemkbagpgddchkpbijjdmakpihnphepc\oemkbagpgddchkpbijjdmakpihnphepc\P.js"
sh=C2CA3F383B4B06C9B2BB64291C4F07AA2DFFC72D ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application (deleted - quarantined)" ac=C fn="C:\ProgramData\InstallMate\{9A57F033-F89B-497A-AB91-B0B941B4D2C5}\Custom.dll"
sh=37EAE968D2B9ACEE4F0E8831C4D81F0370159F5E ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\giepilabiomhlcmlefmbfkgeoccfhhhc\159\wwsdyYMtl.js"
sh=7315351C40A31A5550A1D990BECE8E03E70BF64A ft=1 fh=29450a02f9da85f4 vn="Win32/AdWare.1ClickDownload.AT application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000"
sh=F613AB81F9B962C8757B04B4EDF3FB74015A4685 ft=1 fh=32cf5abb11dd8dde vn="a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000001"
sh=3B38ECE8A1605F66D7FC38CC9BCC5FF325A2ED55 ft=1 fh=bc0c24e3a63c61a6 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Nigel\Downloads\ccsetup313.exe"
sh=6D305ED99B766945D4F2E4AAE176612B8E289692 ft=1 fh=3d7115b6ff06754d vn="a variant of Win32/OpenCandy.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Nigel\Downloads\drivermax.exe"
sh=1AA9BA3C592ACE8884FE0BE982BE139D7C9FA7DE ft=1 fh=2043cc14f676584e vn="a variant of Win32/Adware.MultiPlug.ED application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Nigel\Downloads\pod-prikritie-s02e01-english-subtitle (1).exe"
sh=A2E7CEA3057E4965B87C9B9495A3C33235F4D9FC ft=1 fh=aabbf171461c6932 vn="a variant of Win32/Adware.MultiPlug.ED application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Nigel\Downloads\pod-prikritie-s02e01-english-subtitle (2).exe"
sh=BD9E75183563A5198FB3B82AC6C4596DD100FF75 ft=1 fh=efbd7417fbc48249 vn="a variant of Win32/Adware.MultiPlug.ED application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Nigel\Downloads\pod-prikritie-s02e01-english-subtitle.exe"
sh=1C84320065AEA37E676E14D29210E52A95AE5BE7 ft=1 fh=1dd1172cce8b7c97 vn="a variant of Win32/SoftPulse.S potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Nigel\Downloads\Unconfirmed 281224.crdownload"

  • 0

#15
peter plus

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 163 posts
 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Java version 32-bit out of Date! 
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP