Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Pop-up Video Ads Everywhere When Browsing!

Started by Quantum Uncertain , Feb 03 2015 08:08 PM

Please log in to reply

#1
Quantum Uncertain

Posted 03 February 2015 - 08:08 PM

New Member

Member
7 posts

Hello!

I seem to have accidentally accepted malware along with some freeware. Every page I browse brings multiple sidebar and toolbar ads. I have run an old copy of Malware Bytes but the infections remained. Some toolbars prevent me from deleting them from the Uninstal Programs menu. I am including my OTL log. I really appreciate your time. Thanks for taking a look!

oTL Log:

OTL logfile created on: 2/3/2015 5:16:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laurence Iledan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 4.76 Gb Available Physical Memory | 59.90% Memory free
15.89 Gb Paging File | 12.19 Gb Available in Paging File | 76.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 700.27 Gb Free Space | 75.18% Space Free | Partition Type: NTFS
Drive D: | 3.81 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LAURENCEILEDAN | User Name: Laurence Iledan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/02/03 17:15:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Laurence Iledan\Downloads\OTL.exe
PRC - [2015/01/30 01:13:09 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
PRC - [2015/01/26 12:54:12 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/10/27 17:37:08 | 003,095,840 | ---- | M] (Nota Inc.) -- C:\Program Files (x86)\Gyazo\GyStation.exe
PRC - [2014/09/26 17:19:22 | 000,530,816 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2014/02/21 09:42:40 | 001,047,536 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
PRC - [2014/02/21 09:18:52 | 000,162,800 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
PRC - [2013/12/17 14:07:16 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/12/09 18:22:32 | 002,279,712 | R--- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013/12/09 18:21:14 | 001,494,304 | R--- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/04/25 18:25:54 | 000,292,848 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

========== Modules (No Company Name) ==========

MOD - [2015/01/30 01:13:09 | 016,844,976 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
MOD - [2015/01/29 00:29:40 | 000,133,120 | ---- | M] () -- C:\Users\Laurence Iledan\AppData\Roaming\krewjiot\colers.dll
MOD - [2015/01/26 12:54:12 | 003,925,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/11/21 18:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/12/09 18:20:28 | 015,129,376 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2015/01/30 01:13:09 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/26 12:54:12 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/01/19 10:49:12 | 000,834,752 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/02/21 09:18:52 | 000,162,800 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe -- (MSI_SuperCharger)
SRV - [2013/12/17 14:07:16 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/12/09 18:21:14 | 001,494,304 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/01/28 21:44:16 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{f2944598-b89f-4e10-b544-5173761572df}Gw64.sys -- ({f2944598-b89f-4e10-b544-5173761572df}Gw64)
DRV:64bit: - [2013/12/05 00:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/11/25 23:49:44 | 000,888,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/10/09 14:30:02 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/04/25 18:24:58 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2013/04/25 18:24:56 | 000,786,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2013/04/25 18:24:56 | 000,368,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2013/01/11 18:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/11/11 16:22:38 | 000,020,464 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys -- (ipadtst)
DRV - [2012/10/25 18:45:52 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys -- (NTIOLib_1_0_3)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Bing,Amazon.com,eBay,Twitter,Wikipedia (en),DuckDuckGo"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.6.3
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.24
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.5.0.1
FF - prefs.js..extensions.enabledAddons: %7B41501e63-3282-4838-65f5-e124b1849ca8%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B59f1a05c-cce1-063c-2cff-3e7d428b9ae8%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B982c2301-20b1-61c9-931d-044cc9e16140%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/09/06 03:07:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Extensions
[2015/02/03 06:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\extensions
[2015/01/29 00:17:36 | 000,000,000 | ---D | M] ("Zoom It") -- C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\extensions\{41501e63-3282-4838-65f5-e124b1849ca8}
[2015/01/10 00:19:29 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2015/01/29 00:22:40 | 000,000,000 | ---D | M] ("Zoom It") -- C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\extensions\{59f1a05c-cce1-063c-2cff-3e7d428b9ae8}
[2015/02/02 22:52:24 | 000,000,000 | ---D | M] ("Zoom It") -- C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\extensions\{982c2301-20b1-61c9-931d-044cc9e16140}
[2014/11/24 17:57:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/09/22 23:27:39 | 000,096,207 | ---- | M] () (No name found) -- C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2015/01/26 12:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/26 12:54:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Laurence Iledan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: No name found = C:\Users\Laurence Iledan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdohfcdfbmkplifgaijhgccjenbcfjop\1.0.1_0\
CHR - Extension: Google Wallet = C:\Users\Laurence Iledan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SUPER CHARGER] C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe (MSI)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe (Nota Inc.)
O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20ED83F4-952B-4718-8C45-74F966DA0B6B}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ea8e7c0b-3a68-11e4-92f6-448a5bb9cf62}\Shell - "" = AutoRun
O33 - MountPoints2\{ea8e7c0b-3a68-11e4-92f6-448a5bb9cf62}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/01/29 01:19:37 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{f2944598-b89f-4e10-b544-5173761572df}Gw64.sys
[2015/01/29 01:11:08 | 000,000,000 | ---D | C] -- C:\Users\Laurence Iledan\AppData\Roaming\WinRAR
[2015/01/29 01:10:47 | 000,000,000 | ---D | C] -- C:\Users\Laurence Iledan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/01/29 01:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/01/29 01:10:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2015/01/29 01:10:19 | 000,000,000 | ---D | C] -- C:\Users\Laurence Iledan\AppData\Roaming\0A1Q1J1G1F2W1I1P1Q1N1P0P2Y1S
[2015/01/29 00:29:40 | 000,000,000 | ---D | C] -- C:\Users\Laurence Iledan\AppData\Roaming\krewjiot
[2015/01/29 00:18:12 | 000,000,000 | ---D | C] -- C:\Users\Laurence Iledan\AppData\Local\CD07D5DC-F7C7-614F-9A13-F020ED36BC67
[2015/01/29 00:17:41 | 000,000,000 | -HSD | C] -- C:\Users\Laurence Iledan\AppData\Local\EmieBrowserModeList
[2015/01/29 00:17:40 | 000,000,000 | -HSD | C] -- C:\Users\Laurence Iledan\AppData\Local\EmieUserList
[2015/01/29 00:17:40 | 000,000,000 | -HSD | C] -- C:\Users\Laurence Iledan\AppData\Local\EmieSiteList
[2015/01/26 12:54:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Laurence Iledan\AppData\Local\*.tmp files -> C:\Users\Laurence Iledan\AppData\Local\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/02/03 16:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/02/03 13:55:00 | 000,001,378 | ---- | M] () -- C:\Windows\tasks\TJMGZO.job
[2015/02/03 13:14:00 | 000,001,378 | ---- | M] () -- C:\Windows\tasks\OAFVZF.job
[2015/02/03 11:51:00 | 000,001,374 | ---- | M] () -- C:\Windows\tasks\FQED.job
[2015/02/03 10:35:00 | 000,001,376 | ---- | M] () -- C:\Windows\tasks\VBLEW.job
[2015/01/29 17:12:39 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/29 17:12:39 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/29 01:19:56 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/29 01:19:56 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/29 01:19:56 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/29 01:14:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/29 01:13:57 | 2103,468,031 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/29 01:01:34 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/29 01:00:08 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/01/29 00:30:27 | 000,002,319 | ---- | M] () -- C:\Users\Laurence Iledan\Desktop\MiniGet Smart Downloader.lnk
[2015/01/29 00:29:40 | 000,001,374 | ---- | M] () -- C:\Users\Laurence Iledan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/29 00:28:51 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/01/28 21:44:16 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{f2944598-b89f-4e10-b544-5173761572df}Gw64.sys
[2015/01/07 05:36:57 | 000,001,010 | ---- | M] () -- C:\Users\Laurence Iledan\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk
[2015/01/07 05:36:57 | 000,001,010 | ---- | M] () -- C:\Users\Laurence Iledan\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo GIF.lnk
[2015/01/07 05:36:57 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\Gyazo.lnk
[2015/01/07 05:36:57 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\Gyazo GIF.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Laurence Iledan\AppData\Local\*.tmp files -> C:\Users\Laurence Iledan\AppData\Local\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/01/29 00:30:27 | 000,002,319 | ---- | C] () -- C:\Users\Laurence Iledan\Desktop\MiniGet Smart Downloader.lnk
[2014/12/14 09:10:00 | 000,003,430 | ---- | C] () -- C:\Users\Laurence Iledan\AppData\Local\recently-used.xbel
[2014/09/13 20:21:39 | 000,004,550 | ---- | C] () -- C:\Users\Laurence Iledan\AppData\Roaming\CamStudio.cfg
[2014/09/13 20:21:39 | 000,000,408 | ---- | C] () -- C:\Users\Laurence Iledan\AppData\Roaming\CamShapes.ini
[2014/09/13 20:21:39 | 000,000,408 | ---- | C] () -- C:\Users\Laurence Iledan\AppData\Roaming\CamLayout.ini
[2014/09/13 20:21:39 | 000,000,100 | ---- | C] () -- C:\Users\Laurence Iledan\AppData\Roaming\Camdata.ini
[2014/09/13 20:05:32 | 000,000,096 | ---- | C] () -- C:\Users\Laurence Iledan\AppData\Roaming\version2.xml
[2014/09/10 18:29:01 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/06 03:45:23 | 000,314,656 | ---- | C] () -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2014/09/06 02:36:00 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/09/06 01:31:43 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/09/01 00:18:44 | 000,002,086 | ---- | C] () -- C:\Users\Laurence Iledan\AppData\Roaming\OAFVZF
[2014/09/01 00:18:44 | 000,002,086 | ---- | C] () -- C:\Users\Laurence Iledan\AppData\Roaming\FQED
[2014/09/01 00:18:44 | 000,001,248 | ---- | C] () -- C:\Users\Laurence Iledan\AppData\Roaming\VBLEW
[2014/09/01 00:18:44 | 000,001,248 | ---- | C] () -- C:\Users\Laurence Iledan\AppData\Roaming\TJMGZO

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2015/01/29 01:10:19 | 000,000,000 | ---D | M] -- C:\Users\Laurence Iledan\AppData\Roaming\0A1Q1J1G1F2W1I1P1Q1N1P0P2Y1S
[2014/10/22 19:11:38 | 000,000,000 | ---D | M] -- C:\Users\Laurence Iledan\AppData\Roaming\Darkstorm
[2014/09/06 04:06:06 | 000,000,000 | ---D | M] -- C:\Users\Laurence Iledan\AppData\Roaming\Firestorm
[2014/12/30 16:13:48 | 000,000,000 | ---D | M] -- C:\Users\Laurence Iledan\AppData\Roaming\Gyazo
[2015/01/29 00:29:40 | 000,000,000 | ---D | M] -- C:\Users\Laurence Iledan\AppData\Roaming\krewjiot
[2014/09/07 21:40:30 | 000,000,000 | ---D | M] -- C:\Users\Laurence Iledan\AppData\Roaming\MPC-HC
[2014/09/13 20:04:51 | 000,000,000 | ---D | M] -- C:\Users\Laurence Iledan\AppData\Roaming\OBS
[2014/09/06 03:09:04 | 000,000,000 | ---D | M] -- C:\Users\Laurence Iledan\AppData\Roaming\Oracle
[2014/12/16 16:45:58 | 000,000,000 | ---D | M] -- C:\Users\Laurence Iledan\AppData\Roaming\uTorrent

========== Purity Check ==========

< End of report >

#2
RKinner

Posted 03 February 2015 - 11:35 PM

Malware Expert

Expert
24,625 posts

It's this driver:

DRV:64bit: - [2015/01/28 21:44:16 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{f2944598-b89f-4e10-b544-5173761572df}Gw64.sys -- ({f2944598-b89f-4e10-b544-5173761572df}Gw64)

and some tasks:

[2015/02/03 13:55:00 | 000,001,378 | ---- | M] () -- C:\Windows\tasks\TJMGZO.job

[2015/02/03 13:14:00 | 000,001,378 | ---- | M] () -- C:\Windows\tasks\OAFVZF.job

[2015/02/03 11:51:00 | 000,001,374 | ---- | M] () -- C:\Windows\tasks\FQED.job

[2015/02/03 10:35:00 | 000,001,376 | ---- | M] () -- C:\Windows\tasks\VBLEW.job

[2015/01/29 01:10:19 | 000,000,000 | ---D | C] -- C:\Users\Laurence Iledan\AppData\Roaming\0A1Q1J1G1F2W1I1P1Q1N1P0P2Y1S

[2015/01/29 00:29:40 | 000,000,000 | ---D | C] -- C:\Users\Laurence Iledan\AppData\Roaming\krewjiot

[2015/01/29 00:18:12 | 000,000,000 | ---D | C] -- C:\Users\Laurence Iledan\AppData\Local\CD07D5DC-F7C7-614F-9A13-F020ED36BC67

[2015/01/29 00:17:41 | 000,000,000 | -HSD | C] -- C:\Users\Laurence Iledan\AppData\Local\EmieBrowserModeList

[2015/01/29 00:17:40 | 000,000,000 | -HSD | C] -- C:\Users\Laurence Iledan\AppData\Local\EmieUserList

[2015/01/29 00:17:40 | 000,000,000 | -HSD | C] -- C:\Users\Laurence Iledan\AppData\Local\EmieSiteList

[2015/01/28 21:44:16 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{f2944598-b89f-4e10-b544-5173761572df}Gw64.sys

OTL may miss a few tho so I want to run a couple of scans and FRST before I try to kill it.

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

Pause your anti-virus. Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Ron

#3
Quantum Uncertain

Posted 04 February 2015 - 01:26 AM

New Member

Topic Starter
Member
7 posts

Hi!

Thanks for the quick reply! I followed the instructions. Here are the logs as requested.

ADWCleaner Log:

# AdwCleaner v4.109 - Report created 03/02/2015 at 23:04:03
# Updated 24/01/2015 by Xplode
# Database : 2015-02-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Laurence Iledan - LAURENCEILEDAN
# Running from : C:\Users\Laurence Iledan\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : {f2944598-b89f-4e10-b544-5173761572df}Gw64

***** [ Files / Folders ] *****

File Deleted : C:\Windows\System32\drivers\{f2944598-b89f-4e10-b544-5173761572df}Gw64.sys
File Deleted : C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\user.js

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adbabylon.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdn.adbabylon.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tabcrawler.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.tabcrawler.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

[v9t9czox.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_40_ff&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0B0Bzy0C0FyCtBtC0E0CyBtN0D0Tzu0StCtDtDyDtN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBz[...]
[v9t9czox.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_dnldstr_14_40_ff&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0B0Bzy0C0FyCtBtC0E0CyBtN0D0Tzu0StCtDtDyDtN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEt[...]
[v9t9czox.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[v9t9czox.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[v9t9czox.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_dnldstr_14_40_ff&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0B0Bzy0C0FyCtBtC0E0CyBtN0D0Tzu0StCtDtDyDtN1L2XzutAtFtBtFtCtFyCtN1L1CzutCy[...]

-\\ Google Chrome v37.0.2062.103

*************************

AdwCleaner[R0].txt - [11536 octets] - [06/09/2014 07:59:39]
AdwCleaner[R1].txt - [11132 octets] - [29/01/2015 01:04:18]
AdwCleaner[R2].txt - [3370 octets] - [03/02/2015 23:03:17]
AdwCleaner[S0].txt - [10829 octets] - [06/09/2014 08:02:25]
AdwCleaner[S1].txt - [8191 octets] - [29/01/2015 01:13:12]
AdwCleaner[S2].txt - [3321 octets] - [03/02/2015 23:04:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3381 octets] ##########

Junkware Removal Tool Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Laurence Iledan on Tue 02/03/2015 at 23:08:42.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Users\Laurence Iledan\AppData\Roaming\mozilla\firefox\profiles\v9t9czox.default\prefs.js

user_pref("extensions.xpiState", "{\"app-profile\":{\"{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}\":{\"d\":\"C:\\\\Users\\\\Laurence Iledan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Fire
Emptied folder: C:\Users\Laurence Iledan\AppData\Roaming\mozilla\firefox\profiles\v9t9czox.default\minidumps [26 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/03/2015 at 23:10:48.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST.txt Log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Laurence Iledan (administrator) on LAURENCEILEDAN on 03-02-2015 23:15:24
Running from C:\Users\Laurence Iledan\Downloads
Loaded Profiles: Laurence Iledan (Available profiles: Laurence Iledan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7540440 2014-02-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\...\MountPoints2: {ea8e7c0b-3a68-11e4-92f6-448a5bb9cf62} - E:\VZW_Software_upgrade_assistant.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2245752596-2351354738-3957502378-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2245752596-2351354738-3957502378-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Zoom It - C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\Extensions\{41501e63-3282-4838-65f5-e124b1849ca8} [2015-01-29]
FF Extension: EPUBReader - C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-01-10]
FF Extension: Zoom It - C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\Extensions\{59f1a05c-cce1-063c-2cff-3e7d428b9ae8} [2015-01-29]
FF Extension: Zoom It - C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\Extensions\{982c2301-20b1-61c9-931d-044cc9e16140} [2015-02-02]
FF Extension: DownloadHelper - C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-24]
FF Extension: Image Zoom - C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-09-22]

Chrome:
=======
CHR Profile: C:\Users\Laurence Iledan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Laurence Iledan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (ace race) - C:\Users\Laurence Iledan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdohfcdfbmkplifgaijhgccjenbcfjop [2015-01-29]
CHR Extension: (Google Wallet) - C:\Users\Laurence Iledan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-06]
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ipadtst; C:\Program Files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys [20464 2013-11-11] (Windows ® Win 7 DDK provider)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 23:13 - 2015-02-03 23:15 - 00010129 _____ () C:\Users\Laurence Iledan\Downloads\FRST.txt
2015-02-03 23:13 - 2015-02-03 23:15 - 00000000 ____D () C:\FRST
2015-02-03 23:13 - 2015-02-03 23:13 - 02131456 _____ (Farbar) C:\Users\Laurence Iledan\Downloads\FRST64.exe
2015-02-03 23:10 - 2015-02-03 23:10 - 00001097 _____ () C:\Users\Laurence Iledan\Desktop\JRT.txt
2015-02-03 23:07 - 2015-02-03 23:07 - 01388274 _____ (Thisisu) C:\Users\Laurence Iledan\Downloads\JRT.exe
2015-02-03 23:02 - 2015-02-03 23:02 - 02194432 _____ () C:\Users\Laurence Iledan\Downloads\AdwCleaner.exe
2015-02-03 17:20 - 2015-02-03 17:20 - 00059762 _____ () C:\Users\Laurence Iledan\Downloads\OTL.Txt
2015-02-03 17:20 - 2015-02-03 17:20 - 00053534 _____ () C:\Users\Laurence Iledan\Downloads\Extras.Txt
2015-02-03 17:14 - 2015-02-03 17:15 - 00602112 _____ (OldTimer Tools) C:\Users\Laurence Iledan\Downloads\OTL.exe
2015-01-29 03:30 - 2015-01-29 04:15 - 132572881 _____ () C:\Users\Laurence Iledan\Downloads\cam158.avi
2015-01-29 01:11 - 2015-01-29 01:11 - 00000000 ____D () C:\Users\Laurence Iledan\AppData\Roaming\WinRAR
2015-01-29 01:10 - 2015-01-29 01:10 - 00000000 ____D () C:\Users\Laurence Iledan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-29 01:10 - 2015-01-29 01:10 - 00000000 ____D () C:\Users\Laurence Iledan\AppData\Roaming\0A1Q1J1G1F2W1I1P1Q1N1P0P2Y1S
2015-01-29 01:10 - 2015-01-29 01:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-29 01:10 - 2015-01-29 01:10 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2015-01-29 01:09 - 2015-01-29 01:09 - 01745176 _____ () C:\Users\Laurence Iledan\Downloads\wrar511.exe
2015-01-29 01:09 - 2015-01-29 01:09 - 00696744 _____ (Adknowledge) C:\Users\Laurence Iledan\Downloads\WinrarSetup.exe
2015-01-29 01:04 - 2015-01-29 01:04 - 02194432 _____ () C:\Users\Laurence Iledan\Downloads\adwcleaner_4.109.exe
2015-01-29 00:30 - 2015-01-29 00:30 - 00613057 _____ (CMI Limited) C:\Users\Laurence Iledan\AppData\Local\nsdBE4E.tmp
2015-01-29 00:30 - 2015-01-29 00:30 - 00002319 _____ () C:\Users\Laurence Iledan\Desktop\MiniGet Smart Downloader.lnk
2015-01-29 00:29 - 2015-01-29 00:29 - 00000000 ____D () C:\Users\Laurence Iledan\AppData\Roaming\krewjiot
2015-01-29 00:18 - 2015-01-29 00:21 - 00000000 ____D () C:\Users\Laurence Iledan\AppData\Local\CD07D5DC-F7C7-614F-9A13-F020ED36BC67
2015-01-29 00:17 - 2015-01-29 00:17 - 00000000 __SHD () C:\Users\Laurence Iledan\AppData\Local\EmieUserList
2015-01-29 00:17 - 2015-01-29 00:17 - 00000000 __SHD () C:\Users\Laurence Iledan\AppData\Local\EmieSiteList
2015-01-29 00:17 - 2015-01-29 00:17 - 00000000 __SHD () C:\Users\Laurence Iledan\AppData\Local\EmieBrowserModeList
2015-01-26 12:54 - 2015-01-26 12:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-19 15:57 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-19 15:57 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-19 15:57 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-19 15:57 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-19 15:57 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-19 15:56 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-19 15:56 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-19 15:56 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-19 15:56 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-19 15:56 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-19 15:56 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-19 15:56 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-19 15:56 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 23:15 - 2014-09-06 04:21 - 01366864 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 23:12 - 2009-07-13 20:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 23:12 - 2009-07-13 20:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 23:11 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 23:05 - 2014-09-06 03:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-03 23:05 - 2014-09-06 02:47 - 00001376 _____ () C:\Windows\Tasks\VBLEW.job
2015-02-03 23:05 - 2014-09-06 02:47 - 00001374 _____ () C:\Windows\Tasks\FQED.job
2015-02-03 23:05 - 2014-09-06 02:39 - 00001378 _____ () C:\Windows\Tasks\OAFVZF.job
2015-02-03 23:05 - 2014-09-06 02:38 - 00001378 _____ () C:\Windows\Tasks\TJMGZO.job
2015-02-03 23:05 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 23:05 - 2009-07-13 20:51 - 00730995 _____ () C:\Windows\setupact.log
2015-02-03 23:04 - 2014-09-06 07:59 - 00000000 ____D () C:\AdwCleaner
2015-02-03 23:04 - 2010-11-20 19:47 - 01305372 _____ () C:\Windows\PFRO.log
2015-02-03 22:53 - 2014-09-06 02:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 20:29 - 2014-09-06 05:37 - 00000000 ____D () C:\Users\Laurence Iledan\AppData\Roaming\vlc
2015-01-30 01:13 - 2014-09-06 03:22 - 00000000 ____D () C:\Users\Laurence Iledan\AppData\Local\Adobe
2015-01-30 01:13 - 2014-09-06 02:42 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-30 01:13 - 2014-09-06 02:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 01:13 - 2014-09-06 02:42 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-29 13:27 - 2009-07-13 18:34 - 00000505 _____ () C:\Windows\win.ini
2015-01-29 01:07 - 2014-09-06 04:55 - 00000000 ____D () C:\Users\Laurence Iledan\AppData\Local\WinZip
2015-01-29 01:01 - 2014-09-06 02:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 01:00 - 2014-09-06 02:54 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-29 01:00 - 2014-09-06 02:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-29 01:00 - 2014-09-06 02:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-29 00:35 - 2014-09-06 03:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-29 00:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-29 00:33 - 2014-10-01 20:15 - 00000000 ____D () C:\Users\Laurence Iledan\AppData\Roaming\Skype
2015-01-29 00:28 - 2014-09-06 02:36 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-01-26 02:17 - 2014-10-01 20:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-26 02:17 - 2014-10-01 20:15 - 00000000 ____D () C:\ProgramData\Skype
2015-01-22 22:59 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-20 15:57 - 2014-09-06 02:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-20 15:54 - 2014-10-27 20:06 - 00000000 ____D () C:\Users\Laurence Iledan\Downloads\Second Life
2015-01-08 09:55 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 05:36 - 2014-12-30 16:09 - 00003798 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2015-01-07 05:36 - 2014-12-30 16:09 - 00000986 _____ () C:\Users\Public\Desktop\Gyazo.lnk
2015-01-07 05:36 - 2014-12-30 16:09 - 00000986 _____ () C:\Users\Public\Desktop\Gyazo GIF.lnk
2015-01-07 05:36 - 2014-12-30 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2015-01-07 05:36 - 2014-12-30 16:09 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2015-01-07 04:30 - 2014-11-06 19:15 - 00000000 ____D () C:\Users\Laurence Iledan\.gimp-2.8
2015-01-06 17:22 - 2014-09-13 21:45 - 00000000 ____D () C:\Users\Laurence Iledan\AppData\Local\Windows Live

==================== Files in the root of some directories =======

2014-09-13 20:21 - 2014-09-13 20:24 - 0000100 _____ () C:\Users\Laurence Iledan\AppData\Roaming\Camdata.ini
2014-09-13 20:21 - 2014-09-13 20:24 - 0000408 _____ () C:\Users\Laurence Iledan\AppData\Roaming\CamLayout.ini
2014-09-13 20:21 - 2014-09-13 20:24 - 0000408 _____ () C:\Users\Laurence Iledan\AppData\Roaming\CamShapes.ini
2014-09-13 20:21 - 2014-09-13 20:24 - 0004550 _____ () C:\Users\Laurence Iledan\AppData\Roaming\CamStudio.cfg
2014-09-01 00:18 - 2014-09-01 00:18 - 0002086 _____ () C:\Users\Laurence Iledan\AppData\Roaming\FQED
2014-09-01 00:18 - 2014-09-01 00:18 - 0002086 _____ () C:\Users\Laurence Iledan\AppData\Roaming\OAFVZF
2014-09-01 00:18 - 2014-09-01 00:18 - 0001248 _____ () C:\Users\Laurence Iledan\AppData\Roaming\TJMGZO
2014-09-01 00:18 - 2014-09-01 00:18 - 0001248 _____ () C:\Users\Laurence Iledan\AppData\Roaming\VBLEW
2014-09-13 20:05 - 2014-09-13 20:21 - 0000096 _____ () C:\Users\Laurence Iledan\AppData\Roaming\version2.xml
2015-01-29 00:30 - 2015-01-29 00:30 - 0613057 _____ (CMI Limited) C:\Users\Laurence Iledan\AppData\Local\nsdBE4E.tmp
2014-12-14 09:10 - 2014-12-14 09:10 - 0003430 _____ () C:\Users\Laurence Iledan\AppData\Local\recently-used.xbel
2014-09-06 01:31 - 2014-09-06 01:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Laurence Iledan\AppData\Local\Temp\374C94E0-D964-0F76-3A20-390C3466BCEB.dll
C:\Users\Laurence Iledan\AppData\Local\Temp\374C94E0-D964-0F76-3A20-390C3466BCEB.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\637D5261-727B-4931-7C36-643A43C3AF8D.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\bcjcabfbbhe.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\Compete_setup.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\Crack [bleep] confessions passwords__10924_i1460178617_il1409259.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\devcon64.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\dufgmr4c.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Laurence Iledan\AppData\Local\Temp\nvStInst.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\post1.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\post2.dll
C:\Users\Laurence Iledan\AppData\Local\Temp\post2.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\Quarantine.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\SpOrder.dll
C:\Users\Laurence Iledan\AppData\Local\Temp\sqlite3.dll
C:\Users\Laurence Iledan\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\ytd_sysmenu_setup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-03 07:44

==================== End Of Log ============================

Addition.txt Log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Laurence Iledan at 2015-02-03 23:16:02
Running from C:\Users\Laurence Iledan\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version: - Creative Assembly)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DarkStorm (remove only) (HKLM-x32\...\DarkStorm) (Version: 4.5.2.39904 - The Phoenix Firestorm Project, Inc.)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve)
DreamScene Seven version 1.6 (HKLM-x32\...\{2367FAB6-057A-4973-875F-F57F7BBBA363}_is1) (Version: 1.6 - DREAMSCENESEVEN.COM)
ffdshow (remove only) (HKLM-x32\...\ffdshow) (Version: - )
Firestorm-Release (remove only) (HKLM-x32\...\Firestorm-Release) (Version: 4.6.9.42974 - The Phoenix Firestorm Project, Inc.)
Fraps (HKLM-x32\...\Fraps) (Version: - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gyazo 2.3 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Idle Crawler (HKLM-x32\...\CD07D5DC-F7C7-614F-9A13-F020ED36BC67) (Version: 132.0.0.476 - EUROHAUTE LTD) <==== ATTENTION
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team)
NVIDIA 3D Vision Controller Driver 332.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.17 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 332.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.17 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.17 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.29.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.29.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7173 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Snap.Do Engine (HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\...\{317d3132-ab9d-4ef9-8f9c-16943381cb78}) (Version: 11.140.1.20709 - ReSoft Ltd.) <==== ATTENTION
Star Trek Online (HKLM-x32\...\Steam App 9900) (Version: - Cryptic Studios)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VTFEdit 1.2.5 (HKLM-x32\...\VTFEdit_is1) (Version: - Neil Jedrzejewski & Ryan Gregg)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinRAR Packages (HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\...\WinRAR Packages) (Version: - ) <==== ATTENTION
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

23-01-2015 23:34:28 Windows Update
27-01-2015 05:18:25 Windows Update
29-01-2015 00:50:07 Removed File Association Helper
30-01-2015 12:38:44 Windows Update
03-02-2015 18:12:47 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {057D7E34-CF7F-4ED3-976B-0F74F1C5D55A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-30] (Adobe Systems Incorporated)
Task: {0F83CE9F-2178-468F-877C-D32F3424D943} - \Runner IC No Task File <==== ATTENTION
Task: {1BF01704-F7C2-4DD6-91A7-679CF0273DCC} - \SMW_UpdateTask_Time_323432353139383833352d4155346c375a455778415a34 No Task File <==== ATTENTION
Task: {269474EB-1097-43BD-AE73-54D45C85BF65} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {38EF21AA-C607-42BD-98C6-1FD70FE482B8} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()
Task: {3F00B5A9-16AD-4F4A-A0CA-41FC06B3E1CB} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {549806F3-54A1-48BE-B735-D4CAD9D7F033} - System32\Tasks\OAFVZF => C:\Users\Laurence Iledan\AppData\Roaming\OAFVZF.exe <==== ATTENTION
Task: {5A0D5BF2-AEDC-4F82-9C7B-886A47520B15} - System32\Tasks\FQED => C:\Users\Laurence Iledan\AppData\Roaming\FQED.exe <==== ATTENTION
Task: {9BD4A72E-1561-4A48-9F96-8704C68C739B} - \Microsoft\Windows\Maintenance\Update IC No Task File <==== ATTENTION
Task: {C1A890C8-9731-4266-80A2-8EDEFAD462BA} - \SPBIW_UpdateTask_Time_323432353139383833352d4155346c375a455778415a34 No Task File <==== ATTENTION
Task: {C6E21A2C-0F56-452E-AF3A-74B17F9A42F2} - System32\Tasks\TJMGZO => C:\Users\Laurence Iledan\AppData\Roaming\TJMGZO.exe <==== ATTENTION
Task: {D563B6A0-B134-4C7A-9AF6-6BC54C25AEBC} - System32\Tasks\VBLEW => C:\Users\Laurence Iledan\AppData\Roaming\VBLEW.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FQED.job => C:\Users\Laurence Iledan\AppData\Roaming\FQED.exe <==== ATTENTION
Task: C:\Windows\Tasks\OAFVZF.job => C:\Users\Laurence Iledan\AppData\Roaming\OAFVZF.exe <==== ATTENTION
Task: C:\Windows\Tasks\TJMGZO.job => C:\Users\Laurence Iledan\AppData\Roaming\TJMGZO.exe <==== ATTENTION
Task: C:\Windows\Tasks\VBLEW.job => C:\Users\Laurence Iledan\AppData\Roaming\VBLEW.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-09-06 03:46 - 2013-12-17 13:37 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2245752596-2351354738-3957502378-500 - Administrator - Disabled)
Guest (S-1-5-21-2245752596-2351354738-3957502378-501 - Limited - Disabled)
Laurence Iledan (S-1-5-21-2245752596-2351354738-3957502378-1000 - Administrator - Enabled) => C:\Users\Laurence Iledan

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2015 11:15:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 1.2.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1088

Start Time: 01d0404a1114c637

Termination Time: 19151

Application Path: C:\Users\Laurence Iledan\Downloads\FRST64.exe

Report Id: 7d90ca59-ac3d-11e4-8116-448a5bb9cf62

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (02/03/2015 11:15:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe1.2.2015.0108801d0404a1114c63719151C:\Users\Laurence Iledan\Downloads\FRST64.exe7d90ca59-ac3d-11e4-8116-448a5bb9cf62

CodeIntegrity Errors:
===================================
Date: 2014-09-11 07:04:26.378
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 07:04:26.344
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 07:04:26.294
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 07:02:13.084
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 07:02:13.055
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 07:02:13.022
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 00:58:58.005
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 00:58:57.974
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 00:58:57.943
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 00:58:57.896
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 18%
Total physical RAM: 8136.03 MB
Available physical RAM: 6597.53 MB
Total Pagefile: 16270.25 MB
Available Pagefile: 14669.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:700.01 GB) NTFS
Drive d: (2009-09-15 0921) (CDROM) (Total:3.81 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AF85CB0A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#4
RKinner

Posted 04 February 2015 - 07:32 AM

Malware Expert

Expert
24,625 posts

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix

A fix log will be generated please post that.

Clear the Java Cache by following the instructions on

http://www.java.com/...lugin_cache.xml

You do not have the latest Java.

First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

I see:

Java 7 Update 71

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:

Get the latest Java at:

http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

Uninstall Snap.Do Engine

Run FRST again, check the Additions box and then Scan. You will get two logs. Post them both.

That should get the last of it. Hopefully you are not seeing any mode popups or ads. Let's see if you have any damage:

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt

notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#5
Quantum Uncertain

Posted 04 February 2015 - 01:00 PM

New Member

Topic Starter
Member
7 posts

Thanks again!

Ran into an issue. I followed each step as directed until I came to the removal of snap.do engine. I right click on it in the Uninstall Programs menu and click "Uninstall" but nothing happens. No uninstall is initiated. It's as if the program somehow blocks the uninstallation. I don't know if I made the right decision but I continued with the rest of the instructions. I am posting the logs. The Command Prompt scan ran unhindered. All other scans and logs went without a hitch.

Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015
Ran by Laurence Iledan at 2015-02-04 10:02:19 Run:1
Running from C:\Users\Laurence Iledan\Desktop\Maintenance
Loaded Profiles: Laurence Iledan (Available profiles: Laurence Iledan)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2245752596-2351354738-3957502378-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2245752596-2351354738-3957502378-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Extension: DownloadHelper - C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-24]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
2015-01-29 00:29 - 2015-01-29 00:29 - 00000000 ____D () C:\Users\Laurence Iledan\AppData\Roaming\krewjiot
2015-01-29 01:10 - 2015-01-29 01:10 - 00000000 ____D () C:\Users\Laurence Iledan\AppData\Roaming\0A1Q1J1G1F2W1I1P1Q1N1P0P2Y1S
2015-01-29 00:17 - 2015-01-29 00:17 - 00000000 __SHD () C:\Users\Laurence Iledan\AppData\Local\EmieUserList
2015-01-29 00:17 - 2015-01-29 00:17 - 00000000 __SHD () C:\Users\Laurence Iledan\AppData\Local\EmieSiteList
2015-01-29 00:17 - 2015-01-29 00:17 - 00000000 __SHD () C:\Users\Laurence Iledan\AppData\Local\EmieBrowserModeList
2015-01-29 00:30 - 2015-01-29 00:30 - 00613057 _____ (CMI Limited) C:\Users\Laurence Iledan\AppData\Local\nsdBE4E.tmp
2015-01-29 00:30 - 2015-01-29 00:30 - 00002319 _____ () C:\Users\Laurence Iledan\Desktop\MiniGet Smart Downloader.lnk
2015-02-03 23:05 - 2014-09-06 02:47 - 00001376 _____ () C:\Windows\Tasks\VBLEW.job
2015-02-03 23:05 - 2014-09-06 02:47 - 00001374 _____ () C:\Windows\Tasks\FQED.job
2015-02-03 23:05 - 2014-09-06 02:39 - 00001378 _____ () C:\Windows\Tasks\OAFVZF.job
2015-02-03 23:05 - 2014-09-06 02:38 - 00001378 _____ () C:\Windows\Tasks\TJMGZO.job
2014-09-01 00:18 - 2014-09-01 00:18 - 0002086 _____ () C:\Users\Laurence Iledan\AppData\Roaming\FQED
2014-09-01 00:18 - 2014-09-01 00:18 - 0002086 _____ () C:\Users\Laurence Iledan\AppData\Roaming\OAFVZF
2014-09-01 00:18 - 2014-09-01 00:18 - 0001248 _____ () C:\Users\Laurence Iledan\AppData\Roaming\TJMGZO
2014-09-01 00:18 - 2014-09-01 00:18 - 0001248 _____ () C:\Users\Laurence Iledan\AppData\Roaming\VBLEW
2015-01-29 00:30 - 2015-01-29 00:30 - 0613057 _____ (CMI Limited) C:\Users\Laurence Iledan\AppData\Local\nsdBE4E.tmp
2014-09-06 01:31 - 2014-09-06 01:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Laurence Iledan\AppData\Local\Temp\374C94E0-D964-0F76-3A20-390C3466BCEB.dll
C:\Users\Laurence Iledan\AppData\Local\Temp\374C94E0-D964-0F76-3A20-390C3466BCEB.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\637D5261-727B-4931-7C36-643A43C3AF8D.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\bcjcabfbbhe.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\Compete_setup.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\Crack [bleep] confessions passwords__10924_i1460178617_il1409259.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\devcon64.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\dufgmr4c.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Laurence Iledan\AppData\Local\Temp\nvStInst.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\post1.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\post2.dll
C:\Users\Laurence Iledan\AppData\Local\Temp\post2.exe
Task: {0F83CE9F-2178-468F-877C-D32F3424D943} - \Runner IC No Task File <==== ATTENTION
Task: {1BF01704-F7C2-4DD6-91A7-679CF0273DCC} - \SMW_UpdateTask_Time_323432353139383833352d4155346c375a455778415a34 No Task File <==== ATTENTION
Task: {269474EB-1097-43BD-AE73-54D45C85BF65} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {3F00B5A9-16AD-4F4A-A0CA-41FC06B3E1CB} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {549806F3-54A1-48BE-B735-D4CAD9D7F033} - System32\Tasks\OAFVZF => C:\Users\Laurence Iledan\AppData\Roaming\OAFVZF.exe <==== ATTENTION
Task: {5A0D5BF2-AEDC-4F82-9C7B-886A47520B15} - System32\Tasks\FQED => C:\Users\Laurence Iledan\AppData\Roaming\FQED.exe <==== ATTENTION
Task: {9BD4A72E-1561-4A48-9F96-8704C68C739B} - \Microsoft\Windows\Maintenance\Update IC No Task File <==== ATTENTION
Task: {C1A890C8-9731-4266-80A2-8EDEFAD462BA} - \SPBIW_UpdateTask_Time_323432353139383833352d4155346c375a455778415a34 No Task File <==== ATTENTION
Task: {C6E21A2C-0F56-452E-AF3A-74B17F9A42F2} - System32\Tasks\TJMGZO => C:\Users\Laurence Iledan\AppData\Roaming\TJMGZO.exe <==== ATTENTION
Task: {D563B6A0-B134-4C7A-9AF6-6BC54C25AEBC} - System32\Tasks\VBLEW => C:\Users\Laurence Iledan\AppData\Roaming\VBLEW.exe <==== ATTENTION
Task: C:\Windows\Tasks\FQED.job => C:\Users\Laurence Iledan\AppData\Roaming\FQED.exe <==== ATTENTION
Task: C:\Windows\Tasks\OAFVZF.job => C:\Users\Laurence Iledan\AppData\Roaming\OAFVZF.exe <==== ATTENTION
Task: C:\Windows\Tasks\TJMGZO.job => C:\Users\Laurence Iledan\AppData\Roaming\TJMGZO.exe <==== ATTENTION
Task: C:\Windows\Tasks\VBLEW.job => C:\Users\Laurence Iledan\AppData\Roaming\VBLEW.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
C:\Program Files (x86)\Itibiti Soft Phone

*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} => Moved successfully.
MSICDSetup => Service deleted successfully.
NTIOLib_1_0_C => Service deleted successfully.
C:\Users\Laurence Iledan\AppData\Roaming\krewjiot => Moved successfully.
C:\Users\Laurence Iledan\AppData\Roaming\0A1Q1J1G1F2W1I1P1Q1N1P0P2Y1S => Moved successfully.
C:\Users\Laurence Iledan\AppData\Local\EmieUserList => Moved successfully.
C:\Users\Laurence Iledan\AppData\Local\EmieSiteList => Moved successfully.
C:\Users\Laurence Iledan\AppData\Local\EmieBrowserModeList => Moved successfully.
C:\Users\Laurence Iledan\AppData\Local\nsdBE4E.tmp => Moved successfully.
C:\Users\Laurence Iledan\Desktop\MiniGet Smart Downloader.lnk => Moved successfully.
C:\Windows\Tasks\VBLEW.job => Moved successfully.
C:\Windows\Tasks\FQED.job => Moved successfully.
C:\Windows\Tasks\OAFVZF.job => Moved successfully.
C:\Windows\Tasks\TJMGZO.job => Moved successfully.
C:\Users\Laurence Iledan\AppData\Roaming\FQED => Moved successfully.
C:\Users\Laurence Iledan\AppData\Roaming\OAFVZF => Moved successfully.
C:\Users\Laurence Iledan\AppData\Roaming\TJMGZO => Moved successfully.
C:\Users\Laurence Iledan\AppData\Roaming\VBLEW => Moved successfully.
"C:\Users\Laurence Iledan\AppData\Local\nsdBE4E.tmp" => File/Directory not found.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\Users\Laurence Iledan\AppData\Local\Temp\374C94E0-D964-0F76-3A20-390C3466BCEB.dll => Moved successfully.
C:\Users\Laurence Iledan\AppData\Local\Temp\374C94E0-D964-0F76-3A20-390C3466BCEB.exe => Moved successfully.
C:\Users\Laurence Iledan\AppData\Local\Temp\637D5261-727B-4931-7C36-643A43C3AF8D.exe => Moved successfully.
C:\Users\Laurence Iledan\AppData\Local\Temp\bcjcabfbbhe.exe => Moved successfully.
C:\Users\Laurence Iledan\AppData\Local\Temp\Compete_setup.exe => Moved successfully.
C:\Users\Laurence Iledan\AppData\Local\Temp\ConsumerInputSetup.exe => Moved successfully.
"C:\Users\Laurence Iledan\AppData\Local\Temp\Crack [bleep] confessions passwords__10924_i1460178617_il1409259.exe" => File/Directory not found.
C:\Users\Laurence Iledan\AppData\Local\Temp\devcon64.exe => Moved successfully.
C:\Users\Laurence Iledan\AppData\Local\Temp\dufgmr4c.exe => Moved successfully.
C:\Users\Laurence Iledan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Laurence Iledan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\Laurence Iledan\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\Laurence Iledan\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\Laurence Iledan\AppData\Local\Temp\post1.exe => Moved successfully.
C:\Users\Laurence Iledan\AppData\Local\Temp\post2.dll => Moved successfully.
C:\Users\Laurence Iledan\AppData\Local\Temp\post2.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0F83CE9F-2178-468F-877C-D32F3424D943}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F83CE9F-2178-468F-877C-D32F3424D943}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Runner IC" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BF01704-F7C2-4DD6-91A7-679CF0273DCC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BF01704-F7C2-4DD6-91A7-679CF0273DCC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_323432353139383833352d4155346c375a455778415a34" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{269474EB-1097-43BD-AE73-54D45C85BF65}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{269474EB-1097-43BD-AE73-54D45C85BF65}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F00B5A9-16AD-4F4A-A0CA-41FC06B3E1CB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F00B5A9-16AD-4F4A-A0CA-41FC06B3E1CB}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{549806F3-54A1-48BE-B735-D4CAD9D7F033}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{549806F3-54A1-48BE-B735-D4CAD9D7F033}" => Key deleted successfully.
C:\Windows\System32\Tasks\OAFVZF => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OAFVZF" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5A0D5BF2-AEDC-4F82-9C7B-886A47520B15}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A0D5BF2-AEDC-4F82-9C7B-886A47520B15}" => Key deleted successfully.
C:\Windows\System32\Tasks\FQED => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FQED" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BD4A72E-1561-4A48-9F96-8704C68C739B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BD4A72E-1561-4A48-9F96-8704C68C739B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Update IC" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1A890C8-9731-4266-80A2-8EDEFAD462BA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1A890C8-9731-4266-80A2-8EDEFAD462BA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_323432353139383833352d4155346c375a455778415a34" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C6E21A2C-0F56-452E-AF3A-74B17F9A42F2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6E21A2C-0F56-452E-AF3A-74B17F9A42F2}" => Key deleted successfully.
C:\Windows\System32\Tasks\TJMGZO => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TJMGZO" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D563B6A0-B134-4C7A-9AF6-6BC54C25AEBC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D563B6A0-B134-4C7A-9AF6-6BC54C25AEBC}" => Key deleted successfully.
C:\Windows\System32\Tasks\VBLEW => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VBLEW" => Key deleted successfully.
C:\Windows\Tasks\FQED.job not found.
C:\Windows\Tasks\OAFVZF.job not found.
C:\Windows\Tasks\TJMGZO.job not found.
C:\Windows\Tasks\VBLEW.job not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent => value deleted successfully.
"C:\Program Files (x86)\Itibiti Soft Phone" => File/Directory not found.

The system needed a reboot.

==== End of Fixlog 10:02:20 ====

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015
Ran by Laurence Iledan (administrator) on LAURENCEILEDAN on 04-02-2015 10:20:56
Running from C:\Users\Laurence Iledan\Desktop\Maintenance
Loaded Profiles: Laurence Iledan (Available profiles: Laurence Iledan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7540440 2014-02-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\...\MountPoints2: {ea8e7c0b-3a68-11e4-92f6-448a5bb9cf62} - E:\VZW_Software_upgrade_assistant.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Zoom It - C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\Extensions\{41501e63-3282-4838-65f5-e124b1849ca8} [2015-01-29]
FF Extension: EPUBReader - C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-01-10]
FF Extension: Zoom It - C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\Extensions\{59f1a05c-cce1-063c-2cff-3e7d428b9ae8} [2015-01-29]
FF Extension: Zoom It - C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\Extensions\{982c2301-20b1-61c9-931d-044cc9e16140} [2015-02-02]
FF Extension: Zoom It - C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\Extensions\{be999dae-8d1a-3869-965d-d1c7fd3f5b44} [2015-02-04]
FF Extension: Image Zoom - C:\Users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-09-22]

Chrome:
=======
CHR Profile: C:\Users\Laurence Iledan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Laurence Iledan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (ace race) - C:\Users\Laurence Iledan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdohfcdfbmkplifgaijhgccjenbcfjop [2015-01-29]
CHR Extension: (Google Wallet) - C:\Users\Laurence Iledan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-06]
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ipadtst; C:\Program Files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys [20464 2013-11-11] (Windows ® Win 7 DDK provider)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 10:12 - 2015-02-04 10:12 - 00639912 _____ (Oracle Corporation) C:\Users\Laurence Iledan\Downloads\jxpiinstall.exe
2015-02-04 10:12 - 2015-02-04 10:12 - 00000000 __SHD () C:\Users\Laurence Iledan\AppData\Local\EmieUserList
2015-02-04 10:12 - 2015-02-04 10:12 - 00000000 __SHD () C:\Users\Laurence Iledan\AppData\Local\EmieSiteList
2015-02-04 10:12 - 2015-02-04 10:12 - 00000000 __SHD () C:\Users\Laurence Iledan\AppData\Local\EmieBrowserModeList
2015-02-04 10:00 - 2015-02-04 10:20 - 00000000 ____D () C:\Users\Laurence Iledan\Desktop\Maintenance
2015-02-04 01:37 - 2015-02-04 01:38 - 00775560 _____ (CoinisRS) C:\Users\Laurence Iledan\Downloads\adobe_flash_setup.exe
2015-02-03 23:16 - 2015-02-03 23:16 - 00016569 _____ () C:\Users\Laurence Iledan\Downloads\Addition.txt
2015-02-03 23:13 - 2015-02-04 10:20 - 00000000 ____D () C:\FRST
2015-02-03 23:13 - 2015-02-03 23:16 - 00022768 _____ () C:\Users\Laurence Iledan\Downloads\FRST.txt
2015-02-03 23:10 - 2015-02-03 23:10 - 00001097 _____ () C:\Users\Laurence Iledan\Desktop\JRT.txt
2015-02-03 23:07 - 2015-02-03 23:07 - 01388274 _____ (Thisisu) C:\Users\Laurence Iledan\Downloads\JRT.exe
2015-02-03 23:02 - 2015-02-03 23:02 - 02194432 _____ () C:\Users\Laurence Iledan\Downloads\AdwCleaner.exe
2015-02-03 17:20 - 2015-02-03 17:20 - 00059762 _____ () C:\Users\Laurence Iledan\Downloads\OTL.Txt
2015-02-03 17:20 - 2015-02-03 17:20 - 00053534 _____ () C:\Users\Laurence Iledan\Downloads\Extras.Txt
2015-02-03 17:14 - 2015-02-03 17:15 - 00602112 _____ (OldTimer Tools) C:\Users\Laurence Iledan\Downloads\OTL.exe
2015-01-29 03:30 - 2015-01-29 04:15 - 132572881 _____ () C:\Users\Laurence Iledan\Downloads\cam158.avi
2015-01-29 01:11 - 2015-01-29 01:11 - 00000000 ____D () C:\Users\Laurence Iledan\AppData\Roaming\WinRAR
2015-01-29 01:10 - 2015-01-29 01:10 - 00000000 ____D () C:\Users\Laurence Iledan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-29 01:10 - 2015-01-29 01:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-29 01:10 - 2015-01-29 01:10 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2015-01-29 01:09 - 2015-01-29 01:09 - 01745176 _____ () C:\Users\Laurence Iledan\Downloads\wrar511.exe
2015-01-29 01:09 - 2015-01-29 01:09 - 00696744 _____ (Adknowledge) C:\Users\Laurence Iledan\Downloads\WinrarSetup.exe
2015-01-29 01:04 - 2015-01-29 01:04 - 02194432 _____ () C:\Users\Laurence Iledan\Downloads\adwcleaner_4.109.exe
2015-01-29 00:18 - 2015-01-29 00:21 - 00000000 ____D () C:\Users\Laurence Iledan\AppData\Local\CD07D5DC-F7C7-614F-9A13-F020ED36BC67
2015-01-26 12:54 - 2015-01-26 12:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-19 15:57 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-19 15:57 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-19 15:57 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-19 15:57 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-19 15:57 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-19 15:56 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-19 15:56 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-19 15:56 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-19 15:56 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-19 15:56 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-19 15:56 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-19 15:56 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-19 15:56 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 10:15 - 2014-09-06 02:41 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-04 10:14 - 2014-10-19 06:09 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-02-04 10:14 - 2014-10-19 06:09 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-02-04 10:14 - 2014-10-19 06:09 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-02-04 10:14 - 2014-10-19 06:09 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-04 10:14 - 2014-10-19 06:09 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-04 10:10 - 2009-07-13 20:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 10:10 - 2009-07-13 20:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 10:07 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-04 10:06 - 2014-09-06 04:21 - 02029246 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 10:03 - 2014-09-06 03:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-04 10:03 - 2014-09-06 02:36 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-02-04 10:03 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 10:03 - 2009-07-13 20:51 - 00731163 _____ () C:\Windows\setupact.log
2015-02-04 10:02 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-04 09:53 - 2014-09-06 02:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 23:04 - 2014-09-06 07:59 - 00000000 ____D () C:\AdwCleaner
2015-02-03 23:04 - 2010-11-20 19:47 - 01305372 _____ () C:\Windows\PFRO.log
2015-02-03 20:29 - 2014-09-06 05:37 - 00000000 ____D () C:\Users\Laurence Iledan\AppData\Roaming\vlc
2015-01-30 01:13 - 2014-09-06 03:22 - 00000000 ____D () C:\Users\Laurence Iledan\AppData\Local\Adobe
2015-01-30 01:13 - 2014-09-06 02:42 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-30 01:13 - 2014-09-06 02:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 01:13 - 2014-09-06 02:42 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-29 13:27 - 2009-07-13 18:34 - 00000505 _____ () C:\Windows\win.ini
2015-01-29 01:07 - 2014-09-06 04:55 - 00000000 ____D () C:\Users\Laurence Iledan\AppData\Local\WinZip
2015-01-29 01:01 - 2014-09-06 02:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 01:00 - 2014-09-06 02:54 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-29 01:00 - 2014-09-06 02:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-29 01:00 - 2014-09-06 02:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-29 00:35 - 2014-09-06 03:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-29 00:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-29 00:33 - 2014-10-01 20:15 - 00000000 ____D () C:\Users\Laurence Iledan\AppData\Roaming\Skype
2015-01-26 02:17 - 2014-10-01 20:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-26 02:17 - 2014-10-01 20:15 - 00000000 ____D () C:\ProgramData\Skype
2015-01-22 22:59 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-20 15:57 - 2014-09-06 02:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-20 15:54 - 2014-10-27 20:06 - 00000000 ____D () C:\Users\Laurence Iledan\Downloads\Second Life
2015-01-08 09:55 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 05:36 - 2014-12-30 16:09 - 00003798 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2015-01-07 05:36 - 2014-12-30 16:09 - 00000986 _____ () C:\Users\Public\Desktop\Gyazo.lnk
2015-01-07 05:36 - 2014-12-30 16:09 - 00000986 _____ () C:\Users\Public\Desktop\Gyazo GIF.lnk
2015-01-07 05:36 - 2014-12-30 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2015-01-07 05:36 - 2014-12-30 16:09 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2015-01-07 04:30 - 2014-11-06 19:15 - 00000000 ____D () C:\Users\Laurence Iledan\.gimp-2.8
2015-01-06 17:22 - 2014-09-13 21:45 - 00000000 ____D () C:\Users\Laurence Iledan\AppData\Local\Windows Live

==================== Files in the root of some directories =======

2014-09-13 20:21 - 2014-09-13 20:24 - 0000100 _____ () C:\Users\Laurence Iledan\AppData\Roaming\Camdata.ini
2014-09-13 20:21 - 2014-09-13 20:24 - 0000408 _____ () C:\Users\Laurence Iledan\AppData\Roaming\CamLayout.ini
2014-09-13 20:21 - 2014-09-13 20:24 - 0000408 _____ () C:\Users\Laurence Iledan\AppData\Roaming\CamShapes.ini
2014-09-13 20:21 - 2014-09-13 20:24 - 0004550 _____ () C:\Users\Laurence Iledan\AppData\Roaming\CamStudio.cfg
2014-09-13 20:05 - 2014-09-13 20:21 - 0000096 _____ () C:\Users\Laurence Iledan\AppData\Roaming\version2.xml
2014-12-14 09:10 - 2014-12-14 09:10 - 0003430 _____ () C:\Users\Laurence Iledan\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Laurence Iledan\AppData\Local\Temp\Crack [bleep] confessions passwords__10924_i1460178617_il1409259.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\Quarantine.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\SpOrder.dll
C:\Users\Laurence Iledan\AppData\Local\Temp\sqlite3.dll
C:\Users\Laurence Iledan\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Laurence Iledan\AppData\Local\Temp\ytd_sysmenu_setup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-03 07:44

==================== End Of Log ============================

Additional.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015
Ran by Laurence Iledan at 2015-02-04 10:21:29
Running from C:\Users\Laurence Iledan\Desktop\Maintenance
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version: - Creative Assembly)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DarkStorm (remove only) (HKLM-x32\...\DarkStorm) (Version: 4.5.2.39904 - The Phoenix Firestorm Project, Inc.)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve)
DreamScene Seven version 1.6 (HKLM-x32\...\{2367FAB6-057A-4973-875F-F57F7BBBA363}_is1) (Version: 1.6 - DREAMSCENESEVEN.COM)
ffdshow (remove only) (HKLM-x32\...\ffdshow) (Version: - )
Firestorm-Release (remove only) (HKLM-x32\...\Firestorm-Release) (Version: 4.6.9.42974 - The Phoenix Firestorm Project, Inc.)
Fraps (HKLM-x32\...\Fraps) (Version: - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gyazo 2.3 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Idle Crawler (HKLM-x32\...\CD07D5DC-F7C7-614F-9A13-F020ED36BC67) (Version: 132.0.0.476 - EUROHAUTE LTD) <==== ATTENTION
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team)
NVIDIA 3D Vision Controller Driver 332.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.17 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 332.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.17 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.17 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.29.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.29.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7173 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Snap.Do Engine (HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\...\{317d3132-ab9d-4ef9-8f9c-16943381cb78}) (Version: 11.140.1.20709 - ReSoft Ltd.) <==== ATTENTION
Star Trek Online (HKLM-x32\...\Steam App 9900) (Version: - Cryptic Studios)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VTFEdit 1.2.5 (HKLM-x32\...\VTFEdit_is1) (Version: - Neil Jedrzejewski & Ryan Gregg)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinRAR Packages (HKU\S-1-5-21-2245752596-2351354738-3957502378-1000\...\WinRAR Packages) (Version: - ) <==== ATTENTION
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

23-01-2015 23:34:28 Windows Update
27-01-2015 05:18:25 Windows Update
29-01-2015 00:50:07 Removed File Association Helper
30-01-2015 12:38:44 Windows Update
03-02-2015 18:12:47 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {057D7E34-CF7F-4ED3-976B-0F74F1C5D55A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-30] (Adobe Systems Incorporated)
Task: {38EF21AA-C607-42BD-98C6-1FD70FE482B8} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-09-06 03:46 - 2013-12-17 13:37 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-26 12:54 - 2015-01-26 12:54 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-04 10:14 - 2015-02-04 10:14 - 00019368 _____ () C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2native.dll
2015-01-25 00:53 - 2015-01-30 01:13 - 16844976 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2245752596-2351354738-3957502378-500 - Administrator - Disabled)
Guest (S-1-5-21-2245752596-2351354738-3957502378-501 - Limited - Disabled)
Laurence Iledan (S-1-5-21-2245752596-2351354738-3957502378-1000 - Administrator - Enabled) => C:\Users\Laurence Iledan

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2015 10:05:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2015 10:02:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0xa08
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/03/2015 11:15:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 1.2.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1088

Start Time: 01d0404a1114c637

Termination Time: 19151

Application Path: C:\Users\Laurence Iledan\Downloads\FRST64.exe

Report Id: 7d90ca59-ac3d-11e4-8116-448a5bb9cf62

System errors:
=============
Error: (02/04/2015 01:33:53 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Microsoft Office Sessions:
=========================
Error: (02/04/2015 10:05:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2015 10:02:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425a0801d040a0dd9f7e7aC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllf649cf9f-ac97-11e4-8116-448a5bb9cf62

Error: (02/03/2015 11:15:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe1.2.2015.0108801d0404a1114c63719151C:\Users\Laurence Iledan\Downloads\FRST64.exe7d90ca59-ac3d-11e4-8116-448a5bb9cf62

CodeIntegrity Errors:
===================================
Date: 2014-09-11 07:04:26.378
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 07:04:26.344
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 07:04:26.294
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 07:02:13.084
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 07:02:13.055
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 07:02:13.022
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 00:58:58.005
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 00:58:57.974
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 00:58:57.943
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 00:58:57.896
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 26%
Total physical RAM: 8136.03 MB
Available physical RAM: 5939.32 MB
Total Pagefile: 16270.25 MB
Available Pagefile: 13897.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:698.34 GB) NTFS
Drive d: (2009-09-15 0921) (CDROM) (Total:3.81 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AF85CB0A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Event Viewer System Log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 04/02/2015 10:49:53 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Event Viewer Application Log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 04/02/2015 10:59:27 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/02/2015 6:37:21 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 04/02/2015 6:35:41 PM
Type: Error Category: 0
Event: 1 Source: NvStreamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 04/02/2015 6:35:41 PM
Type: Error Category: 0
Event: 1 Source: NvStreamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 04/02/2015 6:35:41 PM
Type: Error Category: 0
Event: 1 Source: NvStreamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 04/02/2015 6:34:57 PM
Type: Error Category: 0
Event: 1 Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/02/2015 6:34:57 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-2245752596-2351354738-3957502378-1000:
Process 1876 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2245752596-2351354738-3957502378-1000
Process 1876 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2245752596-2351354738-3957502378-1000
Process 1876 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2245752596-2351354738-3957502378-1000
Process 1876 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2245752596-2351354738-3957502378-1000
Process 1876 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2245752596-2351354738-3957502378-1000\Software\Microsoft\SystemCertificates\trust
Process 1876 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2245752596-2351354738-3957502378-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1876 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2245752596-2351354738-3957502378-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1876 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2245752596-2351354738-3957502378-1000\Software\Policies\Microsoft\SystemCertificates
Process 1876 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2245752596-2351354738-3957502378-1000\Software\Policies\Microsoft\SystemCertificates
Process 1876 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2245752596-2351354738-3957502378-1000\Software\Policies\Microsoft\SystemCertificates
Process 1876 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2245752596-2351354738-3957502378-1000\Software\Policies\Microsoft\SystemCertificates
Process 1876 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2245752596-2351354738-3957502378-1000\Software\Microsoft\SystemCertificates\Root
Process 1876 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2245752596-2351354738-3957502378-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1876 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2245752596-2351354738-3957502378-1000\Software\Microsoft\SystemCertificates\My
Process 1876 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2245752596-2351354738-3957502378-1000\Software\Microsoft\SystemCertificates\CA

#6
RKinner

Posted 04 February 2015 - 11:12 PM

Malware Expert

Expert
24,625 posts

Don't worry about Snapdo. It and WinRar Packages have probably been removed by ADWCleaner or FRST so just the uninstaller stub remains. THere is no sign of them in your logs.

Looking at your error logs. There is a Fixit this one:

Log: 'Application' Date/Time: 04/02/2015 6:37:21 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

It's more a nuisance than a problem tho.

The 4 like this:

Log: 'Application' Date/Time: 04/02/2015 6:35:41 PM
Type: Error Category: 0
Event: 1 Source: NvStreamSvc

Are from NVIDIA. Not sure what NvStreamSvc is supposed to do but you can turn it off without any ill effects.

Copy the next two lines:

sc stop "NvStreamSvc" 
sc config "NvStreamSvc" start= disabled

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied lines should appear.

Hit Enter.

The last alarm. The one that starts with:

Log: 'Application' Date/Time: 04/02/2015 6:34:57 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use ...

is caused by Windows Live and will slow down your shutdown. Do you even use it? Most people don't. If you don't use it uninstall it. If you do, uninstall it (Windows Live Essentials) and then download a newer version.

Does Firefox seem to be working OK? Any more popups?

Reboot.

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

#7
Quantum Uncertain

Posted 05 February 2015 - 01:26 PM

New Member

Topic Starter
Member
7 posts

Yeah...Unfortunately, still getting popups. Posting the logs as requested. Let me know if there's any step I missed. Thanks!

VEW.exe System Log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 05/02/2015 11:25:16 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

VEW.exe Application Log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 05/02/2015 11:26:12 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/02/2015 7:15:34 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#8
RKinner

Posted 05 February 2015 - 01:47 PM

Malware Expert

Expert
24,625 posts

This one may take a while:

Download aswMBR.exe to your desktop.

Right click aswMBR.exe and Run as Administrator

uncheck trace disk IO calls

Click the "Scan" button to start scan (Accept the Avast Engine)

On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply

If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

This one takes about 30 minutes:

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

:!: Turn off your screen saver so you can see what is going on

Download and Save this file -- to your Desktop -- from either of these two sources:

http://download.blee...Bs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

You should get a log when it finishes. If not this may mean you have the new version of Zero Access malware so run Combofix a second time.

If you still don't get a log search for Combofix.txt. It is usually at => C:\Combofix\Combofix.txt. I'll need to see that in your reply.

If you get an error about a registry value when you try to run a program, then just reboot to clear it.

This one is fairly quick.

Download TDSSKiller:

http://support.kaspe...lity#TDSSKiller

The Exe download seems to have problems. When you check the "I accept" button the light on the Download button goes out but comes back on and works when you uncheck it.

Save it to your desktop then run it by right clicking and Run As Admin.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:

before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.

In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.

When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

#9
Quantum Uncertain

Posted 09 February 2015 - 11:28 PM

New Member

Topic Starter
Member
7 posts

Thanks! I ran the scans as directed. Here are the logs:

aswMBR.exe log:

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-02-09 17:49:44
-----------------------------
17:49:44.618    OS Version: Windows x64 6.1.7601 Service Pack 1
17:49:44.618    Number of processors: 4 586 0x3C03
17:49:44.619    ComputerName: LAURENCEILEDAN UserName:
17:49:45.457    Initialize success
17:49:45.487    VM: initialized successfully
17:49:45.487    VM: Intel CPU supported
17:50:37.632    VM: supported disk I/O ataport.SYS
17:54:51.032    AVAST engine defs: 15020901
17:55:04.662    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:55:04.662    Disk 0 Vendor: ST1000DM003-1ER162 CC43 Size: 953869MB BusType: 3
17:55:04.772    VM: Disk 0 MBR read successfully
17:55:04.772    Disk 0 MBR scan
17:55:04.782    Disk 0 Windows 7 default MBR code
17:55:04.792    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
17:55:04.802    Disk 0 default boot code
17:55:04.812    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       953767 MB offset 206848
17:55:04.832    Disk 0 scanning C:\Windows\system32\drivers
17:55:14.192    Service scanning
17:55:28.673    Modules scanning
17:55:30.003    AVAST engine scan C:\Windows
17:55:31.823    AVAST engine scan C:\Windows\system32
17:58:02.733    AVAST engine scan C:\Windows\system32\drivers
17:58:14.233    AVAST engine scan C:\Users\Laurence Iledan
18:55:24.348    File: C:\Users\Laurence Iledan\AppData\Local\Temp\is45637729\3971992_stp\Generic_vo.exe **INFECTED** Win32:Dropper-gen [Drp]
18:55:24.982    File: C:\Users\Laurence Iledan\AppData\Local\Temp\is45637729\4179494_stp\Generic_vo.exe **INFECTED** Win32:Dropper-gen [Drp]
18:55:29.562    File: C:\Users\Laurence Iledan\AppData\Local\Temp\nsf4193.tmp\setup.exe **INFECTED** Win32:Adware-gen [Adw]
18:55:29.947    File: C:\Users\Laurence Iledan\AppData\Local\Temp\nsj78D3.tmp **INFECTED** Win32:Malware-gen
18:55:30.576    File: C:\Users\Laurence Iledan\AppData\Local\Temp\nssC6F8.tmp\setup.exe **INFECTED** Win32:Adware-gen [Adw]
18:55:31.200    File: C:\Users\Laurence Iledan\AppData\Local\Temp\nsw5C0A.tmp\setup.exe **INFECTED** Win32:Adware-gen [Adw]
18:59:07.768    AVAST engine scan C:\ProgramData
18:59:26.398    Disk 0 statistics 4966202/0/1 @ 0.72 MB/s
18:59:26.398    Scan finished successfully
20:17:55.307    Disk 0 MBR has been saved successfully to "C:\Users\Laurence Iledan\Desktop\Maintenance\MBR.dat"
20:17:55.310    The log file has been saved successfully to "C:\Users\Laurence Iledan\Desktop\Maintenance\aswMBR.txt"

Combofix.exe log:

ComboFix 15-02-09.01 - Laurence Iledan 02/09/2015 20:21:48.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8136.4791 [GMT -8:00]
Running from: c:\users\Laurence Iledan\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-10 to 2015-02-10 )))))))))))))))))))))))))))))))
.
.
2015-02-10 04:24 . 2015-02-10 04:24   --------   d-----w-   c:\users\Default\AppData\Local\temp
2015-02-09 12:46 . 2015-02-09 12:46   75888   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{55733246-A3E5-44AB-A0A9-20CD14F9B1FF}\offreg.dll
2015-02-06 10:14 . 2014-12-02 10:26   11870360   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{55733246-A3E5-44AB-A0A9-20CD14F9B1FF}\mpengine.dll
2015-02-05 16:53 . 2015-02-05 16:53   5070512   ----a-w-   c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-02-04 18:14 . 2015-02-04 18:14   --------   d-----w-   c:\program files (x86)\Common Files\Java
2015-02-04 18:12 . 2015-02-04 18:12   --------   d-sh--w-   c:\users\Laurence Iledan\AppData\Local\EmieUserList
2015-02-04 18:12 . 2015-02-04 18:12   --------   d-sh--w-   c:\users\Laurence Iledan\AppData\Local\EmieSiteList
2015-02-04 18:12 . 2015-02-04 18:12   --------   d-sh--w-   c:\users\Laurence Iledan\AppData\Local\EmieBrowserModeList
2015-02-04 07:13 . 2015-02-04 18:21   --------   d-----w-   C:\FRST
2015-01-29 08:18 . 2015-01-29 08:21   --------   d-----w-   c:\users\Laurence Iledan\AppData\Local\CD07D5DC-F7C7-614F-9A13-F020ED36BC67
2015-01-19 23:57 . 2014-12-11 17:47   52736   ----a-w-   c:\windows\system32\TSWbPrxy.exe
2015-01-19 23:57 . 2014-12-19 03:06   210432   ----a-w-   c:\windows\system32\profsvc.dll
2015-01-19 23:57 . 2014-12-06 04:17   303616   ----a-w-   c:\windows\system32\nlasvc.dll
2015-01-19 23:57 . 2014-12-06 03:50   52224   ----a-w-   c:\windows\SysWow64\nlaapi.dll
2015-01-19 23:57 . 2014-12-06 03:50   156672   ----a-w-   c:\windows\SysWow64\ncsi.dll
2015-01-19 23:56 . 2014-12-19 01:46   141312   ----a-w-   c:\windows\system32\drivers\mrxdav.sys
2015-01-19 23:56 . 2014-12-12 05:35   5553592   ----a-w-   c:\windows\system32\ntoskrnl.exe
2015-01-19 23:56 . 2014-12-12 05:11   3971512   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2015-01-19 23:56 . 2014-12-12 05:11   3916728   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2015-01-19 23:56 . 2014-12-12 05:31   503808   ----a-w-   c:\windows\system32\srcore.dll
2015-01-19 23:56 . 2014-12-12 05:31   50176   ----a-w-   c:\windows\system32\srclient.dll
2015-01-19 23:56 . 2014-12-12 05:31   296960   ----a-w-   c:\windows\system32\rstrui.exe
2015-01-19 23:56 . 2014-12-12 05:07   43008   ----a-w-   c:\windows\SysWow64\srclient.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 16:53 . 2014-09-06 10:42   71344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 16:53 . 2014-09-06 10:42   701616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-04 18:14 . 2014-10-19 14:09   98216   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-29 09:01 . 2014-09-06 10:55   129752   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-08 17:55 . 2010-11-21 03:27   298120   ------w-   c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-18 00:54   144384   ----a-w-   c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 00:54   115712   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2014-11-27 01:43 . 2014-12-10 03:24   389296   ----a-w-   c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 03:23   25059840   ----a-w-   c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 03:24   2724864   ----a-w-   c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 03:24   4096   ----a-w-   c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 03:24   66560   ----a-w-   c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 03:23   580096   ----a-w-   c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 03:24   48640   ----a-w-   c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 03:23   2885120   ----a-w-   c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 03:23   88064   ----a-w-   c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 03:23   54784   ----a-w-   c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 03:24   34304   ----a-w-   c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 03:23   633856   ----a-w-   c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 03:24   114688   ----a-w-   c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 03:23   814080   ----a-w-   c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 03:23   6039552   ----a-w-   c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 03:24   968704   ----a-w-   c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 03:23   490496   ----a-w-   c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 03:24   2724864   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 03:24   77824   ----a-w-   c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 03:23   199680   ----a-w-   c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 03:23   92160   ----a-w-   c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 03:23   501248   ----a-w-   c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 03:24   62464   ----a-w-   c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 03:24   47616   ----a-w-   c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 03:23   64000   ----a-w-   c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 03:24   316928   ----a-w-   c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 03:24   620032   ----a-w-   c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 03:24   718848   ----a-w-   c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 03:24   800768   ----a-w-   c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 03:23   1359360   ----a-w-   c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 03:24   2125312   ----a-w-   c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 03:23   14412800   ----a-w-   c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 03:24   60416   ----a-w-   c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 03:23   4299264   ----a-w-   c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 03:23   2358272   ----a-w-   c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 03:24   2052096   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 03:23   1155072   ----a-w-   c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 03:24   1548288   ----a-w-   c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 03:24   800768   ----a-w-   c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 03:23   1888256   ----a-w-   c:\windows\SysWow64\wininet.dll
2014-11-21 14:14 . 2014-09-06 10:54   63704   ----a-w-   c:\windows\system32\drivers\mwac.sys
2014-11-21 14:14 . 2014-09-06 10:54   93400   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 14:14 . 2014-09-06 10:54   25816   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2014-10-28 3095840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"SUPER CHARGER"="c:\program files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe" [2014-02-21 1047536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\SUPER CHARGER\ChargeService.exe;c:\program files (x86)\MSI\SUPER CHARGER\ChargeService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 ipadtst;ipadtst;c:\program files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys;c:\program files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys;c:\program files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - ASWVMM
*NewlyCreated* - NTIOLIB_1_0_3
*Deregistered* - aswMBR
*Deregistered* - aswVmm
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-06 09:44   1096520   ----a-w-   c:\program files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-06 16:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-02-11 7540440]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = www.google.com
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-WinRAR Packages - c:\users\Laurence Iledan\AppData\Roaming\0A1Q1J1G1F2W1I1P1Q1N1P0P2Y1S\WinRAR Packages\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-09 20:25:20
ComboFix-quarantined-files.txt 2015-02-10 04:25
.
Pre-Run: 745,209,360,384 bytes free
Post-Run: 745,962,549,248 bytes free
.
- - End Of File - - F84A20D106AC4EEB25BD093BCA9FD1D7
A36C5E4F47E84449FF07ED3517B43A31

TDSSKiller Log:

20:28:46.0138 0x1198 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:29:12.0428 0x1198 ============================================================
20:29:12.0429 0x1198 Current date / time: 2015/02/09 20:29:12.0428
20:29:12.0429 0x1198 SystemInfo:
20:29:12.0429 0x1198
20:29:12.0429 0x1198 OS Version: 6.1.7601 ServicePack: 1.0
20:29:12.0429 0x1198 Product type: Workstation
20:29:12.0429 0x1198 ComputerName: LAURENCEILEDAN
20:29:12.0429 0x1198 UserName: Laurence Iledan
20:29:12.0429 0x1198 Windows directory: C:\Windows
20:29:12.0429 0x1198 System windows directory: C:\Windows
20:29:12.0430 0x1198 Running under WOW64
20:29:12.0430 0x1198 Processor architecture: Intel x64
20:29:12.0430 0x1198 Number of processors: 4
20:29:12.0430 0x1198 Page size: 0x1000
20:29:12.0430 0x1198 Boot type: Normal boot
20:29:12.0430 0x1198 ============================================================
20:29:14.0197 0x1198 KLMD registered as C:\Windows\system32\drivers\74826113.sys
20:29:14.0407 0x1198 System UUID: {5A262F9D-E27B-D182-FCCD-CCF1E0FE61B9}
20:29:14.0704 0x1198 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:29:14.0721 0x1198 ============================================================
20:29:14.0721 0x1198 \Device\Harddisk0\DR0:
20:29:14.0721 0x1198 MBR partitions:
20:29:14.0721 0x1198 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:29:14.0721 0x1198 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
20:29:14.0721 0x1198 ============================================================
20:29:14.0745 0x1198 C: <-> \Device\Harddisk0\DR0\Partition2
20:29:14.0745 0x1198 ============================================================
20:29:14.0745 0x1198 Initialize success
20:29:14.0745 0x1198 ============================================================
20:29:37.0961 0x08a8 ============================================================
20:29:37.0961 0x08a8 Scan started
20:29:37.0962 0x08a8 Mode: Manual;
20:29:37.0962 0x08a8 ============================================================
20:29:37.0962 0x08a8 KSN ping started
20:29:51.0706 0x08a8 KSN ping finished: true
20:29:53.0826 0x08a8 ================ Scan system memory ========================
20:29:53.0826 0x08a8 System memory - ok
20:29:53.0826 0x08a8 ================ Scan services =============================
20:29:53.0936 0x08a8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:29:53.0946 0x08a8 1394ohci - ok
20:29:53.0986 0x08a8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:29:53.0996 0x08a8 ACPI - ok
20:29:54.0016 0x08a8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:29:54.0016 0x08a8 AcpiPmi - ok
20:29:54.0096 0x08a8 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:29:54.0096 0x08a8 AdobeFlashPlayerUpdateSvc - ok
20:29:54.0126 0x08a8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:29:54.0126 0x08a8 adp94xx - ok
20:29:54.0136 0x08a8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:29:54.0146 0x08a8 adpahci - ok
20:29:54.0166 0x08a8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:29:54.0166 0x08a8 adpu320 - ok
20:29:54.0196 0x08a8 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:29:54.0196 0x08a8 AeLookupSvc - ok
20:29:54.0246 0x08a8 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
20:29:54.0256 0x08a8 AFD - ok
20:29:54.0266 0x08a8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:29:54.0266 0x08a8 agp440 - ok
20:29:54.0286 0x08a8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:29:54.0286 0x08a8 ALG - ok
20:29:54.0316 0x08a8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:29:54.0316 0x08a8 aliide - ok
20:29:54.0326 0x08a8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:29:54.0326 0x08a8 amdide - ok
20:29:54.0366 0x08a8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:29:54.0366 0x08a8 AmdK8 - ok
20:29:54.0376 0x08a8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
20:29:54.0376 0x08a8 AmdPPM - ok
20:29:54.0416 0x08a8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:29:54.0416 0x08a8 amdsata - ok
20:29:54.0436 0x08a8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:29:54.0446 0x08a8 amdsbs - ok
20:29:54.0466 0x08a8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:29:54.0466 0x08a8 amdxata - ok
20:29:54.0496 0x08a8 [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID           C:\Windows\system32\drivers\appid.sys
20:29:54.0496 0x08a8 AppID - ok
20:29:54.0526 0x08a8 [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:29:54.0526 0x08a8 AppIDSvc - ok
20:29:54.0556 0x08a8 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
20:29:54.0556 0x08a8 Appinfo - ok
20:29:54.0586 0x08a8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
20:29:54.0586 0x08a8 arc - ok
20:29:54.0586 0x08a8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:29:54.0596 0x08a8 arcsas - ok
20:29:54.0686 0x08a8 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:29:54.0686 0x08a8 aspnet_state - ok
20:29:54.0716 0x08a8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:29:54.0716 0x08a8 AsyncMac - ok
20:29:54.0736 0x08a8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:29:54.0736 0x08a8 atapi - ok
20:29:54.0806 0x08a8 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:29:54.0826 0x08a8 AudioEndpointBuilder - ok
20:29:54.0836 0x08a8 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:29:54.0856 0x08a8 AudioSrv - ok
20:29:54.0876 0x08a8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:29:54.0876 0x08a8 AxInstSV - ok
20:29:54.0906 0x08a8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:29:54.0906 0x08a8 b06bdrv - ok
20:29:54.0946 0x08a8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:29:54.0946 0x08a8 b57nd60a - ok
20:29:54.0986 0x08a8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:29:54.0986 0x08a8 BDESVC - ok
20:29:54.0996 0x08a8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:29:54.0996 0x08a8 Beep - ok
20:29:55.0026 0x08a8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:29:55.0036 0x08a8 BFE - ok
20:29:55.0066 0x08a8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
20:29:55.0086 0x08a8 BITS - ok
20:29:55.0096 0x08a8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:29:55.0096 0x08a8 blbdrive - ok
20:29:55.0116 0x08a8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:29:55.0116 0x08a8 bowser - ok
20:29:55.0146 0x08a8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:29:55.0146 0x08a8 BrFiltLo - ok
20:29:55.0156 0x08a8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:29:55.0156 0x08a8 BrFiltUp - ok
20:29:55.0186 0x08a8 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
20:29:55.0186 0x08a8 BridgeMP - ok
20:29:55.0226 0x08a8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:29:55.0226 0x08a8 Browser - ok
20:29:55.0256 0x08a8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:29:55.0256 0x08a8 Brserid - ok
20:29:55.0276 0x08a8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:29:55.0276 0x08a8 BrSerWdm - ok
20:29:55.0286 0x08a8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:29:55.0286 0x08a8 BrUsbMdm - ok
20:29:55.0286 0x08a8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:29:55.0286 0x08a8 BrUsbSer - ok
20:29:55.0296 0x08a8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:29:55.0296 0x08a8 BTHMODEM - ok
20:29:55.0316 0x08a8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:29:55.0316 0x08a8 bthserv - ok
20:29:55.0326 0x08a8 catchme - ok
20:29:55.0356 0x08a8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:29:55.0356 0x08a8 cdfs - ok
20:29:55.0386 0x08a8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:29:55.0396 0x08a8 cdrom - ok
20:29:55.0406 0x08a8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:29:55.0406 0x08a8 CertPropSvc - ok
20:29:55.0416 0x08a8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:29:55.0416 0x08a8 circlass - ok
20:29:55.0436 0x08a8 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
20:29:55.0446 0x08a8 CLFS - ok
20:29:55.0506 0x08a8 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:29:55.0506 0x08a8 clr_optimization_v2.0.50727_32 - ok
20:29:55.0576 0x08a8 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:29:55.0576 0x08a8 clr_optimization_v2.0.50727_64 - ok
20:29:55.0666 0x08a8 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:29:55.0666 0x08a8 clr_optimization_v4.0.30319_32 - ok
20:29:55.0686 0x08a8 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:29:55.0686 0x08a8 clr_optimization_v4.0.30319_64 - ok
20:29:55.0716 0x08a8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:29:55.0716 0x08a8 CmBatt - ok
20:29:55.0726 0x08a8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:29:55.0726 0x08a8 cmdide - ok
20:29:55.0766 0x08a8 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
20:29:55.0776 0x08a8 CNG - ok
20:29:55.0796 0x08a8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:29:55.0796 0x08a8 Compbatt - ok
20:29:55.0816 0x08a8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:29:55.0816 0x08a8 CompositeBus - ok
20:29:55.0816 0x08a8 COMSysApp - ok
20:29:55.0836 0x08a8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:29:55.0836 0x08a8 crcdisk - ok
20:29:55.0856 0x08a8 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:29:55.0866 0x08a8 CryptSvc - ok
20:29:55.0886 0x08a8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:29:55.0886 0x08a8 DcomLaunch - ok
20:29:55.0916 0x08a8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:29:55.0916 0x08a8 defragsvc - ok
20:29:55.0936 0x08a8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:29:55.0936 0x08a8 DfsC - ok
20:29:55.0956 0x08a8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:29:55.0966 0x08a8 Dhcp - ok
20:29:55.0966 0x08a8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:29:55.0966 0x08a8 discache - ok
20:29:55.0986 0x08a8 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
20:29:55.0986 0x08a8 Disk - ok
20:29:56.0016 0x08a8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:29:56.0016 0x08a8 Dnscache - ok
20:29:56.0026 0x08a8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:29:56.0036 0x08a8 dot3svc - ok
20:29:56.0036 0x08a8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:29:56.0036 0x08a8 DPS - ok
20:29:56.0086 0x08a8 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:29:56.0086 0x08a8 drmkaud - ok
20:29:56.0146 0x08a8 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:29:56.0156 0x08a8 DXGKrnl - ok
20:29:56.0166 0x08a8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:29:56.0166 0x08a8 EapHost - ok
20:29:56.0256 0x08a8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:29:56.0296 0x08a8 ebdrv - ok
20:29:56.0316 0x08a8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
20:29:56.0316 0x08a8 EFS - ok
20:29:56.0346 0x08a8 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:29:56.0356 0x08a8 ehRecvr - ok
20:29:56.0356 0x08a8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
20:29:56.0366 0x08a8 ehSched - ok
20:29:56.0386 0x08a8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:29:56.0386 0x08a8 elxstor - ok
20:29:56.0406 0x08a8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:29:56.0406 0x08a8 ErrDev - ok
20:29:56.0426 0x08a8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:29:56.0436 0x08a8 EventSystem - ok
20:29:56.0446 0x08a8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:29:56.0456 0x08a8 exfat - ok
20:29:56.0476 0x08a8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:29:56.0476 0x08a8 fastfat - ok
20:29:56.0516 0x08a8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
20:29:56.0526 0x08a8 Fax - ok
20:29:56.0526 0x08a8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
20:29:56.0526 0x08a8 fdc - ok
20:29:56.0536 0x08a8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:29:56.0536 0x08a8 fdPHost - ok
20:29:56.0546 0x08a8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:29:56.0546 0x08a8 FDResPub - ok
20:29:56.0546 0x08a8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:29:56.0556 0x08a8 FileInfo - ok
20:29:56.0556 0x08a8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:29:56.0556 0x08a8 Filetrace - ok
20:29:56.0566 0x08a8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:29:56.0566 0x08a8 flpydisk - ok
20:29:56.0576 0x08a8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:29:56.0576 0x08a8 FltMgr - ok
20:29:56.0656 0x08a8 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
20:29:56.0686 0x08a8 FontCache - ok
20:29:56.0726 0x08a8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:29:56.0726 0x08a8 FontCache3.0.0.0 - ok
20:29:56.0746 0x08a8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:29:56.0756 0x08a8 FsDepends - ok
20:29:56.0776 0x08a8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:29:56.0776 0x08a8 Fs_Rec - ok
20:29:56.0826 0x08a8 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:29:56.0836 0x08a8 fvevol - ok
20:29:56.0846 0x08a8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:29:56.0856 0x08a8 gagp30kx - ok
20:29:56.0896 0x08a8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:29:56.0926 0x08a8 gpsvc - ok
20:29:56.0936 0x08a8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:29:56.0936 0x08a8 hcw85cir - ok
20:29:56.0986 0x08a8 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:29:57.0006 0x08a8 HdAudAddService - ok
20:29:57.0026 0x08a8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:29:57.0036 0x08a8 HDAudBus - ok
20:29:57.0046 0x08a8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:29:57.0046 0x08a8 HidBatt - ok
20:29:57.0066 0x08a8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:29:57.0066 0x08a8 HidBth - ok
20:29:57.0076 0x08a8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:29:57.0076 0x08a8 HidIr - ok
20:29:57.0086 0x08a8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
20:29:57.0086 0x08a8 hidserv - ok
20:29:57.0126 0x08a8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:29:57.0136 0x08a8 HidUsb - ok
20:29:57.0156 0x08a8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:29:57.0156 0x08a8 hkmsvc - ok
20:29:57.0176 0x08a8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:29:57.0176 0x08a8 HomeGroupListener - ok
20:29:57.0206 0x08a8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:29:57.0216 0x08a8 HomeGroupProvider - ok
20:29:57.0246 0x08a8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:29:57.0246 0x08a8 HpSAMD - ok
20:29:57.0286 0x08a8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:29:57.0296 0x08a8 HTTP - ok
20:29:57.0306 0x08a8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:29:57.0306 0x08a8 hwpolicy - ok
20:29:57.0306 0x08a8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:29:57.0306 0x08a8 i8042prt - ok
20:29:57.0336 0x08a8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:29:57.0346 0x08a8 iaStorV - ok
20:29:57.0436 0x08a8 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:29:57.0446 0x08a8 idsvc - ok
20:29:57.0446 0x08a8 IEEtwCollectorService - ok
20:29:57.0466 0x08a8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:29:57.0466 0x08a8 iirsp - ok
20:29:57.0486 0x08a8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
20:29:57.0496 0x08a8 IKEEXT - ok
20:29:57.0586 0x08a8 [ 3D2128DB25312418FEF7AC2844F5F50B, BB3596F464A3E8813193EB55372DCECD8963A910F071B5831FFFA86271498216 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:29:57.0626 0x0e0c Object required for P2P: [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi
20:29:57.0636 0x08a8 IntcAzAudAddService - ok
20:29:57.0656 0x08a8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:29:57.0656 0x08a8 intelide - ok
20:29:57.0676 0x08a8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:29:57.0676 0x08a8 intelppm - ok
20:29:57.0736 0x08a8 [ 44A9B60ECA9F6D760E0292E56127BCED, 1795EBC766D1F29D4F279967D7B08ADC2C673ABD7DD1BC157D2A05BCA6B65986 ] ipadtst         C:\Program Files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys
20:29:57.0736 0x08a8 ipadtst - ok
20:29:57.0766 0x08a8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:29:57.0776 0x08a8 IPBusEnum - ok
20:29:57.0796 0x08a8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:29:57.0806 0x08a8 IpFilterDriver - ok
20:29:57.0846 0x08a8 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:29:57.0866 0x08a8 iphlpsvc - ok
20:29:57.0866 0x08a8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:29:57.0866 0x08a8 IPMIDRV - ok
20:29:57.0876 0x08a8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:29:57.0876 0x08a8 IPNAT - ok
20:29:57.0886 0x08a8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:29:57.0886 0x08a8 IRENUM - ok
20:29:57.0906 0x08a8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:29:57.0906 0x08a8 isapnp - ok
20:29:57.0926 0x08a8 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:29:57.0926 0x08a8 iScsiPrt - ok
20:29:57.0956 0x08a8 [ 78D369F8A81A341109FBA1DB64B4C512, E584F693255CCBF7006E7D35984149CF599BB0849A8F02EFDD6223DF0D606049 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
20:29:57.0956 0x08a8 iusb3hcs - ok
20:29:57.0986 0x08a8 [ 5B632ABA038CE2E2D5D2D1115C6B26D1, 605A8FFA704E4369CF9D17DF8630DC9E196B8920D47F1CC5151759E60B234C1F ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
20:29:58.0006 0x08a8 iusb3hub - ok
20:29:58.0036 0x08a8 [ EA841584EF59528D11F20355770E427E, 515737761BB2A0A233F4AD141E28D93E3B9789320A15B7D5FB3DB5AC3CD8E249 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
20:29:58.0046 0x08a8 iusb3xhc - ok
20:29:58.0056 0x08a8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:29:58.0056 0x08a8 kbdclass - ok
20:29:58.0066 0x08a8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:29:58.0066 0x08a8 kbdhid - ok
20:29:58.0076 0x08a8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
20:29:58.0076 0x08a8 KeyIso - ok
20:29:58.0086 0x08a8 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:29:58.0086 0x08a8 KSecDD - ok
20:29:58.0126 0x08a8 [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:29:58.0126 0x08a8 KSecPkg - ok
20:29:58.0136 0x08a8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:29:58.0136 0x08a8 ksthunk - ok
20:29:58.0166 0x08a8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:29:58.0176 0x08a8 KtmRm - ok
20:29:58.0206 0x08a8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
20:29:58.0206 0x08a8 LanmanServer - ok
20:29:58.0226 0x08a8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:29:58.0226 0x08a8 LanmanWorkstation - ok
20:29:58.0246 0x08a8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:29:58.0246 0x08a8 lltdio - ok
20:29:58.0266 0x08a8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:29:58.0276 0x08a8 lltdsvc - ok
20:29:58.0286 0x08a8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:29:58.0286 0x08a8 lmhosts - ok
20:29:58.0316 0x08a8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:29:58.0316 0x08a8 LSI_FC - ok
20:29:58.0346 0x08a8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:29:58.0346 0x08a8 LSI_SAS - ok
20:29:58.0366 0x08a8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:29:58.0376 0x08a8 LSI_SAS2 - ok
20:29:58.0396 0x08a8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:29:58.0396 0x08a8 LSI_SCSI - ok
20:29:58.0426 0x08a8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:29:58.0426 0x08a8 luafv - ok
20:29:58.0456 0x08a8 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:29:58.0456 0x08a8 Mcx2Svc - ok
20:29:58.0476 0x08a8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:29:58.0476 0x08a8 megasas - ok
20:29:58.0506 0x08a8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:29:58.0516 0x08a8 MegaSR - ok
20:29:58.0546 0x08a8 [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
20:29:58.0546 0x08a8 MEIx64 - ok
20:29:58.0566 0x08a8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:29:58.0566 0x08a8 MMCSS - ok
20:29:58.0586 0x08a8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:29:58.0586 0x08a8 Modem - ok
20:29:58.0596 0x08a8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:29:58.0606 0x08a8 monitor - ok
20:29:58.0626 0x08a8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:29:58.0626 0x08a8 mouclass - ok
20:29:58.0636 0x08a8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:29:58.0636 0x08a8 mouhid - ok
20:29:58.0656 0x08a8 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:29:58.0656 0x08a8 mountmgr - ok
20:29:58.0706 0x08a8 [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:29:58.0716 0x08a8 MozillaMaintenance - ok
20:29:58.0746 0x08a8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:29:58.0746 0x08a8 mpio - ok
20:29:58.0786 0x08a8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:29:58.0786 0x08a8 mpsdrv - ok
20:29:58.0846 0x08a8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:29:58.0866 0x08a8 MpsSvc - ok
20:29:58.0906 0x08a8 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:29:58.0916 0x08a8 MRxDAV - ok
20:29:58.0936 0x08a8 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:29:58.0936 0x08a8 mrxsmb - ok
20:29:58.0956 0x08a8 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:29:58.0966 0x08a8 mrxsmb10 - ok
20:29:58.0976 0x08a8 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:29:58.0976 0x08a8 mrxsmb20 - ok
20:29:58.0996 0x08a8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:29:58.0996 0x08a8 msahci - ok
20:29:59.0006 0x08a8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:29:59.0016 0x08a8 msdsm - ok
20:29:59.0036 0x08a8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:29:59.0036 0x08a8 MSDTC - ok
20:29:59.0066 0x08a8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:29:59.0066 0x08a8 Msfs - ok
20:29:59.0076 0x08a8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:29:59.0076 0x08a8 mshidkmdf - ok
20:29:59.0086 0x08a8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:29:59.0086 0x08a8 msisadrv - ok
20:29:59.0116 0x08a8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:29:59.0126 0x08a8 MSiSCSI - ok
20:29:59.0126 0x08a8 msiserver - ok
20:29:59.0156 0x08a8 [ B0762157B3CFF4D4782646F009EE8465, 57D48AE041E0528E5CA0F0A300CA32FF114A01750C9E3D49EFAC3EFD3E5E9AF8 ] MSI_SuperCharger C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
20:29:59.0156 0x08a8 MSI_SuperCharger - ok
20:29:59.0186 0x08a8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:29:59.0186 0x08a8 MSKSSRV - ok
20:29:59.0196 0x08a8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:29:59.0196 0x08a8 MSPCLOCK - ok
20:29:59.0196 0x08a8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:29:59.0196 0x08a8 MSPQM - ok
20:29:59.0226 0x08a8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:29:59.0236 0x08a8 MsRPC - ok
20:29:59.0246 0x08a8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:29:59.0246 0x08a8 mssmbios - ok
20:29:59.0266 0x08a8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:29:59.0266 0x08a8 MSTEE - ok
20:29:59.0276 0x08a8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:29:59.0276 0x08a8 MTConfig - ok
20:29:59.0296 0x08a8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:29:59.0296 0x08a8 Mup - ok
20:29:59.0326 0x08a8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:29:59.0336 0x08a8 napagent - ok
20:29:59.0356 0x08a8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:29:59.0366 0x08a8 NativeWifiP - ok
20:29:59.0406 0x08a8 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:29:59.0416 0x08a8 NDIS - ok
20:29:59.0436 0x08a8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:29:59.0436 0x08a8 NdisCap - ok
20:29:59.0456 0x08a8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:29:59.0456 0x08a8 NdisTapi - ok
20:29:59.0456 0x08a8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:29:59.0456 0x08a8 Ndisuio - ok
20:29:59.0456 0x08a8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:29:59.0466 0x08a8 NdisWan - ok
20:29:59.0466 0x08a8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:29:59.0466 0x08a8 NDProxy - ok
20:29:59.0476 0x08a8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:29:59.0486 0x08a8 NetBIOS - ok
20:29:59.0486 0x08a8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:29:59.0496 0x08a8 NetBT - ok
20:29:59.0506 0x08a8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
20:29:59.0506 0x08a8 Netlogon - ok
20:29:59.0556 0x08a8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:29:59.0566 0x08a8 Netman - ok
20:29:59.0616 0x08a8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:29:59.0616 0x08a8 NetMsmqActivator - ok
20:29:59.0626 0x08a8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:29:59.0626 0x08a8 NetPipeActivator - ok
20:29:59.0646 0x08a8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:29:59.0646 0x08a8 netprofm - ok
20:29:59.0656 0x08a8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:29:59.0656 0x08a8 NetTcpActivator - ok
20:29:59.0656 0x08a8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:29:59.0666 0x08a8 NetTcpPortSharing - ok
20:29:59.0686 0x08a8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:29:59.0686 0x08a8 nfrd960 - ok
20:29:59.0736 0x08a8 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:29:59.0736 0x08a8 NlaSvc - ok
20:29:59.0746 0x08a8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:29:59.0746 0x08a8 Npfs - ok
20:29:59.0766 0x08a8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:29:59.0766 0x08a8 nsi - ok
20:29:59.0776 0x08a8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:29:59.0776 0x08a8 nsiproxy - ok
20:29:59.0816 0x08a8 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:29:59.0836 0x08a8 Ntfs - ok
20:29:59.0866 0x08a8 [ 23CF3DA010497EB2BF39A5C5A57E437C, 39CFDE7D401EFCE4F550E0A9461F5FC4D71FA07235E1336E4F0B4882BD76550E ] NTIOLib_1_0_3   C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys
20:29:59.0866 0x08a8 NTIOLib_1_0_3 - ok
20:29:59.0876 0x08a8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:29:59.0876 0x08a8 Null - ok
20:29:59.0896 0x08a8 [ 3DE07A98F9696B7949E562CA249DE739, 02E6CE0C704FFF3402EDD0B5E8CF8E69785379899CB29F28E32F260721881FFB ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
20:29:59.0896 0x08a8 NVHDA - ok
20:30:00.0146 0x08a8 [ 0BE46C230D2591F4E9A93B6CF32D9A56, A4ADD7414B0A69DCA8203B0C089163224AC924D489DA01E7EBA217FC2163626F ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:30:00.0286 0x08a8 nvlddmkm - ok
20:30:00.0326 0x08a8 [ 903A40C958D471F9D30D29FA6D2800A4, 4641F8E8B20EE9AF8AB61E61AD74D41A4E9F51C906EC5F3BDC484FFAFB540E69 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
20:30:00.0346 0x08a8 NvNetworkService - ok
20:30:00.0366 0x08a8 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:30:00.0376 0x08a8 nvraid - ok
20:30:00.0416 0x08a8 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:30:00.0416 0x08a8 nvstor - ok
20:30:00.0606 0x0e0c Object send P2P result: true
20:30:00.0776 0x08a8 [ 68DE8D996D8FF628AB6B3D422035F862, 239CE5BE15F39966AE5243971FE75BDFB35359F92C8294C61155C863F4B3C40E ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
20:30:00.0936 0x08a8 NvStreamSvc - ok
20:30:00.0986 0x08a8 [ 09C18A434C20D388D853A8F0273A03DD, 202CBB6788944704F96F4AE7499F48DE94CE38D3787ED9B00CBC7793155F49BD ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:30:00.0996 0x08a8 nvsvc - ok
20:30:01.0006 0x08a8 [ 09216A70CC364D0974F606F6F2109210, 60877154D4DF5287D1989CDAA9863CD6DACA528D06233238498854A10C868C20 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
20:30:01.0006 0x08a8 nvvad_WaveExtensible - ok
20:30:01.0026 0x08a8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:30:01.0026 0x08a8 nv_agp - ok
20:30:01.0036 0x08a8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:30:01.0036 0x08a8 ohci1394 - ok
20:30:01.0046 0x08a8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:30:01.0056 0x08a8 p2pimsvc - ok
20:30:01.0076 0x08a8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:30:01.0076 0x08a8 p2psvc - ok
20:30:01.0086 0x08a8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
20:30:01.0086 0x08a8 Parport - ok
20:30:01.0106 0x08a8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:30:01.0106 0x08a8 partmgr - ok
20:30:01.0136 0x08a8 [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:30:01.0136 0x08a8 PcaSvc - ok
20:30:01.0156 0x08a8 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
20:30:01.0156 0x08a8 pci - ok
20:30:01.0176 0x08a8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:30:01.0176 0x08a8 pciide - ok
20:30:01.0186 0x08a8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:30:01.0196 0x08a8 pcmcia - ok
20:30:01.0206 0x08a8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:30:01.0206 0x08a8 pcw - ok
20:30:01.0236 0x08a8 [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:30:01.0246 0x08a8 PEAUTH - ok
20:30:01.0296 0x08a8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:30:01.0296 0x08a8 PerfHost - ok
20:30:01.0336 0x08a8 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
20:30:01.0356 0x08a8 pla - ok
20:30:01.0386 0x08a8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:30:01.0396 0x08a8 PlugPlay - ok
20:30:01.0396 0x08a8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:30:01.0396 0x08a8 PNRPAutoReg - ok
20:30:01.0406 0x08a8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:30:01.0416 0x08a8 PNRPsvc - ok
20:30:01.0436 0x08a8 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:30:01.0446 0x08a8 PolicyAgent - ok
20:30:01.0466 0x08a8 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:30:01.0476 0x08a8 Power - ok
20:30:01.0496 0x08a8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:30:01.0496 0x08a8 PptpMiniport - ok
20:30:01.0506 0x08a8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
20:30:01.0506 0x08a8 Processor - ok
20:30:01.0556 0x08a8 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:30:01.0576 0x08a8 ProfSvc - ok
20:30:01.0576 0x08a8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:30:01.0586 0x08a8 ProtectedStorage - ok
20:30:01.0596 0x08a8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:30:01.0606 0x08a8 Psched - ok
20:30:01.0676 0x08a8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:30:01.0696 0x08a8 ql2300 - ok
20:30:01.0736 0x08a8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:30:01.0736 0x08a8 ql40xx - ok
20:30:01.0766 0x08a8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:30:01.0776 0x08a8 QWAVE - ok
20:30:01.0776 0x08a8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:30:01.0786 0x08a8 QWAVEdrv - ok
20:30:01.0796 0x08a8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:30:01.0796 0x08a8 RasAcd - ok
20:30:01.0826 0x08a8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:30:01.0826 0x08a8 RasAgileVpn - ok
20:30:01.0826 0x08a8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:30:01.0836 0x08a8 RasAuto - ok
20:30:01.0846 0x08a8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:30:01.0846 0x08a8 Rasl2tp - ok
20:30:01.0866 0x08a8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:30:01.0866 0x08a8 RasMan - ok
20:30:01.0876 0x08a8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:30:01.0876 0x08a8 RasPppoe - ok
20:30:01.0886 0x08a8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:30:01.0886 0x08a8 RasSstp - ok
20:30:01.0906 0x08a8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:30:01.0906 0x08a8 rdbss - ok
20:30:01.0916 0x08a8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
20:30:01.0916 0x08a8 rdpbus - ok
20:30:01.0926 0x08a8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:30:01.0926 0x08a8 RDPCDD - ok
20:30:01.0936 0x08a8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:30:01.0936 0x08a8 RDPENCDD - ok
20:30:01.0956 0x08a8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:30:01.0956 0x08a8 RDPREFMP - ok
20:30:01.0986 0x08a8 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:30:01.0986 0x08a8 RDPWD - ok
20:30:02.0006 0x08a8 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:30:02.0016 0x08a8 rdyboost - ok
20:30:02.0036 0x08a8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:30:02.0036 0x08a8 RemoteAccess - ok
20:30:02.0046 0x08a8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:30:02.0056 0x08a8 RemoteRegistry - ok
20:30:02.0076 0x08a8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:30:02.0076 0x08a8 RpcEptMapper - ok
20:30:02.0076 0x08a8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:30:02.0076 0x08a8 RpcLocator - ok
20:30:02.0096 0x08a8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\System32\rpcss.dll
20:30:02.0106 0x08a8 RpcSs - ok
20:30:02.0116 0x08a8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:30:02.0116 0x08a8 rspndr - ok
20:30:02.0176 0x08a8 [ AC4CA62572CA516945AB92D6C9F501F4, 6CB4178DD1ED3D8224EA1F91CAA00AFBC756DCA2DFD71F399B05E511E79D5150 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:30:02.0186 0x08a8 RTL8167 - ok
20:30:02.0196 0x08a8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
20:30:02.0196 0x08a8 SamSs - ok
20:30:02.0226 0x08a8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:30:02.0226 0x08a8 sbp2port - ok
20:30:02.0256 0x08a8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:30:02.0256 0x08a8 SCardSvr - ok
20:30:02.0266 0x08a8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:30:02.0266 0x08a8 scfilter - ok
20:30:02.0306 0x08a8 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
20:30:02.0326 0x08a8 Schedule - ok
20:30:02.0346 0x08a8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:30:02.0346 0x08a8 SCPolicySvc - ok
20:30:02.0356 0x08a8 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:30:02.0356 0x08a8 SDRSVC - ok
20:30:02.0376 0x08a8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:30:02.0376 0x08a8 secdrv - ok
20:30:02.0386 0x08a8 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
20:30:02.0386 0x08a8 seclogon - ok
20:30:02.0396 0x08a8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
20:30:02.0396 0x08a8 SENS - ok
20:30:02.0406 0x08a8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:30:02.0406 0x08a8 SensrSvc - ok
20:30:02.0416 0x08a8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:30:02.0416 0x08a8 Serenum - ok
20:30:02.0446 0x08a8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:30:02.0456 0x08a8 Serial - ok
20:30:02.0466 0x08a8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:30:02.0466 0x08a8 sermouse - ok
20:30:02.0496 0x08a8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:30:02.0496 0x08a8 SessionEnv - ok
20:30:02.0506 0x08a8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:30:02.0506 0x08a8 sffdisk - ok
20:30:02.0506 0x08a8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:30:02.0506 0x08a8 sffp_mmc - ok
20:30:02.0516 0x08a8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:30:02.0516 0x08a8 sffp_sd - ok
20:30:02.0516 0x08a8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:30:02.0516 0x08a8 sfloppy - ok
20:30:02.0546 0x08a8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:30:02.0556 0x08a8 SharedAccess - ok
20:30:02.0566 0x08a8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:30:02.0576 0x08a8 ShellHWDetection - ok
20:30:02.0586 0x08a8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:30:02.0586 0x08a8 SiSRaid2 - ok
20:30:02.0626 0x08a8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:30:02.0636 0x08a8 SiSRaid4 - ok
20:30:02.0696 0x08a8 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:30:02.0716 0x08a8 SkypeUpdate - ok
20:30:02.0716 0x08a8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:30:02.0716 0x08a8 Smb - ok
20:30:02.0776 0x08a8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:30:02.0776 0x08a8 SNMPTRAP - ok
20:30:02.0786 0x08a8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:30:02.0786 0x08a8 spldr - ok
20:30:02.0856 0x08a8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
20:30:02.0866 0x08a8 Spooler - ok
20:30:02.0946 0x08a8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:30:02.0996 0x08a8 sppsvc - ok
20:30:03.0006 0x08a8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:30:03.0006 0x08a8 sppuinotify - ok
20:30:03.0036 0x08a8 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:30:03.0036 0x08a8 srv - ok
20:30:03.0056 0x08a8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:30:03.0056 0x08a8 srv2 - ok
20:30:03.0076 0x08a8 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:30:03.0076 0x08a8 srvnet - ok
20:30:03.0096 0x08a8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:30:03.0096 0x08a8 SSDPSRV - ok
20:30:03.0106 0x08a8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:30:03.0106 0x08a8 SstpSvc - ok
20:30:03.0176 0x08a8 [ 37365BB52BB1466221BF7B8A7D22D663, 4ADA4612D1A1541965B0F1032283C0C7C51AE8383072264D48B1074E9580CD32 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:30:03.0196 0x08a8 Steam Client Service - ok
20:30:03.0246 0x08a8 [ 93D93ABF80E67AEFDBA75F247470430B, 41724B3AE5153EE184A7419B587F7F45BC902F021DDE2EE6B331999EA68839A7 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:30:03.0256 0x08a8 Stereo Service - ok
20:30:03.0286 0x08a8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:30:03.0286 0x08a8 stexstor - ok
20:30:03.0346 0x08a8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:30:03.0356 0x08a8 stisvc - ok
20:30:03.0366 0x08a8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:30:03.0366 0x08a8 swenum - ok
20:30:03.0396 0x08a8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:30:03.0406 0x08a8 swprv - ok
20:30:03.0446 0x08a8 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
20:30:03.0476 0x08a8 SysMain - ok
20:30:03.0486 0x08a8 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:30:03.0486 0x08a8 TabletInputService - ok
20:30:03.0496 0x08a8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:30:03.0506 0x08a8 TapiSrv - ok
20:30:03.0516 0x08a8 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
20:30:03.0516 0x08a8 TBS - ok
20:30:03.0566 0x08a8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:30:03.0586 0x08a8 Tcpip - ok
20:30:03.0626 0x08a8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:30:03.0646 0x08a8 TCPIP6 - ok
20:30:03.0666 0x08a8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:30:03.0666 0x08a8 tcpipreg - ok
20:30:03.0686 0x08a8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:30:03.0686 0x08a8 TDPIPE - ok
20:30:03.0716 0x08a8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:30:03.0716 0x08a8 TDTCP - ok
20:30:03.0766 0x08a8 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:30:03.0766 0x08a8 tdx - ok
20:30:03.0786 0x08a8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:30:03.0786 0x08a8 TermDD - ok
20:30:03.0856 0x08a8 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
20:30:03.0866 0x08a8 TermService - ok
20:30:03.0886 0x08a8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:30:03.0886 0x08a8 Themes - ok
20:30:03.0906 0x08a8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:30:03.0906 0x08a8 THREADORDER - ok
20:30:03.0916 0x08a8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:30:03.0916 0x08a8 TrkWks - ok
20:30:03.0956 0x08a8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:30:03.0956 0x08a8 TrustedInstaller - ok
20:30:03.0966 0x08a8 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:30:03.0966 0x08a8 tssecsrv - ok
20:30:03.0986 0x08a8 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:30:03.0986 0x08a8 TsUsbFlt - ok
20:30:04.0006 0x08a8 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:30:04.0006 0x08a8 TsUsbGD - ok
20:30:04.0036 0x08a8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:30:04.0036 0x08a8 tunnel - ok
20:30:04.0036 0x08a8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:30:04.0046 0x08a8 uagp35 - ok
20:30:04.0056 0x08a8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:30:04.0066 0x08a8 udfs - ok
20:30:04.0076 0x08a8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:30:04.0076 0x08a8 UI0Detect - ok
20:30:04.0096 0x08a8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:30:04.0096 0x08a8 uliagpkx - ok
20:30:04.0116 0x08a8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:30:04.0116 0x08a8 umbus - ok
20:30:04.0136 0x08a8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:30:04.0136 0x08a8 UmPass - ok
20:30:04.0166 0x08a8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:30:04.0186 0x08a8 upnphost - ok
20:30:04.0246 0x08a8 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:30:04.0246 0x08a8 usbaudio - ok
20:30:04.0296 0x08a8 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:30:04.0296 0x08a8 usbccgp - ok
20:30:04.0316 0x08a8 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:30:04.0316 0x08a8 usbcir - ok
20:30:04.0336 0x08a8 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:30:04.0336 0x08a8 usbehci - ok
20:30:04.0356 0x08a8 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:30:04.0366 0x08a8 usbhub - ok
20:30:04.0376 0x08a8 [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:30:04.0386 0x08a8 usbohci - ok
20:30:04.0386 0x08a8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
20:30:04.0386 0x08a8 usbprint - ok
20:30:04.0406 0x08a8 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:30:04.0416 0x08a8 USBSTOR - ok
20:30:04.0416 0x08a8 [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:30:04.0416 0x08a8 usbuhci - ok
20:30:04.0436 0x08a8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:30:04.0436 0x08a8 UxSms - ok
20:30:04.0436 0x08a8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
20:30:04.0436 0x08a8 VaultSvc - ok
20:30:04.0446 0x08a8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:30:04.0446 0x08a8 vdrvroot - ok
20:30:04.0466 0x08a8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
20:30:04.0486 0x08a8 vds - ok
20:30:04.0516 0x08a8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:30:04.0516 0x08a8 vga - ok
20:30:04.0536 0x08a8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:30:04.0536 0x08a8 VgaSave - ok
20:30:04.0556 0x08a8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:30:04.0556 0x08a8 vhdmp - ok
20:30:04.0586 0x08a8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:30:04.0586 0x08a8 viaide - ok
20:30:04.0606 0x08a8 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:30:04.0606 0x08a8 volmgr - ok
20:30:04.0636 0x08a8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:30:04.0646 0x08a8 volmgrx - ok
20:30:04.0666 0x08a8 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:30:04.0676 0x08a8 volsnap - ok
20:30:04.0696 0x08a8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:30:04.0706 0x08a8 vsmraid - ok
20:30:04.0766 0x08a8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
20:30:04.0786 0x08a8 VSS - ok
20:30:04.0786 0x08a8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:30:04.0786 0x08a8 vwifibus - ok
20:30:04.0836 0x08a8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:30:04.0836 0x08a8 W32Time - ok
20:30:04.0856 0x08a8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:30:04.0856 0x08a8 WacomPen - ok
20:30:04.0866 0x08a8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:30:04.0876 0x08a8 WANARP - ok
20:30:04.0876 0x08a8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:30:04.0876 0x08a8 Wanarpv6 - ok
20:30:04.0966 0x08a8 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:30:04.0986 0x08a8 WatAdminSvc - ok
20:30:05.0086 0x08a8 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
20:30:05.0106 0x08a8 wbengine - ok
20:30:05.0126 0x08a8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:30:05.0126 0x08a8 WbioSrvc - ok
20:30:05.0136 0x08a8 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:30:05.0146 0x08a8 wcncsvc - ok
20:30:05.0156 0x08a8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:30:05.0156 0x08a8 WcsPlugInService - ok
20:30:05.0176 0x08a8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
20:30:05.0176 0x08a8 Wd - ok
20:30:05.0236 0x08a8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:30:05.0246 0x08a8 Wdf01000 - ok
20:30:05.0266 0x08a8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:30:05.0276 0x08a8 WdiServiceHost - ok
20:30:05.0276 0x08a8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:30:05.0286 0x08a8 WdiSystemHost - ok
20:30:05.0306 0x08a8 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
20:30:05.0306 0x08a8 WebClient - ok
20:30:05.0326 0x08a8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:30:05.0336 0x08a8 Wecsvc - ok
20:30:05.0336 0x08a8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:30:05.0346 0x08a8 wercplsupport - ok
20:30:05.0356 0x08a8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:30:05.0366 0x08a8 WerSvc - ok
20:30:05.0376 0x08a8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:30:05.0376 0x08a8 WfpLwf - ok
20:30:05.0386 0x08a8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:30:05.0396 0x08a8 WIMMount - ok
20:30:05.0416 0x08a8 WinDefend - ok
20:30:05.0426 0x08a8 WinHttpAutoProxySvc - ok
20:30:05.0466 0x08a8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:30:05.0476 0x08a8 Winmgmt - ok
20:30:05.0566 0x08a8 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
20:30:05.0596 0x08a8 WinRM - ok
20:30:05.0666 0x08a8 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:30:05.0666 0x08a8 WinUsb - ok
20:30:05.0726 0x08a8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:30:05.0746 0x08a8 Wlansvc - ok
20:30:05.0876 0x08a8 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:30:05.0906 0x08a8 wlidsvc - ok
20:30:05.0916 0x08a8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:30:05.0916 0x08a8 WmiAcpi - ok
20:30:05.0936 0x08a8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:30:05.0936 0x08a8 wmiApSrv - ok
20:30:05.0946 0x08a8 WMPNetworkSvc - ok
20:30:05.0956 0x08a8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:30:05.0956 0x08a8 WPCSvc - ok
20:30:05.0966 0x08a8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:30:05.0966 0x08a8 WPDBusEnum - ok
20:30:05.0976 0x08a8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:30:05.0976 0x08a8 ws2ifsl - ok
20:30:05.0976 0x08a8 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
20:30:05.0986 0x08a8 wscsvc - ok
20:30:05.0986 0x08a8 WSearch - ok
20:30:06.0036 0x08a8 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:30:06.0066 0x08a8 wuauserv - ok
20:30:06.0086 0x08a8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:30:06.0086 0x08a8 WudfPf - ok
20:30:06.0106 0x08a8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:30:06.0116 0x08a8 WUDFRd - ok
20:30:06.0116 0x08a8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:30:06.0126 0x08a8 wudfsvc - ok
20:30:06.0146 0x08a8 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:30:06.0146 0x08a8 WwanSvc - ok
20:30:06.0156 0x08a8 ================ Scan global ===============================
20:30:06.0166 0x08a8 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:30:06.0186 0x08a8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:30:06.0206 0x08a8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:30:06.0216 0x08a8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:30:06.0226 0x08a8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:30:06.0236 0x08a8 [ Global ] - ok
20:30:06.0236 0x08a8 ================ Scan MBR ==================================
20:30:06.0246 0x08a8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:30:06.0376 0x08a8 \Device\Harddisk0\DR0 - ok
20:30:06.0376 0x08a8 ================ Scan VBR ==================================
20:30:06.0376 0x08a8 [ 60CB70DEADD8F939A7F89E7F3E38EB32 ] \Device\Harddisk0\DR0\Partition1
20:30:06.0446 0x08a8 \Device\Harddisk0\DR0\Partition1 - ok
20:30:06.0446 0x08a8 [ 656776613025E95732B34D9C0A7DE983 ] \Device\Harddisk0\DR0\Partition2
20:30:06.0506 0x08a8 \Device\Harddisk0\DR0\Partition2 - ok
20:30:06.0506 0x08a8 ================ Scan generic autorun ======================
20:30:06.0706 0x08a8 [ 809CA7471CD673D1326ED92B5D7BBFBE, 26E5C8983413E4B92501473F8C1A85A0D20FB3CF603200C1779CC221317FA330 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
20:30:06.0876 0x08a8 RTHDVCPL - ok
20:30:06.0956 0x08a8 [ A0012C1D9B8648C20C00202418B9D02F, 833AFB6BCABBF9991C811D6D1BF2C7B95A584F46D93C6B3F49CA2A8A6BE5E657 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
20:30:06.0986 0x08a8 NvBackend - ok
20:30:07.0056 0x08a8 [ 094E4E76FB9AB960A73F841BC6733F42, 01C1BFF17BEC6588E192EC4D7ACB74FC9B95ECA7CB8BB9585B04FC8EA73C3B43 ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
20:30:07.0056 0x08a8 USB3MON - ok
20:30:07.0106 0x08a8 [ F4EC93E4A239F9A27777ED2416F6353D, 347A542146729682027039A92DF8E52FAE283E0DAAED873A59BA17BD1FF26416 ] C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
20:30:07.0126 0x08a8 SUPER CHARGER - ok
20:30:07.0226 0x08a8 [ ACE61C698A49021FA1E2799275E88CC8, F0D03B836B14F0C78B48CBA0D87549D33F76B69EFB7759993982BF1849B532E7 ] C:\Program Files (x86)\Gyazo\GyStation.exe
20:30:07.0256 0x08a8 Gyazo - ok
20:30:07.0266 0x08a8 Waiting for KSN requests completion. In queue: 254
20:30:08.0266 0x08a8 Waiting for KSN requests completion. In queue: 254
20:30:09.0266 0x08a8 Waiting for KSN requests completion. In queue: 254
20:30:10.0266 0x08a8 Waiting for KSN requests completion. In queue: 254
20:30:10.0406 0x0c7c Object required for P2P: [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio
20:30:11.0266 0x08a8 Waiting for KSN requests completion. In queue: 229
20:30:12.0266 0x08a8 Waiting for KSN requests completion. In queue: 229
20:30:13.0266 0x08a8 Waiting for KSN requests completion. In queue: 229
20:30:13.0406 0x0c7c Object send P2P result: true
20:30:13.0406 0x0c7c Object required for P2P: [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup
20:30:14.0266 0x08a8 Waiting for KSN requests completion. In queue: 207
20:30:15.0266 0x08a8 Waiting for KSN requests completion. In queue: 207
20:30:16.0266 0x08a8 Waiting for KSN requests completion. In queue: 207
20:30:17.0266 0x08a8 Waiting for KSN requests completion. In queue: 207
20:30:18.0266 0x08a8 Waiting for KSN requests completion. In queue: 207
20:30:19.0266 0x08a8 Waiting for KSN requests completion. In queue: 207
20:30:20.0266 0x08a8 Waiting for KSN requests completion. In queue: 207
20:30:21.0266 0x08a8 Waiting for KSN requests completion. In queue: 207
20:30:22.0266 0x08a8 Waiting for KSN requests completion. In queue: 207
20:30:23.0266 0x08a8 Waiting for KSN requests completion. In queue: 207
20:30:24.0266 0x08a8 Waiting for KSN requests completion. In queue: 207
20:30:25.0266 0x08a8 Waiting for KSN requests completion. In queue: 207
20:30:26.0266 0x08a8 Waiting for KSN requests completion. In queue: 207
20:30:27.0266 0x08a8 Waiting for KSN requests completion. In queue: 207
20:30:28.0266 0x08a8 Waiting for KSN requests completion. In queue: 207
20:30:29.0266 0x08a8 Waiting for KSN requests completion. In queue: 207
20:30:30.0266 0x08a8 Waiting for KSN requests completion. In queue: 207
20:30:31.0266 0x08a8 Waiting for KSN requests completion. In queue: 207
20:30:32.0266 0x08a8 Waiting for KSN requests completion. In queue: 207
20:30:33.0266 0x08a8 Waiting for KSN requests completion. In queue: 207
20:30:33.0406 0x0c7c Object send P2P result: false
20:30:33.0406 0x0c7c Object required for P2P: [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394
20:30:34.0266 0x08a8 Waiting for KSN requests completion. In queue: 173
20:30:35.0266 0x08a8 Waiting for KSN requests completion. In queue: 173
20:30:36.0266 0x08a8 Waiting for KSN requests completion. In queue: 173
20:30:37.0266 0x08a8 Waiting for KSN requests completion. In queue: 173
20:30:37.0346 0x0c7c Object send P2P result: true
20:30:37.0346 0x0c7c Object required for P2P: [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp
20:30:38.0266 0x08a8 Waiting for KSN requests completion. In queue: 144
20:30:39.0266 0x08a8 Waiting for KSN requests completion. In queue: 144
20:30:40.0266 0x08a8 Waiting for KSN requests completion. In queue: 144
20:30:40.0336 0x0c7c Object send P2P result: true
20:30:40.0346 0x0c7c Object required for P2P: [ AC4CA62572CA516945AB92D6C9F501F4 ] RTL8167
20:30:41.0266 0x08a8 Waiting for KSN requests completion. In queue: 128
20:30:42.0266 0x08a8 Waiting for KSN requests completion. In queue: 128
20:30:43.0266 0x08a8 Waiting for KSN requests completion. In queue: 128
20:30:44.0266 0x08a8 Waiting for KSN requests completion. In queue: 128
20:30:45.0266 0x08a8 Waiting for KSN requests completion. In queue: 128
20:30:46.0266 0x08a8 Waiting for KSN requests completion. In queue: 128
20:30:47.0266 0x08a8 Waiting for KSN requests completion. In queue: 128
20:30:48.0266 0x08a8 Waiting for KSN requests completion. In queue: 128
20:30:49.0266 0x08a8 Waiting for KSN requests completion. In queue: 128
20:30:50.0266 0x08a8 Waiting for KSN requests completion. In queue: 128
20:30:51.0266 0x08a8 Waiting for KSN requests completion. In queue: 128
20:30:52.0266 0x08a8 Waiting for KSN requests completion. In queue: 128
20:30:53.0266 0x08a8 Waiting for KSN requests completion. In queue: 128
20:30:54.0266 0x08a8 Waiting for KSN requests completion. In queue: 128
20:30:55.0266 0x08a8 Waiting for KSN requests completion. In queue: 128
20:30:56.0266 0x08a8 Waiting for KSN requests completion. In queue: 128
20:30:57.0266 0x08a8 Waiting for KSN requests completion. In queue: 128
20:30:58.0266 0x08a8 Waiting for KSN requests completion. In queue: 128
20:30:59.0266 0x08a8 Waiting for KSN requests completion. In queue: 128
20:31:00.0266 0x08a8 Waiting for KSN requests completion. In queue: 128
20:31:00.0346 0x0c7c Object send P2P result: false
20:31:01.0316 0x08a8 Win FW state via NFP2: enabled
20:31:15.0126 0x08a8 ============================================================
20:31:15.0126 0x08a8 Scan finished
20:31:15.0126 0x08a8 ============================================================
20:31:15.0126 0x1008 Detected object count: 0
20:31:15.0126 0x1008 Actual detected object count: 0
21:23:56.0822 0x1714 ============================================================
21:23:56.0822 0x1714 Scan started
21:23:56.0822 0x1714 Mode: Manual; SigCheck; TDLFS;
21:23:56.0822 0x1714 ============================================================
21:23:56.0822 0x1714 KSN ping started
21:24:10.0492 0x1714 KSN ping finished: true
21:24:11.0932 0x1714 ================ Scan system memory ========================
21:24:11.0932 0x1714 System memory - ok
21:24:11.0932 0x1714 ================ Scan services =============================
21:24:12.0062 0x1714 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:24:12.0162 0x1714 1394ohci - ok
21:24:12.0202 0x1714 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:24:12.0222 0x1714 ACPI - ok
21:24:12.0242 0x1714 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:24:12.0272 0x1714 AcpiPmi - ok
21:24:12.0372 0x1714 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:24:12.0382 0x1714 AdobeFlashPlayerUpdateSvc - ok
21:24:12.0422 0x1714 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:24:12.0442 0x1714 adp94xx - ok
21:24:12.0462 0x1714 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:24:12.0472 0x1714 adpahci - ok
21:24:12.0502 0x1714 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:24:12.0502 0x1714 adpu320 - ok
21:24:12.0532 0x1714 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:24:12.0552 0x1714 AeLookupSvc - ok
21:24:12.0572 0x1714 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
21:24:12.0612 0x1714 AFD - ok
21:24:12.0642 0x1714 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
21:24:12.0642 0x1714 agp440 - ok
21:24:12.0652 0x1714 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
21:24:12.0692 0x1714 ALG - ok
21:24:12.0732 0x1714 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:24:12.0742 0x1714 aliide - ok
21:24:12.0752 0x1714 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:24:12.0762 0x1714 amdide - ok
21:24:12.0772 0x1714 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:24:12.0782 0x1714 AmdK8 - ok
21:24:12.0792 0x1714 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:24:12.0812 0x1714 AmdPPM - ok
21:24:12.0862 0x1714 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:24:12.0892 0x1714 amdsata - ok
21:24:12.0912 0x1714 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:24:12.0932 0x1714 amdsbs - ok
21:24:12.0952 0x1714 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:24:12.0962 0x1714 amdxata - ok
21:24:12.0982 0x1714 [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID           C:\Windows\system32\drivers\appid.sys
21:24:13.0022 0x1714 AppID - ok
21:24:13.0062 0x1714 [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:24:13.0082 0x1714 AppIDSvc - ok
21:24:13.0102 0x1714 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
21:24:13.0112 0x1714 Appinfo - ok
21:24:13.0132 0x1714 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
21:24:13.0142 0x1714 arc - ok
21:24:13.0152 0x1714 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:24:13.0162 0x1714 arcsas - ok
21:24:13.0252 0x1714 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:24:13.0272 0x1714 aspnet_state - ok
21:24:13.0292 0x1714 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:24:13.0332 0x1714 AsyncMac - ok
21:24:13.0352 0x1714 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:24:13.0352 0x1714 atapi - ok
21:24:13.0352 0x1714 Object required for P2P: [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi
21:24:33.0352 0x1714 Object send P2P result: false
21:24:33.0422 0x1714 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:24:33.0472 0x1714 AudioEndpointBuilder - ok
21:24:33.0492 0x1714 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:24:33.0512 0x1714 AudioSrv - ok
21:24:33.0542 0x1714 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:24:33.0582 0x1714 AxInstSV - ok
21:24:33.0622 0x1714 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:24:33.0662 0x1714 b06bdrv - ok
21:24:33.0692 0x1714 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:24:33.0742 0x1714 b57nd60a - ok
21:24:33.0772 0x1714 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:24:33.0822 0x1714 BDESVC - ok
21:24:33.0842 0x1714 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:24:33.0892 0x1714 Beep - ok
21:24:33.0912 0x1714 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
21:24:33.0942 0x1714 BFE - ok
21:24:33.0972 0x1714 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
21:24:34.0002 0x1714 BITS - ok
21:24:34.0012 0x1714 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:24:34.0032 0x1714 blbdrive - ok
21:24:34.0072 0x1714 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:24:34.0112 0x1714 bowser - ok
21:24:34.0132 0x1714 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:24:34.0152 0x1714 BrFiltLo - ok
21:24:34.0162 0x1714 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:24:34.0172 0x1714 BrFiltUp - ok
21:24:34.0192 0x1714 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
21:24:34.0222 0x1714 BridgeMP - ok
21:24:34.0252 0x1714 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
21:24:34.0262 0x1714 Browser - ok
21:24:34.0292 0x1714 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:24:34.0302 0x1714 Brserid - ok
21:24:34.0322 0x1714 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:24:34.0332 0x1714 BrSerWdm - ok
21:24:34.0332 0x1714 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:24:34.0372 0x1714 BrUsbMdm - ok
21:24:34.0372 0x1714 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:24:34.0382 0x1714 BrUsbSer - ok
21:24:34.0392 0x1714 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:24:34.0402 0x1714 BTHMODEM - ok
21:24:34.0442 0x1714 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
21:24:34.0482 0x1714 bthserv - ok
21:24:34.0482 0x1714 catchme - ok
21:24:34.0502 0x1714 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:24:34.0522 0x1714 cdfs - ok
21:24:34.0542 0x1714 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:24:34.0552 0x1714 cdrom - ok
21:24:34.0562 0x1714 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:24:34.0582 0x1714 CertPropSvc - ok
21:24:34.0592 0x1714 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:24:34.0602 0x1714 circlass - ok
21:24:34.0622 0x1714 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
21:24:34.0632 0x1714 CLFS - ok
21:24:34.0702 0x1714 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:24:34.0722 0x1714 clr_optimization_v2.0.50727_32 - ok
21:24:34.0752 0x1714 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:24:34.0772 0x1714 clr_optimization_v2.0.50727_64 - ok
21:24:34.0832 0x1714 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:24:34.0842 0x1714 clr_optimization_v4.0.30319_32 - ok
21:24:34.0862 0x1714 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:24:34.0882 0x1714 clr_optimization_v4.0.30319_64 - ok
21:24:34.0892 0x1714 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
21:24:34.0902 0x1714 CmBatt - ok
21:24:34.0922 0x1714 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:24:34.0932 0x1714 cmdide - ok
21:24:34.0962 0x1714 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
21:24:34.0992 0x1714 CNG - ok
21:24:35.0002 0x1714 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:24:35.0012 0x1714 Compbatt - ok
21:24:35.0022 0x1714 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:24:35.0052 0x1714 CompositeBus - ok
21:24:35.0052 0x1714 COMSysApp - ok
21:24:35.0062 0x1714 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:24:35.0072 0x1714 crcdisk - ok
21:24:35.0122 0x1714 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:24:35.0142 0x1714 CryptSvc - ok
21:24:35.0182 0x1714 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:24:35.0212 0x1714 DcomLaunch - ok
21:24:35.0242 0x1714 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:24:35.0282 0x1714 defragsvc - ok
21:24:35.0312 0x1714 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:24:35.0332 0x1714 DfsC - ok
21:24:35.0342 0x1714 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:24:35.0382 0x1714 Dhcp - ok
21:24:35.0402 0x1714 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
21:24:35.0472 0x1714 discache - ok
21:24:35.0502 0x1714 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
21:24:35.0512 0x1714 Disk - ok
21:24:35.0542 0x1714 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:24:35.0552 0x1714 Dnscache - ok
21:24:35.0572 0x1714 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:24:35.0602 0x1714 dot3svc - ok
21:24:35.0612 0x1714 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
21:24:35.0642 0x1714 DPS - ok
21:24:35.0692 0x1714 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:24:35.0722 0x1714 drmkaud - ok
21:24:35.0812 0x1714 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:24:35.0842 0x1714 DXGKrnl - ok
21:24:35.0872 0x1714 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
21:24:35.0892 0x1714 EapHost - ok
21:24:35.0972 0x1714 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:24:36.0022 0x1714 ebdrv - ok
21:24:36.0042 0x1714 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
21:24:36.0042 0x1714 EFS - ok
21:24:36.0082 0x1714 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:24:36.0102 0x1714 ehRecvr - ok
21:24:36.0112 0x1714 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
21:24:36.0142 0x1714 ehSched - ok
21:24:36.0182 0x1714 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:24:36.0202 0x1714 elxstor - ok
21:24:36.0222 0x1714 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:24:36.0222 0x1714 ErrDev - ok
21:24:36.0242 0x1714 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
21:24:36.0282 0x1714 EventSystem - ok
21:24:36.0302 0x1714 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:24:36.0322 0x1714 exfat - ok
21:24:36.0342 0x1714 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:24:36.0362 0x1714 fastfat - ok
21:24:36.0402 0x1714 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
21:24:36.0432 0x1714 Fax - ok
21:24:36.0452 0x1714 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
21:24:36.0482 0x1714 fdc - ok
21:24:36.0512 0x1714 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
21:24:36.0572 0x1714 fdPHost - ok
21:24:36.0582 0x1714 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:24:36.0612 0x1714 FDResPub - ok
21:24:36.0622 0x1714 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:24:36.0632 0x1714 FileInfo - ok
21:24:36.0642 0x1714 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:24:36.0712 0x1714 Filetrace - ok
21:24:36.0722 0x1714 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:24:36.0732 0x1714 flpydisk - ok
21:24:36.0752 0x1714 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:24:36.0762 0x1714 FltMgr - ok
21:24:36.0822 0x1714 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
21:24:36.0842 0x1714 FontCache - ok
21:24:36.0882 0x1714 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:24:36.0892 0x1714 FontCache3.0.0.0 - ok
21:24:36.0902 0x1714 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:24:36.0902 0x1714 FsDepends - ok
21:24:36.0942 0x1714 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:24:36.0962 0x1714 Fs_Rec - ok
21:24:36.0982 0x1714 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:24:36.0992 0x1714 fvevol - ok
21:24:37.0012 0x1714 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:24:37.0012 0x1714 gagp30kx - ok
21:24:37.0052 0x1714 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:24:37.0082 0x1714 gpsvc - ok
21:24:37.0092 0x1714 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:24:37.0112 0x1714 hcw85cir - ok
21:24:37.0172 0x1714 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:24:37.0192 0x1714 HdAudAddService - ok
21:24:37.0202 0x1714 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:24:37.0212 0x1714 HDAudBus - ok
21:24:37.0222 0x1714 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:24:37.0222 0x1714 HidBatt - ok
21:24:37.0232 0x1714 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:24:37.0232 0x1714 HidBth - ok
21:24:37.0252 0x1714 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:24:37.0262 0x1714 HidIr - ok
21:24:37.0272 0x1714 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
21:24:37.0292 0x1714 hidserv - ok
21:24:37.0332 0x1714 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:24:37.0352 0x1714 HidUsb - ok
21:24:37.0372 0x1714 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:24:37.0442 0x1714 hkmsvc - ok
21:24:37.0462 0x1714 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:24:37.0472 0x1714 HomeGroupListener - ok
21:24:37.0502 0x1714 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:24:37.0542 0x1714 HomeGroupProvider - ok
21:24:37.0572 0x1714 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:24:37.0582 0x1714 HpSAMD - ok
21:24:37.0612 0x1714 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:24:37.0672 0x1714 HTTP - ok
21:24:37.0702 0x1714 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:24:37.0712 0x1714 hwpolicy - ok
21:24:37.0722 0x1714 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:24:37.0722 0x1714 i8042prt - ok
21:24:37.0752 0x1714 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:24:37.0762 0x1714 iaStorV - ok
21:24:37.0852 0x1714 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:24:37.0882 0x1714 idsvc - ok
21:24:37.0892 0x1714 IEEtwCollectorService - ok
21:24:37.0902 0x1714 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:24:37.0912 0x1714 iirsp - ok
21:24:37.0942 0x1714 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
21:24:37.0962 0x1714 IKEEXT - ok
21:24:38.0052 0x1714 [ 3D2128DB25312418FEF7AC2844F5F50B, BB3596F464A3E8813193EB55372DCECD8963A910F071B5831FFFA86271498216 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:24:38.0112 0x1714 IntcAzAudAddService - ok
21:24:38.0132 0x1714 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:24:38.0142 0x1714 intelide - ok
21:24:38.0152 0x1714 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:24:38.0152 0x1714 intelppm - ok
21:24:38.0202 0x1714 [ 44A9B60ECA9F6D760E0292E56127BCED, 1795EBC766D1F29D4F279967D7B08ADC2C673ABD7DD1BC157D2A05BCA6B65986 ] ipadtst         C:\Program Files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys
21:24:38.0222 0x1714 ipadtst - ok
21:24:38.0262 0x1714 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:24:38.0352 0x1714 IPBusEnum - ok
21:24:38.0362 0x1714 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:24:38.0422 0x1714 IpFilterDriver - ok
21:24:38.0462 0x1714 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:24:38.0492 0x1714 iphlpsvc - ok
21:24:38.0502 0x1714 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:24:38.0512 0x1714 IPMIDRV - ok
21:24:38.0512 0x1714 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:24:38.0542 0x1714 IPNAT - ok
21:24:38.0552 0x1714 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:24:38.0582 0x1714 IRENUM - ok
21:24:38.0602 0x1714 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:24:38.0612 0x1714 isapnp - ok
21:24:38.0652 0x1714 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:24:38.0662 0x1714 iScsiPrt - ok
21:24:38.0692 0x1714 [ 78D369F8A81A341109FBA1DB64B4C512, E584F693255CCBF7006E7D35984149CF599BB0849A8F02EFDD6223DF0D606049 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
21:24:38.0692 0x1714 iusb3hcs - ok
21:24:38.0732 0x1714 [ 5B632ABA038CE2E2D5D2D1115C6B26D1, 605A8FFA704E4369CF9D17DF8630DC9E196B8920D47F1CC5151759E60B234C1F ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
21:24:38.0742 0x1714 iusb3hub - ok
21:24:38.0772 0x1714 [ EA841584EF59528D11F20355770E427E, 515737761BB2A0A233F4AD141E28D93E3B9789320A15B7D5FB3DB5AC3CD8E249 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
21:24:38.0792 0x1714 iusb3xhc - ok
21:24:38.0802 0x1714 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:24:38.0812 0x1714 kbdclass - ok
21:24:38.0812 0x1714 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:24:38.0822 0x1714 kbdhid - ok
21:24:38.0832 0x1714 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
21:24:38.0842 0x1714 KeyIso - ok
21:24:38.0852 0x1714 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:24:38.0862 0x1714 KSecDD - ok
21:24:38.0902 0x1714 [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:24:38.0912 0x1714 KSecPkg - ok
21:24:38.0922 0x1714 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:24:38.0962 0x1714 ksthunk - ok
21:24:39.0002 0x1714 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:24:39.0072 0x1714 KtmRm - ok
21:24:39.0122 0x1714 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
21:24:39.0152 0x1714 LanmanServer - ok
21:24:39.0162 0x1714 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:24:39.0182 0x1714 LanmanWorkstation - ok
21:24:39.0202 0x1714 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:24:39.0212 0x1714 lltdio - ok
21:24:39.0232 0x1714 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:24:39.0282 0x1714 lltdsvc - ok
21:24:39.0302 0x1714 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:24:39.0342 0x1714 lmhosts - ok
21:24:39.0362 0x1714 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:24:39.0372 0x1714 LSI_FC - ok
21:24:39.0382 0x1714 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:24:39.0392 0x1714 LSI_SAS - ok
21:24:39.0402 0x1714 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:24:39.0412 0x1714 LSI_SAS2 - ok
21:24:39.0422 0x1714 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:24:39.0432 0x1714 LSI_SCSI - ok
21:24:39.0452 0x1714 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:24:39.0472 0x1714 luafv - ok
21:24:39.0492 0x1714 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:24:39.0492 0x1714 Mcx2Svc - ok
21:24:39.0512 0x1714 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:24:39.0512 0x1714 megasas - ok
21:24:39.0542 0x1714 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:24:39.0552 0x1714 MegaSR - ok
21:24:39.0572 0x1714 [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
21:24:39.0582 0x1714 MEIx64 - ok
21:24:39.0592 0x1714 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
21:24:39.0642 0x1714 MMCSS - ok
21:24:39.0672 0x1714 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
21:24:39.0682 0x1714 Modem - ok
21:24:39.0692 0x1714 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:24:39.0702 0x1714 monitor - ok
21:24:39.0712 0x1714 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:24:39.0712 0x1714 mouclass - ok
21:24:39.0722 0x1714 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:24:39.0752 0x1714 mouhid - ok
21:24:39.0782 0x1714 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:24:39.0792 0x1714 mountmgr - ok
21:24:39.0832 0x1714 [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:24:39.0862 0x1714 MozillaMaintenance - ok
21:24:39.0902 0x1714 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:24:39.0912 0x1714 mpio - ok
21:24:39.0912 0x1714 Object required for P2P: [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio
21:24:59.0912 0x1714 Object send P2P result: false
21:24:59.0942 0x1714 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:25:00.0022 0x1714 mpsdrv - ok
21:25:00.0072 0x1714 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:25:00.0162 0x1714 MpsSvc - ok
21:25:00.0212 0x1714 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:25:00.0222 0x1714 MRxDAV - ok
21:25:00.0242 0x1714 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:25:00.0252 0x1714 mrxsmb - ok
21:25:00.0272 0x1714 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:25:00.0302 0x1714 mrxsmb10 - ok
21:25:00.0332 0x1714 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:25:00.0342 0x1714 mrxsmb20 - ok
21:25:00.0392 0x1714 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:25:00.0402 0x1714 msahci - ok
21:25:00.0422 0x1714 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:25:00.0442 0x1714 msdsm - ok
21:25:00.0462 0x1714 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
21:25:00.0482 0x1714 MSDTC - ok
21:25:00.0502 0x1714 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:25:00.0522 0x1714 Msfs - ok
21:25:00.0532 0x1714 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:25:00.0582 0x1714 mshidkmdf - ok
21:25:00.0602 0x1714 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:25:00.0612 0x1714 msisadrv - ok
21:25:00.0632 0x1714 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:25:00.0662 0x1714 MSiSCSI - ok
21:25:00.0662 0x1714 msiserver - ok
21:25:00.0682 0x1714 [ B0762157B3CFF4D4782646F009EE8465, 57D48AE041E0528E5CA0F0A300CA32FF114A01750C9E3D49EFAC3EFD3E5E9AF8 ] MSI_SuperCharger C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
21:25:00.0692 0x1714 MSI_SuperCharger - ok
21:25:00.0702 0x1714 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:25:00.0772 0x1714 MSKSSRV - ok
21:25:00.0792 0x1714 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:25:00.0812 0x1714 MSPCLOCK - ok
21:25:00.0812 0x1714 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:25:00.0832 0x1714 MSPQM - ok
21:25:00.0852 0x1714 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:25:00.0862 0x1714 MsRPC - ok
21:25:00.0872 0x1714 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:25:00.0882 0x1714 mssmbios - ok
21:25:00.0882 0x1714 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:25:00.0922 0x1714 MSTEE - ok
21:25:00.0942 0x1714 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:25:00.0982 0x1714 MTConfig - ok
21:25:01.0012 0x1714 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
21:25:01.0032 0x1714 Mup - ok
21:25:01.0032 0x1714 Object required for P2P: [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup
21:25:21.0032 0x1714 Object send P2P result: false
21:25:21.0072 0x1714 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
21:25:21.0112 0x1714 napagent - ok
21:25:21.0132 0x1714 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:25:21.0142 0x1714 NativeWifiP - ok
21:25:21.0172 0x1714 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:25:21.0192 0x1714 NDIS - ok
21:25:21.0202 0x1714 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:25:21.0262 0x1714 NdisCap - ok
21:25:21.0282 0x1714 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:25:21.0322 0x1714 NdisTapi - ok
21:25:21.0322 0x1714 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:25:21.0352 0x1714 Ndisuio - ok
21:25:21.0372 0x1714 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:25:21.0432 0x1714 NdisWan - ok
21:25:21.0452 0x1714 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:25:21.0472 0x1714 NDProxy - ok
21:25:21.0492 0x1714 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:25:21.0552 0x1714 NetBIOS - ok
21:25:21.0592 0x1714 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:25:21.0632 0x1714 NetBT - ok
21:25:21.0652 0x1714 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
21:25:21.0662 0x1714 Netlogon - ok
21:25:21.0682 0x1714 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
21:25:21.0712 0x1714 Netman - ok
21:25:21.0732 0x1714 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:25:21.0742 0x1714 NetMsmqActivator - ok
21:25:21.0742 0x1714 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:25:21.0752 0x1714 NetPipeActivator - ok
21:25:21.0762 0x1714 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
21:25:21.0802 0x1714 netprofm - ok
21:25:21.0812 0x1714 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:25:21.0812 0x1714 NetTcpActivator - ok
21:25:21.0822 0x1714 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:25:21.0822 0x1714 NetTcpPortSharing - ok
21:25:21.0852 0x1714 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:25:21.0852 0x1714 nfrd960 - ok
21:25:21.0902 0x1714 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:25:21.0932 0x1714 NlaSvc - ok
21:25:21.0942 0x1714 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:25:21.0962 0x1714 Npfs - ok
21:25:21.0982 0x1714 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
21:25:22.0002 0x1714 nsi - ok
21:25:22.0012 0x1714 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:25:22.0072 0x1714 nsiproxy - ok
21:25:22.0132 0x1714 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:25:22.0162 0x1714 Ntfs - ok
21:25:22.0192 0x1714 [ 23CF3DA010497EB2BF39A5C5A57E437C, 39CFDE7D401EFCE4F550E0A9461F5FC4D71FA07235E1336E4F0B4882BD76550E ] NTIOLib_1_0_3   C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys
21:25:22.0192 0x1714 NTIOLib_1_0_3 - ok
21:25:22.0202 0x1714 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
21:25:22.0212 0x1714 Null - ok
21:25:22.0232 0x1714 [ 3DE07A98F9696B7949E562CA249DE739, 02E6CE0C704FFF3402EDD0B5E8CF8E69785379899CB29F28E32F260721881FFB ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
21:25:22.0242 0x1714 NVHDA - ok
21:25:22.0492 0x1714 [ 0BE46C230D2591F4E9A93B6CF32D9A56, A4ADD7414B0A69DCA8203B0C089163224AC924D489DA01E7EBA217FC2163626F ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:25:22.0662 0x1714 nvlddmkm - ok
21:25:22.0752 0x1714 [ 903A40C958D471F9D30D29FA6D2800A4, 4641F8E8B20EE9AF8AB61E61AD74D41A4E9F51C906EC5F3BDC484FFAFB540E69 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
21:25:22.0782 0x1714 NvNetworkService - ok
21:25:22.0802 0x1714 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:25:22.0812 0x1714 nvraid - ok
21:25:22.0852 0x1714 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:25:22.0872 0x1714 nvstor - ok
21:25:23.0192 0x1714 [ 68DE8D996D8FF628AB6B3D422035F862, 239CE5BE15F39966AE5243971FE75BDFB35359F92C8294C61155C863F4B3C40E ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
21:25:23.0402 0x1714 NvStreamSvc - ok
21:25:23.0442 0x1714 [ 09C18A434C20D388D853A8F0273A03DD, 202CBB6788944704F96F4AE7499F48DE94CE38D3787ED9B00CBC7793155F49BD ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:25:23.0452 0x1714 nvsvc - ok
21:25:23.0462 0x1714 [ 09216A70CC364D0974F606F6F2109210, 60877154D4DF5287D1989CDAA9863CD6DACA528D06233238498854A10C868C20 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
21:25:23.0472 0x1714 nvvad_WaveExtensible - ok
21:25:23.0482 0x1714 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:25:23.0492 0x1714 nv_agp - ok
21:25:23.0502 0x1714 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:25:23.0512 0x1714 ohci1394 - ok
21:25:23.0512 0x1714 Object required for P2P: [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394
21:25:38.0492 0x1714 Object send P2P result: true
21:25:38.0542 0x1714 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:25:38.0562 0x1714 p2pimsvc - ok
21:25:38.0592 0x1714 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
21:25:38.0602 0x1714 p2psvc - ok
21:25:38.0612 0x1714 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
21:25:38.0612 0x1714 Parport - ok
21:25:38.0632 0x1714 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:25:38.0642 0x1714 partmgr - ok
21:25:38.0652 0x1714 [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:25:38.0692 0x1714 PcaSvc - ok
21:25:38.0712 0x1714 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
21:25:38.0722 0x1714 pci - ok
21:25:38.0742 0x1714 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:25:38.0742 0x1714 pciide - ok
21:25:38.0752 0x1714 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:25:38.0752 0x1714 pcmcia - ok
21:25:38.0772 0x1714 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:25:38.0772 0x1714 pcw - ok
21:25:38.0802 0x1714 [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:25:38.0842 0x1714 PEAUTH - ok
21:25:38.0912 0x1714 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:25:38.0952 0x1714 PerfHost - ok
21:25:39.0032 0x1714 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
21:25:39.0072 0x1714 pla - ok
21:25:39.0102 0x1714 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:25:39.0132 0x1714 PlugPlay - ok
21:25:39.0152 0x1714 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:25:39.0172 0x1714 PNRPAutoReg - ok
21:25:39.0192 0x1714 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:25:39.0212 0x1714 PNRPsvc - ok
21:25:39.0232 0x1714 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:25:39.0262 0x1714 PolicyAgent - ok
21:25:39.0282 0x1714 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
21:25:39.0322 0x1714 Power - ok
21:25:39.0362 0x1714 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:25:39.0422 0x1714 PptpMiniport - ok
21:25:39.0442 0x1714 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
21:25:39.0452 0x1714 Processor - ok
21:25:39.0502 0x1714 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:25:39.0532 0x1714 ProfSvc - ok
21:25:39.0542 0x1714 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:25:39.0552 0x1714 ProtectedStorage - ok
21:25:39.0562 0x1714 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:25:39.0592 0x1714 Psched - ok
21:25:39.0632 0x1714 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:25:39.0652 0x1714 ql2300 - ok
21:25:39.0662 0x1714 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:25:39.0672 0x1714 ql40xx - ok
21:25:39.0692 0x1714 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
21:25:39.0702 0x1714 QWAVE - ok
21:25:39.0712 0x1714 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:25:39.0742 0x1714 QWAVEdrv - ok
21:25:39.0772 0x1714 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:25:39.0792 0x1714 RasAcd - ok
21:25:39.0802 0x1714 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:25:39.0822 0x1714 RasAgileVpn - ok
21:25:39.0832 0x1714 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
21:25:39.0852 0x1714 RasAuto - ok
21:25:39.0862 0x1714 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:25:39.0882 0x1714 Rasl2tp - ok
21:25:39.0882 0x1714 Object required for P2P: [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp
21:25:39.0882 0x1714 Object send P2P result: false
21:25:39.0892 0x1714 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
21:25:39.0922 0x1714 RasMan - ok
21:25:39.0922 0x1714 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:25:39.0972 0x1714 RasPppoe - ok
21:25:39.0992 0x1714 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:25:40.0042 0x1714 RasSstp - ok
21:25:40.0072 0x1714 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:25:40.0092 0x1714 rdbss - ok
21:25:40.0102 0x1714 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
21:25:40.0102 0x1714 rdpbus - ok
21:25:40.0112 0x1714 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:25:40.0152 0x1714 RDPCDD - ok
21:25:40.0172 0x1714 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:25:40.0192 0x1714 RDPENCDD - ok
21:25:40.0202 0x1714 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:25:40.0222 0x1714 RDPREFMP - ok
21:25:40.0252 0x1714 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:25:40.0262 0x1714 RDPWD - ok
21:25:40.0272 0x1714 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:25:40.0282 0x1714 rdyboost - ok
21:25:40.0302 0x1714 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:25:40.0322 0x1714 RemoteAccess - ok
21:25:40.0332 0x1714 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:25:40.0352 0x1714 RemoteRegistry - ok
21:25:40.0362 0x1714 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:25:40.0422 0x1714 RpcEptMapper - ok
21:25:40.0452 0x1714 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
21:25:40.0452 0x1714 RpcLocator - ok
21:25:40.0472 0x1714 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\System32\rpcss.dll
21:25:40.0502 0x1714 RpcSs - ok
21:25:40.0512 0x1714 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:25:40.0572 0x1714 rspndr - ok
21:25:40.0712 0x1714 [ AC4CA62572CA516945AB92D6C9F501F4, 6CB4178DD1ED3D8224EA1F91CAA00AFBC756DCA2DFD71F399B05E511E79D5150 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:25:40.0732 0x1714 RTL8167 - ok
21:25:40.0732 0x1714 Object required for P2P: [ AC4CA62572CA516945AB92D6C9F501F4 ] RTL8167
21:25:40.0732 0x1714 Object send P2P result: false
21:25:40.0802 0x1714 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
21:25:40.0822 0x1714 SamSs - ok
21:25:40.0852 0x1714 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:25:40.0862 0x1714 sbp2port - ok
21:25:40.0882 0x1714 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:25:40.0932 0x1714 SCardSvr - ok
21:25:40.0942 0x1714 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:25:40.0992 0x1714 scfilter - ok
21:25:41.0062 0x1714 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
21:25:41.0112 0x1714 Schedule - ok
21:25:41.0132 0x1714 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:25:41.0152 0x1714 SCPolicySvc - ok
21:25:41.0162 0x1714 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:25:41.0172 0x1714 SDRSVC - ok
21:25:41.0192 0x1714 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:25:41.0232 0x1714 secdrv - ok
21:25:41.0262 0x1714 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
21:25:41.0332 0x1714 seclogon - ok
21:25:41.0362 0x1714 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
21:25:41.0412 0x1714 SENS - ok
21:25:41.0422 0x1714 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:25:41.0452 0x1714 SensrSvc - ok
21:25:41.0482 0x1714 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:25:41.0502 0x1714 Serenum - ok
21:25:41.0512 0x1714 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:25:41.0532 0x1714 Serial - ok
21:25:41.0542 0x1714 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:25:41.0552 0x1714 sermouse - ok
21:25:41.0572 0x1714 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
21:25:41.0592 0x1714 SessionEnv - ok
21:25:41.0592 0x1714 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:25:41.0602 0x1714 sffdisk - ok
21:25:41.0602 0x1714 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:25:41.0612 0x1714 sffp_mmc - ok
21:25:41.0612 0x1714 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:25:41.0622 0x1714 sffp_sd - ok
21:25:41.0622 0x1714 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:25:41.0632 0x1714 sfloppy - ok
21:25:41.0662 0x1714 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:25:41.0682 0x1714 SharedAccess - ok
21:25:41.0702 0x1714 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:25:41.0722 0x1714 ShellHWDetection - ok
21:25:41.0742 0x1714 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:25:41.0742 0x1714 SiSRaid2 - ok
21:25:41.0762 0x1714 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:25:41.0772 0x1714 SiSRaid4 - ok
21:25:41.0812 0x1714 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:25:41.0842 0x1714 SkypeUpdate - ok
21:25:41.0842 0x1714 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:25:41.0872 0x1714 Smb - ok
21:25:41.0882 0x1714 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:25:41.0912 0x1714 SNMPTRAP - ok
21:25:41.0942 0x1714 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:25:41.0952 0x1714 spldr - ok
21:25:42.0012 0x1714 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
21:25:42.0042 0x1714 Spooler - ok
21:25:42.0122 0x1714 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
21:25:42.0202 0x1714 sppsvc - ok
21:25:42.0232 0x1714 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:25:42.0252 0x1714 sppuinotify - ok
21:25:42.0282 0x1714 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:25:42.0292 0x1714 srv - ok
21:25:42.0302 0x1714 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:25:42.0342 0x1714 srv2 - ok
21:25:42.0362 0x1714 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:25:42.0392 0x1714 srvnet - ok
21:25:42.0422 0x1714 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:25:42.0442 0x1714 SSDPSRV - ok
21:25:42.0452 0x1714 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:25:42.0472 0x1714 SstpSvc - ok
21:25:42.0512 0x1714 [ 37365BB52BB1466221BF7B8A7D22D663, 4ADA4612D1A1541965B0F1032283C0C7C51AE8383072264D48B1074E9580CD32 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
21:25:42.0532 0x1714 Steam Client Service - ok
21:25:42.0572 0x1714 [ 93D93ABF80E67AEFDBA75F247470430B, 41724B3AE5153EE184A7419B587F7F45BC902F021DDE2EE6B331999EA68839A7 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:25:42.0582 0x1714 Stereo Service - ok
21:25:42.0602 0x1714 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:25:42.0612 0x1714 stexstor - ok
21:25:42.0632 0x1714 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
21:25:42.0652 0x1714 stisvc - ok
21:25:42.0662 0x1714 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:25:42.0662 0x1714 swenum - ok
21:25:42.0682 0x1714 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
21:25:42.0712 0x1714 swprv - ok
21:25:42.0752 0x1714 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
21:25:42.0812 0x1714 SysMain - ok
21:25:42.0832 0x1714 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:25:42.0882 0x1714 TabletInputService - ok
21:25:42.0912 0x1714 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:25:42.0942 0x1714 TapiSrv - ok
21:25:42.0952 0x1714 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
21:25:42.0972 0x1714 TBS - ok
21:25:43.0022 0x1714 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:25:43.0052 0x1714 Tcpip - ok
21:25:43.0082 0x1714 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:25:43.0112 0x1714 TCPIP6 - ok
21:25:43.0142 0x1714 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:25:43.0142 0x1714 tcpipreg - ok
21:25:43.0172 0x1714 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:25:43.0172 0x1714 TDPIPE - ok
21:25:43.0202 0x1714 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:25:43.0222 0x1714 TDTCP - ok
21:25:43.0272 0x1714 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:25:43.0292 0x1714 tdx - ok
21:25:43.0302 0x1714 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:25:43.0312 0x1714 TermDD - ok
21:25:43.0382 0x1714 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
21:25:43.0412 0x1714 TermService - ok
21:25:43.0422 0x1714 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
21:25:43.0472 0x1714 Themes - ok
21:25:43.0502 0x1714 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
21:25:43.0552 0x1714 THREADORDER - ok
21:25:43.0582 0x1714 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
21:25:43.0622 0x1714 TrkWks - ok
21:25:43.0682 0x1714 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:25:43.0732 0x1714 TrustedInstaller - ok
21:25:43.0742 0x1714 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:25:43.0772 0x1714 tssecsrv - ok
21:25:43.0792 0x1714 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:25:43.0832 0x1714 TsUsbFlt - ok
21:25:43.0862 0x1714 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:25:43.0872 0x1714 TsUsbGD - ok
21:25:43.0882 0x1714 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:25:43.0952 0x1714 tunnel - ok
21:25:43.0952 0x1714 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:25:43.0962 0x1714 uagp35 - ok
21:25:44.0002 0x1714 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:25:44.0032 0x1714 udfs - ok
21:25:44.0042 0x1714 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:25:44.0052 0x1714 UI0Detect - ok
21:25:44.0062 0x1714 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:25:44.0062 0x1714 uliagpkx - ok
21:25:44.0072 0x1714 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:25:44.0082 0x1714 umbus - ok
21:25:44.0092 0x1714 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:25:44.0122 0x1714 UmPass - ok
21:25:44.0162 0x1714 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
21:25:44.0202 0x1714 upnphost - ok
21:25:44.0242 0x1714 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
21:25:44.0252 0x1714 usbaudio - ok
21:25:44.0302 0x1714 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:25:44.0322 0x1714 usbccgp - ok
21:25:44.0342 0x1714 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:25:44.0372 0x1714 usbcir - ok
21:25:44.0402 0x1714 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
21:25:44.0412 0x1714 usbehci - ok
21:25:44.0442 0x1714 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:25:44.0462 0x1714 usbhub - ok
21:25:44.0472 0x1714 [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:25:44.0482 0x1714 usbohci - ok
21:25:44.0482 0x1714 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
21:25:44.0492 0x1714 usbprint - ok
21:25:44.0512 0x1714 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:25:44.0552 0x1714 USBSTOR - ok
21:25:44.0552 0x1714 [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:25:44.0562 0x1714 usbuhci - ok
21:25:44.0592 0x1714 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
21:25:44.0622 0x1714 UxSms - ok
21:25:44.0642 0x1714 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
21:25:44.0652 0x1714 VaultSvc - ok
21:25:44.0662 0x1714 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:25:44.0662 0x1714 vdrvroot - ok
21:25:44.0682 0x1714 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
21:25:44.0702 0x1714 vds - ok
21:25:44.0722 0x1714 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:25:44.0732 0x1714 vga - ok
21:25:44.0742 0x1714 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:25:44.0812 0x1714 VgaSave - ok
21:25:44.0822 0x1714 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:25:44.0832 0x1714 vhdmp - ok
21:25:44.0862 0x1714 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:25:44.0862 0x1714 viaide - ok
21:25:44.0882 0x1714 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:25:44.0882 0x1714 volmgr - ok
21:25:44.0902 0x1714 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:25:44.0912 0x1714 volmgrx - ok
21:25:44.0922 0x1714 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:25:44.0932 0x1714 volsnap - ok
21:25:44.0952 0x1714 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:25:44.0962 0x1714 vsmraid - ok
21:25:45.0002 0x1714 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
21:25:45.0062 0x1714 VSS - ok
21:25:45.0062 0x1714 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
21:25:45.0072 0x1714 vwifibus - ok
21:25:45.0102 0x1714 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
21:25:45.0132 0x1714 W32Time - ok
21:25:45.0142 0x1714 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:25:45.0172 0x1714 WacomPen - ok
21:25:45.0202 0x1714 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:25:45.0232 0x1714 WANARP - ok
21:25:45.0232 0x1714 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:25:45.0262 0x1714 Wanarpv6 - ok
21:25:45.0342 0x1714 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:25:45.0372 0x1714 WatAdminSvc - ok
21:25:45.0412 0x1714 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
21:25:45.0462 0x1714 wbengine - ok
21:25:45.0482 0x1714 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:25:45.0502 0x1714 WbioSrvc - ok
21:25:45.0512 0x1714 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:25:45.0522 0x1714 wcncsvc - ok
21:25:45.0532 0x1714 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:25:45.0542 0x1714 WcsPlugInService - ok
21:25:45.0552 0x1714 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
21:25:45.0562 0x1714 Wd - ok
21:25:45.0602 0x1714 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:25:45.0622 0x1714 Wdf01000 - ok
21:25:45.0632 0x1714 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:25:45.0642 0x1714 WdiServiceHost - ok
21:25:45.0642 0x1714 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:25:45.0652 0x1714 WdiSystemHost - ok
21:25:45.0672 0x1714 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
21:25:45.0702 0x1714 WebClient - ok
21:25:45.0732 0x1714 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:25:45.0772 0x1714 Wecsvc - ok
21:25:45.0782 0x1714 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:25:45.0812 0x1714 wercplsupport - ok
21:25:45.0822 0x1714 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:25:45.0882 0x1714 WerSvc - ok
21:25:45.0902 0x1714 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:25:45.0922 0x1714 WfpLwf - ok
21:25:45.0932 0x1714 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:25:45.0942 0x1714 WIMMount - ok
21:25:45.0962 0x1714 WinDefend - ok
21:25:45.0962 0x1714 WinHttpAutoProxySvc - ok
21:25:46.0012 0x1714 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:25:46.0062 0x1714 Winmgmt - ok
21:25:46.0172 0x1714 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
21:25:46.0212 0x1714 WinRM - ok
21:25:46.0252 0x1714 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:25:46.0272 0x1714 WinUsb - ok
21:25:46.0322 0x1714 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:25:46.0352 0x1714 Wlansvc - ok
21:25:46.0492 0x1714 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:25:46.0532 0x1714 wlidsvc - ok
21:25:46.0552 0x1714 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
21:25:46.0602 0x1714 WmiAcpi - ok
21:25:46.0642 0x1714 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:25:46.0662 0x1714 wmiApSrv - ok
21:25:46.0672 0x1714 WMPNetworkSvc - ok
21:25:46.0682 0x1714 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:25:46.0722 0x1714 WPCSvc - ok
21:25:46.0752 0x1714 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:25:46.0782 0x1714 WPDBusEnum - ok
21:25:46.0792 0x1714 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:25:46.0852 0x1714 ws2ifsl - ok
21:25:46.0872 0x1714 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
21:25:46.0892 0x1714 wscsvc - ok
21:25:46.0892 0x1714 WSearch - ok
21:25:46.0952 0x1714 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:25:46.0992 0x1714 wuauserv - ok
21:25:47.0012 0x1714 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:25:47.0022 0x1714 WudfPf - ok
21:25:47.0032 0x1714 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:25:47.0042 0x1714 WUDFRd - ok
21:25:47.0052 0x1714 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:25:47.0092 0x1714 wudfsvc - ok
21:25:47.0132 0x1714 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:25:47.0152 0x1714 WwanSvc - ok
21:25:47.0162 0x1714 ================ Scan global ===============================
21:25:47.0172 0x1714 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
21:25:47.0192 0x1714 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:25:47.0202 0x1714 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:25:47.0212 0x1714 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:25:47.0232 0x1714 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
21:25:47.0242 0x1714 [ Global ] - ok
21:25:47.0242 0x1714 ================ Scan MBR ==================================
21:25:47.0242 0x1714 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:25:47.0462 0x1714 \Device\Harddisk0\DR0 - ok
21:25:47.0462 0x1714 ================ Scan VBR ==================================
21:25:47.0462 0x1714 [ 60CB70DEADD8F939A7F89E7F3E38EB32 ] \Device\Harddisk0\DR0\Partition1
21:25:47.0512 0x1714 \Device\Harddisk0\DR0\Partition1 - ok
21:25:47.0522 0x1714 [ 656776613025E95732B34D9C0A7DE983 ] \Device\Harddisk0\DR0\Partition2
21:25:47.0572 0x1714 \Device\Harddisk0\DR0\Partition2 - ok
21:25:47.0572 0x1714 ================ Scan generic autorun ======================
21:25:47.0792 0x1714 [ 809CA7471CD673D1326ED92B5D7BBFBE, 26E5C8983413E4B92501473F8C1A85A0D20FB3CF603200C1779CC221317FA330 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
21:25:47.0892 0x1714 RTHDVCPL - ok
21:25:47.0952 0x1714 [ A0012C1D9B8648C20C00202418B9D02F, 833AFB6BCABBF9991C811D6D1BF2C7B95A584F46D93C6B3F49CA2A8A6BE5E657 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
21:25:47.0982 0x1714 NvBackend - ok
21:25:48.0052 0x1714 [ 094E4E76FB9AB960A73F841BC6733F42, 01C1BFF17BEC6588E192EC4D7ACB74FC9B95ECA7CB8BB9585B04FC8EA73C3B43 ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
21:25:48.0072 0x1714 USB3MON - ok
21:25:48.0112 0x1714 [ F4EC93E4A239F9A27777ED2416F6353D, 347A542146729682027039A92DF8E52FAE283E0DAAED873A59BA17BD1FF26416 ] C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
21:25:48.0132 0x1714 SUPER CHARGER - ok
21:25:48.0252 0x1714 [ ACE61C698A49021FA1E2799275E88CC8, F0D03B836B14F0C78B48CBA0D87549D33F76B69EFB7759993982BF1849B532E7 ] C:\Program Files (x86)\Gyazo\GyStation.exe
21:25:48.0292 0x1714 Gyazo - ok
21:25:48.0302 0x1714 Win FW state via NFP2: enabled
21:25:48.0302 0x1714 ============================================================
21:25:48.0302 0x1714 Scan finished
21:25:48.0302 0x1714 ============================================================
21:25:48.0302 0x0dc4 Detected object count: 0
21:25:48.0302 0x0dc4 Actual detected object count: 0

#10
RKinner

Posted 10 February 2015 - 10:20 AM

Malware Expert

Expert
24,625 posts

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

DirLook::

C:\Program Files\Common

%user%\library

File::

C:\Users\Laurence Iledan\AppData\Local\Temp\is45637729\3971992_stp\Generic_vo.exe

C:\Users\Laurence Iledan\AppData\Local\Temp\is45637729\4179494_stp\Generic_vo.exe

C:\Users\Laurence Iledan\AppData\Local\Temp\nsf4193.tmp\setup.exe

C:\Users\Laurence Iledan\AppData\Local\Temp\nsj78D3.tmp

C:\Users\Laurence Iledan\AppData\Local\Temp\nssC6F8.tmp\setup.exe

C:\Users\Laurence Iledan\AppData\Local\Temp\nsw5C0A.tmp\setup.exe

Folder::

C:\Users\Laurence Iledan\AppData\Local\Temp\is45637729

C:\Users\Laurence Iledan\AppData\Local\Temp\nsf4193.tmp

C:\Users\Laurence Iledan\AppData\Local\Temp\nsj78D3.tmp

C:\Users\Laurence Iledan\AppData\Local\Temp\nssC6F8.tmp

C:\Users\Laurence Iledan\AppData\Local\Temp\nsw5C0A.tmp

c:\users\Laurence Iledan\AppData\Local\EmieUserList

c:\users\Laurence Iledan\AppData\Local\EmieSiteList

c:\users\Laurence Iledan\AppData\Local\EmieBrowserModeList

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Did that help?

#11
Quantum Uncertain

Posted 10 February 2015 - 07:21 PM

New Member

Topic Starter
Member
7 posts

Unfortunately, no. I still get popup ads from "NoProblm," "similar Pro," "offers4u," and "rightcoupon," if the names of those ad companies help. Random ad videos play, key words are highlighted and underlined, linking to commercial pages on almost every site I go to. Every now and then, my browser opens up a new tab, displaying full page ads. You've helped clear a few issues for me. It's just these that are left. Thanks for your diligence I know that if it's frustrating for me, it's frustrating for you!

#12
Quantum Uncertain

Posted 10 February 2015 - 07:22 PM

New Member

Topic Starter
Member
7 posts

Oh, and that log lol:

ComboFix 15-02-09.01 - Laurence Iledan 02/10/2015 17:02:17.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8136.5011 [GMT -8:00]
Running from: c:\users\Laurence Iledan\Desktop\ComboFix.exe
Command switches used :: c:\users\Laurence Iledan\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Laurence Iledan\AppData\Local\Temp\is45637729\3971992_stp\Generic_vo.exe"
"c:\users\Laurence Iledan\AppData\Local\Temp\is45637729\4179494_stp\Generic_vo.exe"
"c:\users\Laurence Iledan\AppData\Local\Temp\nsf4193.tmp\setup.exe"
"c:\users\Laurence Iledan\AppData\Local\Temp\nsj78D3.tmp"
"c:\users\Laurence Iledan\AppData\Local\Temp\nssC6F8.tmp\setup.exe"
"c:\users\Laurence Iledan\AppData\Local\Temp\nsw5C0A.tmp\setup.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Laurence Iledan\AppData\Local\EmieBrowserModeList
c:\users\Laurence Iledan\AppData\Local\EmieSiteList
c:\users\Laurence Iledan\AppData\Local\EmieUserList
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-11 to 2015-02-11 )))))))))))))))))))))))))))))))
.
.
2015-02-11 01:04 . 2015-02-11 01:04   --------   d-----w-   c:\users\Default\AppData\Local\temp
2015-02-10 12:23 . 2015-02-10 12:23   75888   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E13EEEE-970F-4D47-A221-7E09CDCCE4FD}\offreg.dll
2015-02-10 06:15 . 2014-12-02 10:26   11870360   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E13EEEE-970F-4D47-A221-7E09CDCCE4FD}\mpengine.dll
2015-02-05 16:53 . 2015-02-05 16:53   5070512   ----a-w-   c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-02-04 18:14 . 2015-02-04 18:14   --------   d-----w-   c:\program files (x86)\Common Files\Java
2015-02-04 07:13 . 2015-02-04 18:21   --------   d-----w-   C:\FRST
2015-01-19 23:57 . 2014-12-11 17:47   52736   ----a-w-   c:\windows\system32\TSWbPrxy.exe
2015-01-19 23:57 . 2014-12-19 03:06   210432   ----a-w-   c:\windows\system32\profsvc.dll
2015-01-19 23:57 . 2014-12-06 04:17   303616   ----a-w-   c:\windows\system32\nlasvc.dll
2015-01-19 23:57 . 2014-12-06 03:50   52224   ----a-w-   c:\windows\SysWow64\nlaapi.dll
2015-01-19 23:57 . 2014-12-06 03:50   156672   ----a-w-   c:\windows\SysWow64\ncsi.dll
2015-01-19 23:56 . 2014-12-19 01:46   141312   ----a-w-   c:\windows\system32\drivers\mrxdav.sys
2015-01-19 23:56 . 2014-12-12 05:35   5553592   ----a-w-   c:\windows\system32\ntoskrnl.exe
2015-01-19 23:56 . 2014-12-12 05:11   3971512   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2015-01-19 23:56 . 2014-12-12 05:11   3916728   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2015-01-19 23:56 . 2014-12-12 05:31   503808   ----a-w-   c:\windows\system32\srcore.dll
2015-01-19 23:56 . 2014-12-12 05:31   50176   ----a-w-   c:\windows\system32\srclient.dll
2015-01-19 23:56 . 2014-12-12 05:31   296960   ----a-w-   c:\windows\system32\rstrui.exe
2015-01-19 23:56 . 2014-12-12 05:07   43008   ----a-w-   c:\windows\SysWow64\srclient.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 16:53 . 2014-09-06 10:42   71344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 16:53 . 2014-09-06 10:42   701616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-04 18:14 . 2014-10-19 14:09   98216   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-29 09:01 . 2014-09-06 10:55   129752   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-08 17:55 . 2010-11-21 03:27   298120   ------w-   c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-18 00:54   144384   ----a-w-   c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 00:54   115712   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2014-11-27 01:43 . 2014-12-10 03:24   389296   ----a-w-   c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 03:23   25059840   ----a-w-   c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 03:24   2724864   ----a-w-   c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 03:24   4096   ----a-w-   c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 03:24   66560   ----a-w-   c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 03:23   580096   ----a-w-   c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 03:24   48640   ----a-w-   c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 03:23   2885120   ----a-w-   c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 03:23   88064   ----a-w-   c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 03:23   54784   ----a-w-   c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 03:24   34304   ----a-w-   c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 03:23   633856   ----a-w-   c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 03:24   114688   ----a-w-   c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 03:23   814080   ----a-w-   c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 03:23   6039552   ----a-w-   c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 03:24   968704   ----a-w-   c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 03:23   490496   ----a-w-   c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 03:24   2724864   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 03:24   77824   ----a-w-   c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 03:23   199680   ----a-w-   c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 03:23   92160   ----a-w-   c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 03:23   501248   ----a-w-   c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 03:24   62464   ----a-w-   c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 03:24   47616   ----a-w-   c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 03:23   64000   ----a-w-   c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 03:24   316928   ----a-w-   c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 03:24   620032   ----a-w-   c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 03:24   718848   ----a-w-   c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 03:24   800768   ----a-w-   c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 03:23   1359360   ----a-w-   c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 03:24   2125312   ----a-w-   c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 03:23   14412800   ----a-w-   c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 03:24   60416   ----a-w-   c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 03:23   4299264   ----a-w-   c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 03:23   2358272   ----a-w-   c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 03:24   2052096   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 03:23   1155072   ----a-w-   c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 03:24   1548288   ----a-w-   c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 03:24   800768   ----a-w-   c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 03:23   1888256   ----a-w-   c:\windows\SysWow64\wininet.dll
2014-11-21 14:14 . 2014-09-06 10:54   63704   ----a-w-   c:\windows\system32\drivers\mwac.sys
2014-11-21 14:14 . 2014-09-06 10:54   93400   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 14:14 . 2014-09-06 10:54   25816   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2014-10-28 3095840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"SUPER CHARGER"="c:\program files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe" [2014-02-21 1047536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\SUPER CHARGER\ChargeService.exe;c:\program files (x86)\MSI\SUPER CHARGER\ChargeService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 ipadtst;ipadtst;c:\program files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys;c:\program files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys;c:\program files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 85155445
*NewlyCreated* - ASWMBR
*NewlyCreated* - ASWVMM
*NewlyCreated* - NTIOLIB_1_0_3
*Deregistered* - 85155445
*Deregistered* - aswMBR
*Deregistered* - aswVmm
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-06 09:44   1096520   ----a-w-   c:\program files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-06 16:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-02-11 7540440]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = www.google.com
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\Laurence Iledan\AppData\Roaming\Mozilla\Firefox\Profiles\v9t9czox.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-10 17:05:32
ComboFix-quarantined-files.txt 2015-02-11 01:05
ComboFix2.txt 2015-02-10 04:25
.
Pre-Run: 745,577,512,960 bytes free
Post-Run: 745,280,561,152 bytes free
.
- - End Of File - - 00AA22FBF94C8369E3FB947CC0BE84DB
A36C5E4F47E84449FF07ED3517B43A31

#13
RKinner

Posted 10 February 2015 - 09:01 PM

Malware Expert

Expert
24,625 posts

Actually I like the ones that are not so easy. Get's boring if there is no challenge.

Combofix says there is a numbered driver starting up but it is not listed anywhere.

*NewlyCreated* - 85155445

Probably a rootkit. Let's try RogueKiller:

Download [url="http://www.sur-la-to...m/RogueKiller/"][b]RogueKiller[/b][/url] to your desktop

[list=1]
[*]Quit all running programs
[*]For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
[*]When prompted, type 1 and validate
[*]The RKreport.txt shall be generated next to the executable.
[*]If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
[/list]
Please post the contents of the RKreport.txt in your next Reply.

Also I see we don't have an anti-virus. Let's see if the free Avast will install.

http://files.avast.c...virus_setup.exe

Download, Save, and right click and Run As Administrator.

Uncheck any additional software offers such as Google Toolbar, Chrome or Dropbox.

Stick with the Basic version and not the trial.

Some people object to the voice notification of updates. To turn it off, click on the Avast ball then on Settings then on Appearance. Then on Sounds and uncheck Automatic Updates OK. (It will still update it just won't tell you about in a loud voice in the middle of the night.)

They have also started using their info popup to try and get you to upgrade so I go into Settings, Appearance, Popups and change the first two to 1 second. Their Browser Cleanup is not so user friendly since it wants to reset your home page and search engine to Yahoo so I go into Settings, Tools, and turn it off.

If you haven't registered already then right click on the orange ball and select Registration Information and click on the link. (They just want you name and email address). The registration is good for 12-14 months then you will need to register again. They will, of course, try to talk you into buying the product but you can always register again for another year free tho it may not be the default.

Once it installs and updates and after the final reboot we want to tell it to run a boot-time scan and let it run while you sleep. This is one of its best features. It loads before most viruses so has a better chance of catching a virus. Takes around 6 hours so best to let it work while you sleep.

How to do a boot-time scan while you sleep:

First mute the speakers so it won't wake you up when Windows loads. Click on the Orange ball. Click on Scan, then Scan for Viruses and wait a couple of minutes for the page to change. Change Quickscan to Boot-time Scan. Click on Settings. Where it says Heuristic Sensitivity click on the last rectangle so that all of them are orange and it says High. Check both boxes. Then change When a threat is found ... to: Move to Chest. OK. Now click on Start. Close the Avast window and then reboot. The scan will start. It will tell you where it will save the report. Usually it's

C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report. If it found anything then open the aswBoot.txt file and copy and paste it. If you can't find it then take a screen shot of the Detailed Report: