Infected?

[cruelreaction]

Hello everyone im seeking help for a problem that is driving me crazy, i'll try to make a long story short.

 

The other day, my laptop ran out of battery for the first time in a long time, and when i turned it back on , it started acting weird and freezing after 7-9 minutes after every restart.

Since i only use the laptop to produce music on and surf the web, i thought i'd go for a quick system restore and just reinstall all the programs i needed.

It was going all well , but after about 8-10 hours the problem started occuring again.

I couldnt figure out what it was, but in the time the computer was running smoothly it automatically installed some windows updates.

After this, i thought wiping again the system, and turning off the updates would work, so i did, and so far the computer has been running pretty smoothly, but i havent installed anything on it yet.

Getting to the point, ive noticed this absurd 100% disk usage even just by doing nothing but looking at the task manager ( this was in the freezing / hangs phase), so afterall i started suspecting some kind of nasty malware, cause i keep gettin my svchost batmeter.dll and  some other dll's acting crazy, according to PROCMON aswell.

So i thought i'd just ask for help here afterall by attaching some of the logs i have.
 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 17/06/2014
Scan Time: 16:10:27
Logfile: MBAM log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.17.06
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: CR

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 251327
Time Elapsed: 3 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

================================================================================

RogueKiller V9.0.3.0 (x64) [Jun 17 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : CR [Admin rights]
Mode : Scan -- Date : 06/17/2014  16:01:56

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3378700365-3951603465-1235865285-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3378700365-3951603465-1235865285-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3378700365-3951603465-1235865285-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3378700365-3951603465-1235865285-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 64 ¤¤¤
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - BiChangeApplicationStateForPackageName : C:\Windows\System32\twinapi.dll @ 0x7f9d04dab80
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - BiChangeSessionState : C:\Windows\System32\twinapi.dll @ 0x7f9d04f53d8
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - BiNotifyNewSession : C:\Windows\System32\twinapi.dll @ 0x7f9d04f6f0c
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - BiPtActivateWorkItem : C:\Windows\System32\twinapi.dll @ 0x7f9d054bce0
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - BiPtAssociateActivationProxy : C:\Windows\System32\twinapi.dll @ 0x7f9d04fa7ec
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - BiPtAssociateApplicationExtensionClass : C:\Windows\System32\twinapi.dll @ 0x7f9d054bbd0
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - BiPtCreateEventForPackageName : C:\Windows\System32\twinapi.dll @ 0x7f9d054bac0
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - BiPtDeleteEvent : C:\Windows\System32\twinapi.dll @ 0x7f9d054ba50
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - BiPtDisassociateWorkItem : C:\Windows\System32\twinapi.dll @ 0x7f9d054b9b0
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - BiPtEnumerateBrokeredEvents : C:\Windows\System32\twinapi.dll @ 0x7f9d04f6a70
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - BiPtEnumerateWorkItemsForPackageName : C:\Windows\System32\twinapi.dll @ 0x7f9d054b8c0
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - BiPtFreeMemory : C:\Windows\System32\twinapi.dll @ 0x7f9d04d5fe0
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - BiPtQueryBrokeredEvent : C:\Windows\System32\twinapi.dll @ 0x7f9d04d5df0
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - BiPtQuerySystemStateBroadcastChannels : C:\Windows\System32\twinapi.dll @ 0x7f9d04f6a0c
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - BiPtQueryWorkItem : C:\Windows\System32\twinapi.dll @ 0x7f9d054b804
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - BiPtSignalEvent : C:\Windows\System32\twinapi.dll @ 0x7f9d054b738
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - BiPtSignalMultipleEvents : C:\Windows\System32\twinapi.dll @ 0x7f9d054b660
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - BiResetActiveSessionForPackage : C:\Windows\System32\twinapi.dll @ 0x7f9d054b57c
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - BiSetActiveSessionForPackage : C:\Windows\System32\twinapi.dll @ 0x7f9d054b4e0
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - BiUpdateLockScreenApplications : C:\Windows\System32\twinapi.dll @ 0x7f9d054b430
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - DllCanUnloadNow : C:\Windows\System32\twinapi.dll @ 0x7f9d04d1340
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - DllGetActivationFactory : C:\Windows\System32\twinapi.dll @ 0x7f9d04d2f60
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - DllGetClassObject : C:\Windows\System32\twinapi.dll @ 0x7f9d04d2110
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - PsmBlockAppStateChangeCompletion : C:\Windows\System32\twinapi.dll @ 0x7f9d054bdd4
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - PsmIsProcessInApplication : C:\Windows\System32\twinapi.dll @ 0x7f9d04e7d60
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - PsmQueryApplicationInformation : C:\Windows\System32\twinapi.dll @ 0x7f9d04d73f0
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - PsmQueryApplicationList : C:\Windows\System32\twinapi.dll @ 0x7f9d04d2770
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - PsmQueryCurrentAppState : C:\Windows\System32\twinapi.dll @ 0x7f9d054bd70
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - PsmQueryProcessList : C:\Windows\System32\twinapi.dll @ 0x7f9d04d24f0
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - PsmRegisterAppStateChangeNotification : C:\Windows\System32\twinapi.dll @ 0x7f9d04dcf00
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - PsmRegisterApplicationNotification : C:\Windows\System32\twinapi.dll @ 0x7f9d04d71e0
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - PsmSetApplicationState : C:\Windows\System32\twinapi.dll @ 0x7f9d04da870
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - PsmShutdownApplication : C:\Windows\System32\twinapi.dll @ 0x7f9d054bec0
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - PsmUnblockAppStateChangeCompletion : C:\Windows\System32\twinapi.dll @ 0x7f9d054be0c
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - PsmUnregisterAppStateChangeNotification : C:\Windows\System32\twinapi.dll @ 0x7f9d04e0a68
[EAT:Addr] (explorer.exe) WINSPOOL.DRV - PsmWaitForAppResume : C:\Windows\System32\twinapi.dll @ 0x7f9d054be5c
[EAT:Addr] (explorer.exe) mssprxy.dll - BatMeterIconAnimationReset : C:\Windows\system32\BatMeter.dll @ 0x7f9d1674554
[EAT:Addr] (explorer.exe) mssprxy.dll - BatMeterIconThemeReset : C:\Windows\system32\BatMeter.dll @ 0x7f9d16746ec
[EAT:Addr] (explorer.exe) mssprxy.dll - BatMeterOnDeviceChange : C:\Windows\system32\BatMeter.dll @ 0x7f9d1674134
[EAT:Addr] (explorer.exe) mssprxy.dll - CleanupBatteryData : C:\Windows\system32\BatMeter.dll @ 0x7f9d1671884
[EAT:Addr] (explorer.exe) mssprxy.dll - CreateBatteryData : C:\Windows\system32\BatMeter.dll @ 0x7f9d1672b98
[EAT:Addr] (explorer.exe) mssprxy.dll - GetBatMeterIconAnimationState : C:\Windows\system32\BatMeter.dll @ 0x7f9d16741f0
[EAT:Addr] (explorer.exe) mssprxy.dll - GetBatMeterIconAnimationTimeDelay : C:\Windows\system32\BatMeter.dll @ 0x7f9d1674370
[EAT:Addr] (explorer.exe) mssprxy.dll - GetBatMeterIconAnimationUpdate : C:\Windows\system32\BatMeter.dll @ 0x7f9d1674494
[EAT:Addr] (explorer.exe) mssprxy.dll - GetBatteryCapacityInfo : C:\Windows\system32\BatMeter.dll @ 0x7f9d1673f18
[EAT:Addr] (explorer.exe) mssprxy.dll - GetBatteryDetails : C:\Windows\system32\BatMeter.dll @ 0x7f9d1675ad0
[EAT:Addr] (explorer.exe) mssprxy.dll - GetBatteryImmersiveIcon : C:\Windows\system32\BatMeter.dll @ 0x7f9d1672060
[EAT:Addr] (explorer.exe) mssprxy.dll - GetBatteryInfo : C:\Windows\system32\BatMeter.dll @ 0x7f9d1675100
[EAT:Addr] (explorer.exe) mssprxy.dll - GetBatteryStatusText : C:\Windows\system32\BatMeter.dll @ 0x7f9d1675190
[EAT:Addr] (explorer.exe) mssprxy.dll - GetBatteryWorkingState : C:\Windows\system32\BatMeter.dll @ 0x7f9d16719c0
[EAT:Addr] (explorer.exe) mssprxy.dll - IsBatteryBad : C:\Windows\system32\BatMeter.dll @ 0x7f9d1673f0c
[EAT:Addr] (explorer.exe) mssprxy.dll - IsBatteryHealthWarningEnabled : C:\Windows\system32\BatMeter.dll @ 0x7f9d1673f00
[EAT:Addr] (explorer.exe) mssprxy.dll - IsBatteryLevelCritical : C:\Windows\system32\BatMeter.dll @ 0x7f9d1673ec4
[EAT:Addr] (explorer.exe) mssprxy.dll - IsBatteryLevelLow : C:\Windows\system32\BatMeter.dll @ 0x7f9d1673ed8
[EAT:Addr] (explorer.exe) mssprxy.dll - IsBatteryLevelReserve : C:\Windows\system32\BatMeter.dll @ 0x7f9d1673eec
[EAT:Addr] (explorer.exe) mssprxy.dll - PowerCapabilities : C:\Windows\system32\BatMeter.dll @ 0x7f9d1671560
[EAT:Addr] (explorer.exe) mssprxy.dll - QueryBatteryData : C:\Windows\system32\BatMeter.dll @ 0x7f9d1672c44
[EAT:Addr] (explorer.exe) mssprxy.dll - SetBatteryHealthWarningState : C:\Windows\system32\BatMeter.dll @ 0x7f9d1673f00
[EAT:Addr] (explorer.exe) mssprxy.dll - SetBatteryLevel : C:\Windows\system32\BatMeter.dll @ 0x7f9d16727a0
[EAT:Addr] (explorer.exe) mssprxy.dll - SetBatteryWorkingState : C:\Windows\system32\BatMeter.dll @ 0x7f9d1671048
[EAT:Addr] (explorer.exe) mssprxy.dll - SubscribeBatteryUpdateNotification : C:\Windows\system32\BatMeter.dll @ 0x7f9d1671fb8
[EAT:Addr] (explorer.exe) mssprxy.dll - UnsubscribeBatteryUpdateNotification : C:\Windows\system32\BatMeter.dll @ 0x7f9d1671980
[EAT:Addr] (explorer.exe) mssprxy.dll - UpdateBatteryData : C:\Windows\system32\BatMeter.dll @ 0x7f9d16750c4
[EAT:Addr] (explorer.exe) mssprxy.dll - UpdateBatteryDataAsync : C:\Windows\system32\BatMeter.dll @ 0x7f9d1671b60

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LM0 12 HN-M500MBB SATA Disk Device +++++
--- User ---
[MBR] 5644fcbb03ea9080fe5196618cf47071
[bSP] 60263145ef30d9417253e4306e9b26f5 : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_06172014_135221.log - RKreport_SCN_06172014_141722.log - RKreport_SCN_06172014_152915.log - RKreport_SCN_06172014_155432.log


===================================================================================================

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:16:36, on 17/06/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16384)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Users\CR\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
O4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee OOBE Service (McOobeSv) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 8180 bytes




Thanks a lot in advance, any help will be greatly appreciated by a frustrated guy.

 

[cruelreaction]

Update:

The computer started acting up again and freezing basically right after the start up-

 

[cruelreaction]

Update 2:

 

Forgot to mention the problem started again after a McAfee self update.  I have now uninstalled Mc Afee , and the laptop seems to be back running.
 

 

Yet im pretty sure the problem is not fixed cause Roguekiller keeps giving those BatMeter.dll issues.

 

Really need help here, thanks again in advance.

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• 
  

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Download TDSSKiller and save it to your Desktop.

 

Make sure TDSSKiller.exe  is on the Desktop itself, not within a folder on the desktop.

 

Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

 

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

 

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.

If Malicious objects are found, do NOT select Delete or Cure. Change the action to Skip, When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

 

Kevin....

 

[cruelreaction]

Hello Kevin and thanks a lot for your help with my issue.

I just ran all the scans you asked , going to attache the logs.

Also, i would like to point out again, im not really sure if this is possible but , the issue started after the computer completely ran out of battery while i was in the shower, and while having the "6% battery left" message on the screen.

I dont really know if its possible but maybe a BatMeter.dll error keeps fake freezing the computer in some cases? i dont really know.

LOGS:
==========================================================================================================================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by CR (administrator) on CRUELREACTION on 18-06-2014 12:06:31
Running from C:\Users\CR\Desktop
Platform: Windows 8 (X64) OS Language: English(UK)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [btTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKU\S-1-5-21-3378700365-3951603465-1235865285-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2993376 2014-05-08] (Nota Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\CR\AppData\Roaming\Mozilla\Firefox\Profiles\oknidhmn.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
U0 msahci;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-18 12:06 - 2014-06-18 12:06 - 00008185 _____ () C:\Users\CR\Desktop\FRST.txt
2014-06-18 12:06 - 2014-06-18 12:06 - 00000000 ____D () C:\FRST
2014-06-18 12:03 - 2014-06-18 12:03 - 02081280 _____ (Farbar) C:\Users\CR\Desktop\FRST64.exe
2014-06-18 11:43 - 2014-06-18 11:44 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\CR\Desktop\tdsskiller.exe
2014-06-17 18:37 - 2014-06-18 11:22 - 00002072 _____ () C:\Users\CR\Desktop\Rkill.txt
2014-06-17 18:28 - 2014-06-17 18:28 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\CR\Downloads\WiNlOgOn.exe
2014-06-17 18:17 - 2014-06-17 18:17 - 00010300 _____ () C:\Users\CR\Desktop\RKreport_2.txt
2014-06-17 17:06 - 2014-06-17 17:25 - 00000000 ____D () C:\Users\CR\Desktop\mbar
2014-06-17 17:06 - 2014-06-17 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-17 16:16 - 2014-06-17 16:16 - 00008181 _____ () C:\Users\CR\Desktop\hijackthis.log
2014-06-17 16:09 - 2014-06-17 16:09 - 00010266 _____ () C:\Users\CR\Desktop\RKreport_1.txt
2014-06-17 15:38 - 2014-06-17 16:16 - 00008181 _____ () C:\Users\CR\Downloads\hijackthis.log
2014-06-17 15:37 - 2014-06-17 15:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\CR\Downloads\HijackThis.exe
2014-06-17 14:57 - 2014-06-18 11:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-17 14:57 - 2014-06-17 17:06 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-17 14:57 - 2014-06-17 14:57 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-17 14:57 - 2014-06-17 14:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-17 14:57 - 2014-06-17 14:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-17 14:57 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-17 14:57 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-17 14:54 - 2014-06-17 14:54 - 00315392 _____ (Malwarebytes Corporation) C:\Users\CR\Desktop\mbam-clean-2.0.2.0.exe
2014-06-17 14:36 - 2014-06-17 14:52 - 00000000 ____D () C:\Users\CR\AppData\Local\CrashDumps
2014-06-17 13:29 - 2014-06-17 13:29 - 05268992 _____ () C:\Users\CR\Downloads\Winlogon.exe.exe
2014-06-17 13:11 - 2014-06-17 13:11 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-17 12:58 - 2014-06-17 12:58 - 04126021 _____ () C:\Users\CR\Downloads\ua25_w81d_v101.zip
2014-06-16 21:16 - 2014-06-16 21:16 - 00000000 ____D () C:\Users\CR\AppData\Roaming\Gyazo
2014-06-16 21:14 - 2014-06-16 22:14 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2014-06-16 21:14 - 2014-06-16 21:14 - 00003744 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2014-06-16 21:14 - 2014-06-16 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-06-16 20:07 - 2014-06-16 20:07 - 00000000 ____D () C:\Users\CR\AppData\Local\Macromedia
2014-06-16 18:43 - 2014-06-16 18:43 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-16 18:43 - 2014-06-16 18:43 - 00000000 ____D () C:\Users\CR\AppData\Roaming\Mozilla
2014-06-16 18:43 - 2014-06-16 18:43 - 00000000 ____D () C:\Users\CR\AppData\Local\Mozilla
2014-06-16 18:43 - 2014-06-16 18:43 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-16 18:43 - 2014-06-16 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-16 18:43 - 2014-06-16 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-16 18:41 - 2014-06-16 18:41 - 00284224 _____ (Mozilla) C:\Users\CR\Downloads\Firefox Setup Stub 30.0.exe
2014-06-16 18:31 - 2014-06-16 18:31 - 00000000 ____D () C:\Users\CR\AppData\Roaming\Macromedia
2014-06-16 18:08 - 2014-06-17 19:01 - 00000000 ____D () C:\Windows.old
2014-06-16 18:01 - 2014-06-16 18:01 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-06-16 17:48 - 2014-06-16 17:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-06-16 17:37 - 2014-06-17 18:58 - 00000000 ___HD () C:\$SysReset
2014-06-16 17:27 - 2014-06-16 17:27 - 00000000 ____D () C:\Users\CR\AppData\Local\BMExplorer
2014-06-16 17:26 - 2014-06-18 11:48 - 00000401 _____ () C:\Users\CR\AppData\Roaming\sp_data.sys
2014-06-16 17:26 - 2014-06-16 17:26 - 00008378 _____ () C:\Users\CR\Desktop\Removed Applications.html
2014-06-16 17:26 - 2014-06-16 17:26 - 00000000 ____D () C:\Users\CR\AppData\Roaming\Atheros
2014-06-16 17:26 - 2014-06-16 17:26 - 00000000 ____D () C:\Users\CR\AppData\Roaming\ASUS WebStorage
2014-06-16 17:25 - 2014-06-16 17:25 - 00000000 ___RD () C:\Users\CR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-16 17:25 - 2014-06-16 17:25 - 00000000 ___RD () C:\Users\CR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-16 17:24 - 2014-06-16 17:24 - 00001436 _____ () C:\Users\CR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-16 17:24 - 2014-06-16 17:24 - 00000196 _____ () C:\Windows\FixPatch.log
2014-06-16 17:24 - 2014-06-16 17:24 - 00000000 ____D () C:\Users\CR\AppData\Roaming\Adobe
2014-06-16 17:24 - 2014-06-16 17:24 - 00000000 ____D () C:\ProgramData\FolderView
2014-06-16 17:20 - 2014-06-17 15:38 - 00000000 ____D () C:\Users\CR\AppData\Local\VirtualStore
2014-06-16 17:19 - 2014-06-16 17:20 - 00000000 ____D () C:\Users\CR\AppData\Local\ASUS
2014-06-16 17:19 - 2014-06-16 17:19 - 00000020 ___SH () C:\Users\CR\ntuser.ini
2014-06-16 17:18 - 2014-06-16 17:18 - 00001330 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2014-06-16 17:17 - 2014-06-18 12:06 - 00000000 ____D () C:\Users\CR\AppData\Local\Temp
2014-06-16 17:17 - 2014-06-17 22:18 - 00000000 ____D () C:\Users\CR
2014-06-16 17:17 - 2014-06-16 17:18 - 00019053 _____ () C:\Windows\diagwrn.xml
2014-06-16 17:17 - 2014-06-16 17:18 - 00019053 _____ () C:\Windows\diagerr.xml
2014-06-16 17:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\CR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-06-16 17:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\CR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-16 17:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\CR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-06-16 17:17 - 2012-07-26 09:13 - 00000000 ____D () C:\Users\CR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-16 17:10 - 2014-06-16 18:09 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-16 14:54 - 2014-06-16 14:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\CR\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-15 20:06 - 2014-06-15 20:07 - 02365840 _____ () C:\Users\CR\Downloads\SecurityTaskManager_Setup.exe
2014-06-15 18:51 - 2014-06-15 18:51 - 00000000 ____D () C:\Users\CR\massive
2014-06-15 17:24 - 2014-03-07 00:53 - 02510528 _____ (Sysinternals - www.sysinternals.com) C:\Users\CR\Desktop\Procmon.exe
2014-06-15 00:32 - 2014-06-15 00:33 - 02797244 _____ () C:\Users\CR\Downloads\getter _-2.wav
2014-06-14 23:55 - 2014-06-14 23:55 - 00302444 _____ () C:\Users\CR\Downloads\MIDNIGHT GROWL.wav
2014-06-14 19:11 - 2014-06-14 19:12 - 14349744 _____ (Malwarebytes Corp.) C:\Users\CR\Downloads\mbar-1.07.0.1012.exe
2014-06-14 17:08 - 2014-06-14 17:23 - 175947216 _____ () C:\Users\CR\Downloads\setup.exe
2014-06-14 16:20 - 2014-06-14 16:21 - 20078604 _____ (Nomad Factory Inc. ) C:\Users\CR\Downloads\VST x86.exe
2014-06-14 16:18 - 2014-06-14 16:54 - 740108885 _____ () C:\Users\CR\Downloads\Live912.WiN.x64(1).rar
2014-06-14 13:46 - 2014-06-14 13:47 - 11698864 _____ (Nota Inc. ) C:\Users\CR\Downloads\GyazoSetup(1).exe
2014-06-14 13:01 - 2014-06-14 13:03 - 35311232 _____ (Skype Technologies S.A.) C:\Users\CR\Downloads\SkypeSetupFull.exe
2014-06-13 21:20 - 2014-06-13 21:20 - 01913936 _____ () C:\Users\CR\Downloads\winrar-x64-510.exe
2014-06-13 19:06 - 2014-06-14 15:55 - 00000000 ____D () C:\Windows.old(1)
2014-06-13 18:31 - 2014-06-13 18:31 - 00017654 _____ () C:\Users\CR\Documents\Removed Applications.html
2014-06-11 14:56 - 2014-06-11 14:58 - 58060844 _____ () C:\Users\CR\Downloads\Ajna Project - Pyroclastic Flow.wav
2014-06-11 12:39 - 2014-06-11 12:39 - 15397516 _____ () C:\Users\CR\Downloads\Intro Optimus Prime vs Godzilla.wav
2014-06-10 16:24 - 2014-06-10 16:24 - 00378044 _____ () C:\Users\CR\Downloads\yoih.wav
2014-06-10 12:21 - 2014-06-10 12:21 - 00039756 _____ () C:\Users\CR\Downloads\Resample.als
2014-06-05 19:20 - 2014-06-05 19:20 - 00149903 ____T () C:\Users\CR\Downloads\Videodrome_trailer.mp3.asd
2014-06-01 20:30 - 2014-06-01 20:41 - 39427942 _____ () C:\Users\CR\Downloads\BASEMENT BITCHES KILL REX MASTER.wav
2014-06-01 16:11 - 2014-06-05 22:05 - 00000000 ___RD () C:\Users\CR\Desktop\DROPS OF SWEAT DUBPLATES AYEEEEEEE
2014-05-31 08:33 - 2014-05-31 09:01 - 135921711 _____ () C:\Users\CR\Downloads\Brawler - Shockwave [sTEMS].rar
2014-05-28 12:32 - 2014-05-28 12:34 - 211366603 _____ () C:\Users\CR\Documents\Prodigal Son Project.rar
2014-05-26 16:21 - 2014-05-26 16:26 - 54432044 _____ () C:\Users\CR\Downloads\Spacedrome - The After.wav
2014-05-26 12:52 - 2014-05-26 12:52 - 03100274 _____ () C:\Users\CR\Documents\logo the buildzer.zip
2014-05-24 21:58 - 2014-05-24 22:07 - 52015342 _____ () C:\Users\CR\Downloads\Neonix - Kaiju (Premaster).wav
2014-05-23 12:24 - 2014-05-23 12:38 - 253380284 _____ () C:\Users\CR\Downloads\Imperium & Soberts  Darkness Falls[stems].zip
2014-05-22 10:58 - 2014-05-22 11:10 - 39995510 _____ () C:\Users\CR\Downloads\Game Over (The Greys Remix)(1).wav
2014-05-21 10:29 - 2014-05-21 10:31 - 64941523 _____ () C:\Users\CR\Downloads\Dubloadz and Friends Free EP.zip
2014-05-19 14:27 - 2014-05-19 14:32 - 53890204 _____ () C:\Users\CR\Downloads\Igor Graphite - Thunder (Original Mix).wav
2014-05-19 14:27 - 2014-05-19 14:31 - 34591242 _____ () C:\Users\CR\Downloads\Thunder stems.rar

==================== One Month Modified Files and Folders =======

2014-06-18 12:06 - 2014-06-18 12:06 - 00008185 _____ () C:\Users\CR\Desktop\FRST.txt
2014-06-18 12:06 - 2014-06-18 12:06 - 00000000 ____D () C:\FRST
2014-06-18 12:06 - 2014-06-16 17:17 - 00000000 ____D () C:\Users\CR\AppData\Local\Temp
2014-06-18 12:03 - 2014-06-18 12:03 - 02081280 _____ (Farbar) C:\Users\CR\Desktop\FRST64.exe
2014-06-18 12:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-18 11:51 - 2012-12-26 14:54 - 01091138 _____ () C:\Windows\WindowsUpdate.log
2014-06-18 11:48 - 2014-06-17 14:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 11:48 - 2014-06-16 17:26 - 00000401 _____ () C:\Users\CR\AppData\Roaming\sp_data.sys
2014-06-18 11:46 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 11:44 - 2014-06-18 11:43 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\CR\Desktop\tdsskiller.exe
2014-06-18 11:22 - 2014-06-17 18:37 - 00002072 _____ () C:\Users\CR\Desktop\Rkill.txt
2014-06-18 09:02 - 2012-08-17 01:53 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-18 09:02 - 2012-08-02 14:24 - 00021722 _____ () C:\Windows\PFRO.log
2014-06-18 09:00 - 2012-07-26 09:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-06-18 08:58 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-06-17 22:18 - 2014-06-16 17:17 - 00000000 ____D () C:\Users\CR
2014-06-17 19:09 - 2012-08-03 00:15 - 00799006 _____ () C:\Windows\system32\perfh013.dat
2014-06-17 19:09 - 2012-08-03 00:15 - 00162810 _____ () C:\Windows\system32\perfc013.dat
2014-06-17 19:09 - 2012-08-03 00:11 - 00794432 _____ () C:\Windows\system32\perfh010.dat
2014-06-17 19:09 - 2012-08-03 00:11 - 00156832 _____ () C:\Windows\system32\perfc010.dat
2014-06-17 19:09 - 2012-08-03 00:06 - 00803478 _____ () C:\Windows\system32\perfh00C.dat
2014-06-17 19:09 - 2012-08-03 00:06 - 00159308 _____ () C:\Windows\system32\perfc00C.dat
2014-06-17 19:09 - 2012-08-03 00:02 - 00755256 _____ () C:\Windows\system32\perfh007.dat
2014-06-17 19:09 - 2012-08-03 00:02 - 00159584 _____ () C:\Windows\system32\perfc007.dat
2014-06-17 19:09 - 2012-07-26 08:28 - 04568320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-17 19:01 - 2014-06-16 18:08 - 00000000 ____D () C:\Windows.old
2014-06-17 18:58 - 2014-06-16 17:37 - 00000000 ___HD () C:\$SysReset
2014-06-17 18:28 - 2014-06-17 18:28 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\CR\Downloads\WiNlOgOn.exe
2014-06-17 18:17 - 2014-06-17 18:17 - 00010300 _____ () C:\Users\CR\Desktop\RKreport_2.txt
2014-06-17 17:25 - 2014-06-17 17:06 - 00000000 ____D () C:\Users\CR\Desktop\mbar
2014-06-17 17:25 - 2014-06-17 17:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-17 17:06 - 2014-06-17 14:57 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-17 16:16 - 2014-06-17 16:16 - 00008181 _____ () C:\Users\CR\Desktop\hijackthis.log
2014-06-17 16:16 - 2014-06-17 15:38 - 00008181 _____ () C:\Users\CR\Downloads\hijackthis.log
2014-06-17 16:09 - 2014-06-17 16:09 - 00010266 _____ () C:\Users\CR\Desktop\RKreport_1.txt
2014-06-17 15:38 - 2014-06-16 17:20 - 00000000 ____D () C:\Users\CR\AppData\Local\VirtualStore
2014-06-17 15:37 - 2014-06-17 15:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\CR\Downloads\HijackThis.exe
2014-06-17 14:57 - 2014-06-17 14:57 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-17 14:57 - 2014-06-17 14:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-17 14:57 - 2014-06-17 14:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-17 14:54 - 2014-06-17 14:54 - 00315392 _____ (Malwarebytes Corporation) C:\Users\CR\Desktop\mbam-clean-2.0.2.0.exe
2014-06-17 14:52 - 2014-06-17 14:36 - 00000000 ____D () C:\Users\CR\AppData\Local\CrashDumps
2014-06-17 13:29 - 2014-06-17 13:29 - 05268992 _____ () C:\Users\CR\Downloads\Winlogon.exe.exe
2014-06-17 13:11 - 2014-06-17 13:11 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-17 12:58 - 2014-06-17 12:58 - 04126021 _____ () C:\Users\CR\Downloads\ua25_w81d_v101.zip
2014-06-16 23:14 - 2012-08-17 01:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-06-16 23:14 - 2012-08-17 01:53 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-06-16 23:13 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\restore
2014-06-16 22:14 - 2014-06-16 21:14 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2014-06-16 21:16 - 2014-06-16 21:16 - 00000000 ____D () C:\Users\CR\AppData\Roaming\Gyazo
2014-06-16 21:14 - 2014-06-16 21:14 - 00003744 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2014-06-16 21:14 - 2014-06-16 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-06-16 20:07 - 2014-06-16 20:07 - 00000000 ____D () C:\Users\CR\AppData\Local\Macromedia
2014-06-16 18:43 - 2014-06-16 18:43 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-16 18:43 - 2014-06-16 18:43 - 00000000 ____D () C:\Users\CR\AppData\Roaming\Mozilla
2014-06-16 18:43 - 2014-06-16 18:43 - 00000000 ____D () C:\Users\CR\AppData\Local\Mozilla
2014-06-16 18:43 - 2014-06-16 18:43 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-16 18:43 - 2014-06-16 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-16 18:43 - 2014-06-16 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-16 18:41 - 2014-06-16 18:41 - 00284224 _____ (Mozilla) C:\Users\CR\Downloads\Firefox Setup Stub 30.0.exe
2014-06-16 18:31 - 2014-06-16 18:31 - 00000000 ____D () C:\Users\CR\AppData\Roaming\Macromedia
2014-06-16 18:12 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-06-16 18:09 - 2014-06-16 17:10 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-16 18:08 - 2012-07-26 09:13 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2014-06-16 18:01 - 2014-06-16 18:01 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-06-16 17:48 - 2014-06-16 17:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-06-16 17:48 - 2012-07-26 08:21 - 00040201 _____ () C:\Windows\setupact.log
2014-06-16 17:27 - 2014-06-16 17:27 - 00000000 ____D () C:\Users\CR\AppData\Local\BMExplorer
2014-06-16 17:27 - 2012-12-26 14:48 - 00000000 ____D () C:\ProgramData\Atheros
2014-06-16 17:27 - 2012-08-17 01:53 - 00000000 ____D () C:\ProgramData\ChangeFolderView
2014-06-16 17:26 - 2014-06-16 17:26 - 00008378 _____ () C:\Users\CR\Desktop\Removed Applications.html
2014-06-16 17:26 - 2014-06-16 17:26 - 00000000 ____D () C:\Users\CR\AppData\Roaming\Atheros
2014-06-16 17:26 - 2014-06-16 17:26 - 00000000 ____D () C:\Users\CR\AppData\Roaming\ASUS WebStorage
2014-06-16 17:26 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-16 17:25 - 2014-06-16 17:25 - 00000000 ___RD () C:\Users\CR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-16 17:25 - 2014-06-16 17:25 - 00000000 ___RD () C:\Users\CR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-16 17:24 - 2014-06-16 17:24 - 00001436 _____ () C:\Users\CR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-16 17:24 - 2014-06-16 17:24 - 00000196 _____ () C:\Windows\FixPatch.log
2014-06-16 17:24 - 2014-06-16 17:24 - 00000000 ____D () C:\Users\CR\AppData\Roaming\Adobe
2014-06-16 17:24 - 2014-06-16 17:24 - 00000000 ____D () C:\ProgramData\FolderView
2014-06-16 17:24 - 2013-04-04 20:30 - 00000000 ____D () C:\Users\CR\AppData\Local\Packages
2014-06-16 17:24 - 2012-08-17 01:52 - 05015452 _____ () C:\Windows\AsDebug.log
2014-06-16 17:24 - 2012-08-17 01:52 - 00704342 _____ () C:\Windows\AsCDProc.log
2014-06-16 17:24 - 2012-08-17 01:48 - 00002143 _____ () C:\Windows\PQArecord.log
2014-06-16 17:24 - 2012-08-02 14:33 - 00000000 ____D () C:\Windows\Log
2014-06-16 17:20 - 2014-06-16 17:19 - 00000000 ____D () C:\Users\CR\AppData\Local\ASUS
2014-06-16 17:20 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-06-16 17:19 - 2014-06-16 17:19 - 00000020 ___SH () C:\Users\CR\ntuser.ini
2014-06-16 17:19 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-06-16 17:19 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\Recovery
2014-06-16 17:18 - 2014-06-16 17:18 - 00001330 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2014-06-16 17:18 - 2014-06-16 17:17 - 00019053 _____ () C:\Windows\diagwrn.xml
2014-06-16 17:18 - 2014-06-16 17:17 - 00019053 _____ () C:\Windows\diagerr.xml
2014-06-16 17:18 - 2012-08-02 23:24 - 00000000 ____D () C:\Windows\Panther
2014-06-16 17:18 - 2012-07-26 09:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-16 17:18 - 2012-07-26 06:37 - 00000000 __RHD () C:\Users\Default
2014-06-16 17:17 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-06-16 14:54 - 2014-06-16 14:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\CR\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-15 20:07 - 2014-06-15 20:06 - 02365840 _____ () C:\Users\CR\Downloads\SecurityTaskManager_Setup.exe
2014-06-15 18:51 - 2014-06-15 18:51 - 00000000 ____D () C:\Users\CR\massive
2014-06-15 00:33 - 2014-06-15 00:32 - 02797244 _____ () C:\Users\CR\Downloads\getter _-2.wav
2014-06-14 23:55 - 2014-06-14 23:55 - 00302444 _____ () C:\Users\CR\Downloads\MIDNIGHT GROWL.wav
2014-06-14 22:55 - 2014-02-09 13:19 - 00000000 ____D () C:\Users\CR\Documents\ASUS
2014-06-14 20:53 - 2013-04-09 00:40 - 00000000 ____D () C:\Users\CR\Documents\Ableton
2014-06-14 19:12 - 2014-06-14 19:11 - 14349744 _____ (Malwarebytes Corp.) C:\Users\CR\Downloads\mbar-1.07.0.1012.exe
2014-06-14 17:23 - 2014-06-14 17:08 - 175947216 _____ () C:\Users\CR\Downloads\setup.exe
2014-06-14 16:54 - 2014-06-14 16:18 - 740108885 _____ () C:\Users\CR\Downloads\Live912.WiN.x64(1).rar
2014-06-14 16:21 - 2014-06-14 16:20 - 20078604 _____ (Nomad Factory Inc. ) C:\Users\CR\Downloads\VST x86.exe
2014-06-14 15:55 - 2014-06-13 19:06 - 00000000 ____D () C:\Windows.old(1)
2014-06-14 13:47 - 2014-06-14 13:46 - 11698864 _____ (Nota Inc. ) C:\Users\CR\Downloads\GyazoSetup(1).exe
2014-06-14 13:03 - 2014-06-14 13:01 - 35311232 _____ (Skype Technologies S.A.) C:\Users\CR\Downloads\SkypeSetupFull.exe
2014-06-13 21:20 - 2014-06-13 21:20 - 01913936 _____ () C:\Users\CR\Downloads\winrar-x64-510.exe
2014-06-13 18:31 - 2014-06-13 18:31 - 00017654 _____ () C:\Users\CR\Documents\Removed Applications.html
2014-06-11 14:58 - 2014-06-11 14:56 - 58060844 _____ () C:\Users\CR\Downloads\Ajna Project - Pyroclastic Flow.wav
2014-06-11 12:39 - 2014-06-11 12:39 - 15397516 _____ () C:\Users\CR\Downloads\Intro Optimus Prime vs Godzilla.wav
2014-06-10 16:24 - 2014-06-10 16:24 - 00378044 _____ () C:\Users\CR\Downloads\yoih.wav
2014-06-10 12:21 - 2014-06-10 12:21 - 00039756 _____ () C:\Users\CR\Downloads\Resample.als
2014-06-07 14:37 - 2013-04-04 15:24 - 00000000 ____D () C:\Users\CR\Documents\VirtualDJ
2014-06-05 22:05 - 2014-06-01 16:11 - 00000000 ___RD () C:\Users\CR\Desktop\DROPS OF SWEAT DUBPLATES AYEEEEEEE
2014-06-05 19:25 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-05 19:20 - 2014-06-05 19:20 - 00149903 ____T () C:\Users\CR\Downloads\Videodrome_trailer.mp3.asd
2014-06-01 20:41 - 2014-06-01 20:30 - 39427942 _____ () C:\Users\CR\Downloads\BASEMENT BITCHES KILL REX MASTER.wav
2014-05-31 09:01 - 2014-05-31 08:33 - 135921711 _____ () C:\Users\CR\Downloads\Brawler - Shockwave [sTEMS].rar
2014-05-28 12:34 - 2014-05-28 12:32 - 211366603 _____ () C:\Users\CR\Documents\Prodigal Son Project.rar
2014-05-26 16:58 - 2013-07-20 00:25 - 00000000 ____D () C:\Users\CR\Documents\Photoshop Works
2014-05-26 16:26 - 2014-05-26 16:21 - 54432044 _____ () C:\Users\CR\Downloads\Spacedrome - The After.wav
2014-05-26 12:52 - 2014-05-26 12:52 - 03100274 _____ () C:\Users\CR\Documents\logo the buildzer.zip
2014-05-24 22:07 - 2014-05-24 21:58 - 52015342 _____ () C:\Users\CR\Downloads\Neonix - Kaiju (Premaster).wav
2014-05-23 12:38 - 2014-05-23 12:24 - 253380284 _____ () C:\Users\CR\Downloads\Imperium & Soberts  Darkness Falls[stems].zip
2014-05-22 20:00 - 2014-05-07 20:08 - 00000000 ____D () C:\Users\CR\Documents\top100
2014-05-22 11:10 - 2014-05-22 10:58 - 39995510 _____ () C:\Users\CR\Downloads\Game Over (The Greys Remix)(1).wav
2014-05-21 10:31 - 2014-05-21 10:29 - 64941523 _____ () C:\Users\CR\Downloads\Dubloadz and Friends Free EP.zip
2014-05-19 14:32 - 2014-05-19 14:27 - 53890204 _____ () C:\Users\CR\Downloads\Igor Graphite - Thunder (Original Mix).wav
2014-05-19 14:31 - 2014-05-19 14:27 - 34591242 _____ () C:\Users\CR\Downloads\Thunder stems.rar

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\CR\AppData\Local\Temp\{57C192E7-A003-4120-AB40-37C466E1A727}.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-08-02 14:24

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014
Ran by CR at 2014-06-18 12:07:10
Running from C:\Users\CR\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{0E47CC6A-42DD-9DFF-9BA5-69A9D7630E31}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Product Demo Movie  (HKLM-x32\...\{DC06C90B-C5BE-42F6-B74D-A9503170998C}) (Version: 1.0.3 - ASUS )
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Gyazo 2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {5F996054-B275-4F4C-A212-960E6ABBFB72} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {6429BBC0-EF31-4385-991C-C401778146A2} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {A61868F9-4876-45A6-A2C2-340BBAC17EBA} - System32\Tasks\Microsoft\Windows\SysResetDelayedCleanup => Rundll32.exe ResetEng.dll,RjvDelayedCleanupEntryPoint
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\system32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {ABA1133F-D63B-4504-835F-BFD61014A973} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-05-08] ()
Task: {C45570AB-8BD8-4D01-BE12-F9781DC6A9B9} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E81E6DDB-88B8-4EAA-800C-307D9DA5C934} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-09-24] (ASUS)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

==================== Loaded Modules (whitelisted) =============

2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-08-10 19:28 - 2012-08-10 19:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-09-11 15:01 - 2012-09-11 15:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-06-16 18:43 - 2014-06-06 05:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\21670911.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\21670911.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

HKLM\...\StartupApproved\Run: => "BtvStack"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2014 06:51:26 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: 1

Error: (06/17/2014 02:52:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process ID: 0x10c4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report ID: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (06/17/2014 02:41:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process ID: 0x1338
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report ID: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (06/17/2014 02:40:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: suka.exe.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process ID: 0x11b0
Faulting application start time: 0xsuka.exe.exe0
Faulting application path: suka.exe.exe1
Faulting module path: suka.exe.exe2
Report ID: suka.exe.exe3
Faulting package full name: suka.exe.exe4
Faulting package-relative application ID: suka.exe.exe5

Error: (06/17/2014 02:40:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: suka.exe.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process ID: 0x840
Faulting application start time: 0xsuka.exe.exe0
Faulting application path: suka.exe.exe1
Faulting module path: suka.exe.exe2
Report ID: suka.exe.exe3
Faulting package full name: suka.exe.exe4
Faulting package-relative application ID: suka.exe.exe5

Error: (06/17/2014 02:40:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: suka.exe.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process ID: 0x70c
Faulting application start time: 0xsuka.exe.exe0
Faulting application path: suka.exe.exe1
Faulting module path: suka.exe.exe2
Report ID: suka.exe.exe3
Faulting package full name: suka.exe.exe4
Faulting package-relative application ID: suka.exe.exe5

Error: (06/17/2014 02:38:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.com.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process ID: 0x1190
Faulting application start time: 0xmbam.com.exe0
Faulting application path: mbam.com.exe1
Faulting module path: mbam.com.exe2
Report ID: mbam.com.exe3
Faulting package full name: mbam.com.exe4
Faulting package-relative application ID: mbam.com.exe5

Error: (06/17/2014 02:37:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process ID: 0xdbc
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report ID: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (06/17/2014 02:37:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process ID: 0x1264
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report ID: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (06/17/2014 02:36:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process ID: 0x4e4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report ID: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5


System errors:
=============
Error: (06/18/2014 11:46:56 AM) (Source: bowser) (EventID: 8016) (User: )
Description: The browser driver has received too many illegal datagrams from the remote computer LIVEBOX to name CRUELREACTION on transport NetBT_Tcpip_{30FB2E70-EAA8-4973-B3B1-BA1188667A3E}.  The data is the datagram.
No more events will be generated until the reset frequency has expired.

Error: (06/18/2014 11:45:56 AM) (Source: bowser) (EventID: 8016) (User: )
Description: The browser driver has received too many illegal datagrams from the remote computer LIVEBOX to name CRUELREACTION on transport NetBT_Tcpip_{30FB2E70-EAA8-4973-B3B1-BA1188667A3E}.  The data is the datagram.
No more events will be generated until the reset frequency has expired.

Error: (06/18/2014 11:17:21 AM) (Source: bowser) (EventID: 8016) (User: )
Description: The browser driver has received too many illegal datagrams from the remote computer LIVEBOX to name CRUELREACTION on transport NetBT_Tcpip_{30FB2E70-EAA8-4973-B3B1-BA1188667A3E}.  The data is the datagram.
No more events will be generated until the reset frequency has expired.

Error: (06/18/2014 09:17:13 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 09:02:42 on ‎18/‎06/‎2014 was unexpected.

Error: (06/18/2014 08:59:54 AM) (Source: DCOM) (EventID: 10010) (User: cruelreaction)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (06/18/2014 08:59:24 AM) (Source: DCOM) (EventID: 10010) (User: cruelreaction)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (06/18/2014 08:51:01 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:17:54 on ‎17/‎06/‎2014 was unexpected.

Error: (06/17/2014 10:23:36 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (06/17/2014 10:22:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Home Network service hung on starting.

Error: (06/17/2014 10:17:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:09:05 on ‎17/‎06/‎2014 was unexpected.


Microsoft Office Sessions:
=========================
Error: (06/17/2014 06:51:26 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: 1

Error: (06/17/2014 02:52:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd10c401cf8a335a0af9c0C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll99808de6-f626-11e3-be78-6c71d92138d8

Error: (06/17/2014 02:41:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd133801cf8a31d248dfd5C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll10145c48-f625-11e3-be77-6c71d92138d8

Error: (06/17/2014 02:40:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: suka.exe.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd11b001cf8a31c39214d1C:\Program Files (x86)\Malwarebytes Anti-Malware\suka.exe.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll015b334b-f625-11e3-be77-6c71d92138d8

Error: (06/17/2014 02:40:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: suka.exe.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd84001cf8a31b954f5d6C:\Program Files (x86)\Malwarebytes Anti-Malware\suka.exe.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllf71e1148-f624-11e3-be77-6c71d92138d8

Error: (06/17/2014 02:40:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: suka.exe.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd70c01cf8a31b5100f0aC:\Program Files (x86)\Malwarebytes Anti-Malware\suka.exe.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllf2ee99ee-f624-11e3-be77-6c71d92138d8

Error: (06/17/2014 02:38:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.com.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd119001cf8a315f47abd2C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.com.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll9d132b6f-f624-11e3-be77-6c71d92138d8

Error: (06/17/2014 02:37:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fddbc01cf8a3157c663e4C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll9591e3a7-f624-11e3-be77-6c71d92138d8

Error: (06/17/2014 02:37:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd126401cf8a314f99ba59C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll8d653517-f624-11e3-be77-6c71d92138d8

Error: (06/17/2014 02:36:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd4e401cf8a312e3aa241C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll6db94936-f624-11e3-be77-6c71d92138d8


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 7636.24 MB
Available physical RAM: 5449.25 MB
Total Pagefile: 12244.24 MB
Available Pagefile: 10500.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:107.69 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.15 GB) (Free:215.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: A3362226)

Partition: GPT Partition Type.

==================== End Of Log ============================

[cruelreaction]

12:08:57.0973 0x0f3c  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
12:08:57.0973 0x0f3c  UEFI system
12:09:05.0212 0x0f3c  ============================================================
12:09:05.0212 0x0f3c  Current date / time: 2014/06/18 12:09:05.0212
12:09:05.0212 0x0f3c  SystemInfo:
12:09:05.0212 0x0f3c  
12:09:05.0212 0x0f3c  OS Version: 6.2.9200 ServicePack: 0.0
12:09:05.0212 0x0f3c  Product type: Workstation
12:09:05.0212 0x0f3c  ComputerName: CRUELREACTION
12:09:05.0212 0x0f3c  UserName: CR
12:09:05.0212 0x0f3c  Windows directory: C:\Windows
12:09:05.0212 0x0f3c  System windows directory: C:\Windows
12:09:05.0212 0x0f3c  Running under WOW64
12:09:05.0212 0x0f3c  Processor architecture: Intel x64
12:09:05.0212 0x0f3c  Number of processors: 4
12:09:05.0212 0x0f3c  Page size: 0x1000
12:09:05.0212 0x0f3c  Boot type: Normal boot
12:09:05.0212 0x0f3c  ============================================================
12:09:05.0212 0x0f3c  BG loaded
12:09:05.0680 0x0f3c  System UUID: {75B5C145-A8AB-AF39-DFEC-CB904518E63F}
12:09:06.0491 0x0f3c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:09:06.0507 0x0f3c  ============================================================
12:09:06.0507 0x0f3c  \Device\Harddisk0\DR0:
12:09:06.0507 0x0f3c  GPT partitions:
12:09:06.0507 0x0f3c  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {1911A6CF-3FB3-482E-A90C-ADF7EC2C1936}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x96000
12:09:06.0507 0x0f3c  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {DA68FAD7-B4A8-4234-84D1-1E8656D17D2A}, Name: Basic data partition, StartLBA 0x96800, BlocksNum 0x1C2000
12:09:06.0507 0x0f3c  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {B2D0EA0C-64C2-4535-BF3C-6ACF8653AB2A}, Name: Microsoft reserved partition, StartLBA 0x258800, BlocksNum 0x40000
12:09:06.0507 0x0f3c  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {AF029779-E09A-4A94-88C3-333D9F956017}, Name: Basic data partition, StartLBA 0x298800, BlocksNum 0x1749C000
12:09:06.0507 0x0f3c  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {30A505E4-FE71-4789-B286-CD6486F3B475}, Name: Basic data partition, StartLBA 0x17734800, BlocksNum 0x2044C800
12:09:06.0507 0x0f3c  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {AF4E95D7-E18B-444B-AEF5-0E5C637BA81D}, Name: Basic data partition, StartLBA 0x37B81000, BlocksNum 0x2805000
12:09:06.0507 0x0f3c  MBR partitions:
12:09:06.0507 0x0f3c  ============================================================
12:09:06.0538 0x0f3c  C: <-> \Device\Harddisk0\DR0\Partition4
12:09:06.0585 0x0f3c  D: <-> \Device\Harddisk0\DR0\Partition5
12:09:06.0585 0x0f3c  ============================================================
12:09:06.0585 0x0f3c  Initialize success
12:09:06.0585 0x0f3c  ============================================================
12:09:10.0251 0x0e80  ============================================================
12:09:10.0251 0x0e80  Scan started
12:09:10.0251 0x0e80  Mode: Manual;
12:09:10.0251 0x0e80  ============================================================
12:09:10.0251 0x0e80  KSN ping started
12:09:12.0762 0x0e80  KSN ping finished: true
12:09:14.0120 0x0e80  ================ Scan system memory ========================
12:09:14.0120 0x0e80  System memory - ok
12:09:14.0120 0x0e80  ================ Scan services =============================
12:09:14.0650 0x0e80  [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
12:09:14.0650 0x0e80  1394ohci - ok
12:09:14.0666 0x0e80  [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware           C:\Windows\system32\drivers\3ware.sys
12:09:14.0681 0x0e80  3ware - ok
12:09:14.0728 0x0e80  [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:09:14.0728 0x0e80  ACPI - ok
12:09:14.0759 0x0e80  [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
12:09:14.0759 0x0e80  acpiex - ok
12:09:14.0775 0x0e80  [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
12:09:14.0775 0x0e80  acpipagr - ok
12:09:14.0775 0x0e80  [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
12:09:14.0790 0x0e80  AcpiPmi - ok
12:09:14.0790 0x0e80  [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
12:09:14.0790 0x0e80  acpitime - ok
12:09:14.0822 0x0e80  [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:09:14.0822 0x0e80  adp94xx - ok
12:09:14.0853 0x0e80  [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:09:14.0869 0x0e80  adpahci - ok
12:09:14.0869 0x0e80  [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:09:14.0884 0x0e80  adpu320 - ok
12:09:14.0915 0x0e80  [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:09:14.0915 0x0e80  AeLookupSvc - ok
12:09:14.0946 0x0e80  [ 9E975BDC89C83900B2C534C4E1B018F8, 5413577284FDD7840915CC29C3DD78E514F0E6227384636695CF8B46FAA541DC ] AFD             C:\Windows\system32\drivers\afd.sys
12:09:14.0962 0x0e80  AFD - ok
12:09:15.0009 0x0e80  [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
12:09:15.0040 0x0e80  AgereSoftModem - ok
12:09:15.0040 0x0e80  [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:09:15.0056 0x0e80  agp440 - ok
12:09:15.0071 0x0e80  [ 16F6F6B7903B913AB41AB848C8BB5658, 7304257048CB42E5274B3F6400F4A053A38E3B70A157662FE9D2B7C5979DE851 ] AiCharger       C:\Windows\system32\DRIVERS\AiCharger.sys
12:09:15.0071 0x0e80  AiCharger - ok
12:09:15.0103 0x0e80  [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG             C:\Windows\System32\alg.exe
12:09:15.0103 0x0e80  ALG - ok
12:09:15.0149 0x0e80  [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
12:09:15.0149 0x0e80  AllUserInstallAgent - ok
12:09:15.0180 0x0e80  [ 15223ECAD7D688273DADA63ADA8B6BBA, 4E6261A8E89CF0491FAE680C9A842D46E4C693300D7DA7412AF02728486CDFFF ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:09:15.0196 0x0e80  AMD External Events Utility - ok
12:09:15.0196 0x0e80  [ FB88D16B55F788EEB7590584FE2D8F1A, 96DDFF3D0139FC268E43C5CB2F1455BC1EAD99883453933B4B639166AAB0ED38 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
12:09:15.0196 0x0e80  AmdK8 - ok
12:09:15.0555 0x0e80  [ 8EEBE772FA7D2A6436D6DBDE5EC7191B, B6108A3DF9348D5500FC741AEACFD94044AE4AA5314DEDCF4A4B491F12E7AC15 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:09:15.0789 0x0e80  amdkmdag - ok
12:09:15.0820 0x0e80  [ 9B08F939F313CC8D57789C528F6B4C4B, 3CC2E9BC7EAF7F193DB53A91B706369077CAD769F3585823389564235FCD09EE ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:09:15.0836 0x0e80  amdkmdap - ok
12:09:15.0867 0x0e80  [ 02CF5AD93538CCE63EB09364EDD3DCF9, A50EBC874966DDA8D209F102148BBD3C6BD5E0CB0DB23D22A99AC3AD3AACE17A ] amdkmpfd        C:\Windows\system32\drivers\amdkmpfd.sys
12:09:15.0867 0x0e80  amdkmpfd - ok
12:09:15.0945 0x0e80  [ 81402FF3373CE4DF77D5C874E369A985, 83F2091A6D97314CD3216176365ABD1D0FB74686BA457022712DE8F355AD1D90 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
12:09:15.0945 0x0e80  AmdPPM - ok
12:09:15.0960 0x0e80  [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:09:15.0960 0x0e80  amdsata - ok
12:09:15.0976 0x0e80  [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:09:15.0992 0x0e80  amdsbs - ok
12:09:15.0992 0x0e80  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:09:15.0992 0x0e80  amdxata - ok
12:09:16.0039 0x0e80  [ A2EFE3869B976296E097DEF368280F95, 121CD4A16146A9DF59D6E415181F48CA0D1DCD4D2B6BC4CBDABC2F3D296E28C6 ] amd_sata        C:\Windows\system32\drivers\amd_sata.sys
12:09:16.0039 0x0e80  amd_sata - ok
12:09:16.0039 0x0e80  [ 625396421C29FB305C6C6235D01130B8, 3FAF8D3B530F1B74B2C9B0ED3377836746CE2D0A4008E1BC454095671AC9E1AF ] amd_xata        C:\Windows\system32\drivers\amd_xata.sys
12:09:16.0039 0x0e80  amd_xata - ok
12:09:16.0054 0x0e80  [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID           C:\Windows\system32\drivers\appid.sys
12:09:16.0054 0x0e80  AppID - ok
12:09:16.0085 0x0e80  [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:09:16.0085 0x0e80  AppIDSvc - ok
12:09:16.0101 0x0e80  [ D64C4AFEE8277F35EF729A2B924666B0, 543AA2B2CD09820437646CFE01AFDBA6B764AA588E663759DEB93CB4F25E09D7 ] Appinfo         C:\Windows\System32\appinfo.dll
12:09:16.0101 0x0e80  Appinfo - ok
12:09:16.0132 0x0e80  [ 44695679881DEB85CAD7C249B151066E, A44413ACA911DDB5757DE9F9ECC3968979C47617CF9DF81B24E7ECDE7E0D54BC ] APXACC          C:\Windows\system32\DRIVERS\appexDrv.sys
12:09:16.0132 0x0e80  APXACC - ok
12:09:16.0148 0x0e80  [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc             C:\Windows\system32\drivers\arc.sys
12:09:16.0148 0x0e80  arc - ok
12:09:16.0179 0x0e80  [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:09:16.0179 0x0e80  arcsas - ok
12:09:16.0273 0x0e80  [ E40AF754F43E3B44E2D6DE829267AD52, 5F9427E595A56464807D071205FB4DFD6BB21B68058E67529DC1727D32FAB0AD ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
12:09:16.0273 0x0e80  ASLDRService - ok
12:09:16.0288 0x0e80  [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
12:09:16.0288 0x0e80  ASMMAP64 - ok
12:09:16.0335 0x0e80  [ 6A122B4F0E5293CACFA8A5F2CBA9B356, 9D69076B697BEE8742E32EBEF1802D829DEA6B1D93AF485D11CC89A08CA4D809 ] ASUS InstantOn  C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
12:09:16.0335 0x0e80  ASUS InstantOn - ok
12:09:16.0350 0x0e80  [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:09:16.0350 0x0e80  AsyncMac - ok
12:09:16.0382 0x0e80  [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:09:16.0382 0x0e80  atapi - ok
12:09:16.0397 0x0e80  [ 4885C14A6AB6969B5773A42DA0BA3DA4, E317E1E299543FBD9853C71E1CF8019343B6234B9AAF56ABF48C41BB7743490B ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
12:09:16.0413 0x0e80  AthBTPort - ok
12:09:16.0522 0x0e80  [ 7CA5397A47843B0BD36898F32F2D403B, 40BACD955FDF2E469AA20910203CEB97B7C7D94C04E15723D99ED2C577AD14CF ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
12:09:16.0522 0x0e80  AtherosSvc - ok
12:09:16.0694 0x0e80  [ BD0CA4F831A9DAFC2D0393431A497593, 2084EC0DB12E84E645D1C4A1F4D10FDE36B008C98C44E8F4D10BCFE8F0199F97 ] athr            C:\Windows\system32\DRIVERS\athw8x.sys
12:09:16.0787 0x0e80  athr - ok
12:09:16.0834 0x0e80  [ 506907D2E7F3A5B67DBD39C00A788B7C, 618C91FB9F49C69F88A993F164D7E9E4B7CAD0F34DCF77CF0C6F259A28448171 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW86.sys
12:09:16.0834 0x0e80  AtiHDAudioService - ok
12:09:16.0850 0x0e80  [ DBC598E47E7A382E60E2A4745D41FEF9, A810AC197CA456B0285E2CAE6986D38B31F4ADA32BEB47EC7A48A2B2196BA639 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
12:09:16.0850 0x0e80  ATKGFNEXSrv - ok
12:09:16.0881 0x0e80  [ 41CEAFFCF3550785E59E3EC9BEE8D97A, 89FE604088B65B82AA794E1DA8429033CD2F05FFB2D7EFAAC7B967C7A83D1B1E ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
12:09:16.0881 0x0e80  ATKWMIACPIIO - ok
12:09:16.0897 0x0e80  [ 437EB91CB20144375DDE145149778405, 5E76CDE2B3C852755F6E54AF774E9BECDF472103D83B815899333DE268536B98 ] ATP             C:\Windows\System32\drivers\AsusTP.sys
12:09:16.0897 0x0e80  ATP - ok
12:09:16.0928 0x0e80  [ 8A814F4CBF6AA28A8F0212592824C927, 9688BA88E744B231CC13F28CE40AE64AA121F943BADE4D0BA5A83487AF6C01CF ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
12:09:16.0943 0x0e80  AudioEndpointBuilder - ok
12:09:16.0975 0x0e80  [ 01E8E96251900BCEFAB34FBC1FCEB552, 63D4B17967545586BEFD76FCB507AFDE3F7454CAADAE1EDE615D81204AF275CE ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:09:16.0990 0x0e80  Audiosrv - ok
12:09:17.0037 0x0e80  [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:09:17.0037 0x0e80  AxInstSV - ok
12:09:17.0084 0x0e80  [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:09:17.0099 0x0e80  b06bdrv - ok
12:09:17.0131 0x0e80  [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
12:09:17.0131 0x0e80  BasicDisplay - ok
12:09:17.0131 0x0e80  [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
12:09:17.0131 0x0e80  BasicRender - ok
12:09:17.0177 0x0e80  [ 558F6EEF46EC2642C8F72D34CBB5612E, DA192AB0C645200E7135C994866589DB6ACA451CC3F2BC903C95E5ABCD7391CC ] BDESVC          C:\Windows\System32\bdesvc.dll
12:09:17.0177 0x0e80  BDESVC - ok
12:09:17.0193 0x0e80  [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep            C:\Windows\system32\drivers\Beep.sys
12:09:17.0193 0x0e80  Beep - ok
12:09:17.0240 0x0e80  [ 407F85D5387EDBB665A7969DF4D4712B, 56E103CDCDFB07E54ABF7F7AD898E7E989B0D9CD73352E6AB89D7AE52AA46C9D ] BFE             C:\Windows\System32\bfe.dll
12:09:17.0255 0x0e80  BFE - ok
12:09:17.0333 0x0e80  [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS            C:\Windows\System32\qmgr.dll
12:09:17.0349 0x0e80  BITS - ok
12:09:17.0364 0x0e80  [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:09:17.0364 0x0e80  bowser - ok
12:09:17.0380 0x0e80  [ 975398A3D2C1FEA73FC93931978DF354, 623E66E79BF16AC82E5DD579B1D50AA1A884FAFC042C3C8A1B503C97A84098DF ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
12:09:17.0380 0x0e80  BrokerInfrastructure - ok
12:09:17.0411 0x0e80  [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser         C:\Windows\System32\browser.dll
12:09:17.0411 0x0e80  Browser - ok
12:09:17.0458 0x0e80  [ 942F3F6286056D6BBB5B02ED2B7088BD, 9F187C480BD40815ECFFC208BD1B00ACDFAD16899B4C8BE79C803FE48E322EA0 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
12:09:17.0458 0x0e80  BTATH_A2DP - ok
12:09:17.0474 0x0e80  [ 43C965027229D9FF6E52E4C71C03B09E, AF0E39EAD8B17A65F885272BEF12BF91578289C183FB39BB803183BE0E5547D1 ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
12:09:17.0474 0x0e80  btath_avdt - ok
12:09:17.0489 0x0e80  [ 23CEDCD7527A26B222732A158F76EB24, 5A45D7FC8DFB96A938EEB8604B79413A10C0C16A17D3139B712263211D8215E9 ] BTATH_BUS       C:\Windows\System32\drivers\btath_bus.sys
12:09:17.0505 0x0e80  BTATH_BUS - ok
12:09:17.0521 0x0e80  [ 3DD64966A764BCAFF07C9DC064BD410E, 456252339BCA224549E4CBCD5A0501AF10340211CFD567C577067ABF5DABB21F ] BTATH_HCRP      C:\Windows\System32\drivers\btath_hcrp.sys
12:09:17.0521 0x0e80  BTATH_HCRP - ok
12:09:17.0536 0x0e80  [ B68EE0721EAC305AB1C9C989CDF1AEFF, 3F7CE8E244836E23456E519E48E53E4B9331C9AD9BAF13C208C922404575638A ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
12:09:17.0536 0x0e80  BTATH_LWFLT - ok
12:09:17.0552 0x0e80  [ EC7BB341229E9E6B04349580F55218B2, 4227CE6787DD1432EB054B1EE85C399188A61B23E2E8B0B615DA101C4AABD6C0 ] BTATH_RCP       C:\Windows\System32\drivers\btath_rcp.sys
12:09:17.0552 0x0e80  BTATH_RCP - ok
12:09:17.0598 0x0e80  [ CBF4EF7E9FE86CE0CAB0A6472DE34A1C, 7E4B410E1BC0BBC3B7CECF4B7396070E3FFB99D73CF185CBF38E65A79DDBB780 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
12:09:17.0598 0x0e80  BtFilter - ok
12:09:17.0630 0x0e80  [ FC79BE6D8FBC8699E9980F657D281BE9, 02D3233719E1DB059ABFB0F5D534114E70208D1339BC53EADC5C78424A3E7117 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
12:09:17.0630 0x0e80  BthAvrcpTg - ok
12:09:17.0645 0x0e80  [ 8DE53C3B497D58C7D3E52F54D28E7D86, 1063973F6B0125E1209AE012E218AD9E7AABA5DBB03D883050F25C9D4F68B99B ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
12:09:17.0645 0x0e80  BthEnum - ok
12:09:17.0661 0x0e80  [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
12:09:17.0661 0x0e80  BthHFEnum - ok
12:09:17.0677 0x0e80  [ 6F7368071FCDDB96C0527A6E5D7C1906, 0406CDEC064D644F38950FF26234F006D59F5E3265614D50F5D9C7CEC8475B48 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
12:09:17.0677 0x0e80  bthhfhid - ok
12:09:17.0708 0x0e80  [ 42201C346F0B8C458E1E9CDE04D68A2C, 6168FD0D10CD06B00B5C79D5D2B5C353AAC22FD99CE8D417DDBA33ED63CFB8BF ] BthLEEnum       C:\Windows\system32\DRIVERS\BthLEEnum.sys
12:09:17.0708 0x0e80  BthLEEnum - ok
12:09:17.0723 0x0e80  [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
12:09:17.0723 0x0e80  BTHMODEM - ok
12:09:17.0723 0x0e80  [ 091BB978E9504D0AD14586929431A957, ACED02B879026A228E35F40847C210BC30A5AFC948FFE922DB21663E4A8DFF1D ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:09:17.0739 0x0e80  BthPan - ok
12:09:17.0786 0x0e80  [ 427510B95603B24A0E1DDB47EFC4BA44, D90ED0D0313FB1517D3645AA01E5422351AE2BB3778325EFD6D0A0ACD1DC7E7C ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
12:09:17.0817 0x0e80  BTHPORT - ok
12:09:17.0848 0x0e80  [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv         C:\Windows\system32\bthserv.dll
12:09:17.0848 0x0e80  bthserv - ok
12:09:17.0848 0x0e80  [ 0BB16201253AA87015EFFECAF157225F, 1B5B38275828B82B06D24018A8965DA58866C05E3847AA1B55BFF6F13FD9E235 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
12:09:17.0848 0x0e80  BTHUSB - ok
12:09:17.0879 0x0e80  [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:09:17.0879 0x0e80  cdfs - ok
12:09:17.0895 0x0e80  [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom           C:\Windows\System32\drivers\cdrom.sys
12:09:17.0895 0x0e80  cdrom - ok
12:09:17.0926 0x0e80  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:09:17.0926 0x0e80  CertPropSvc - ok
12:09:17.0942 0x0e80  [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass        C:\Windows\System32\drivers\circlass.sys
12:09:17.0942 0x0e80  circlass - ok
12:09:17.0973 0x0e80  [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS            C:\Windows\system32\drivers\CLFS.sys
12:09:17.0989 0x0e80  CLFS - ok
12:09:18.0020 0x0e80  [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
12:09:18.0020 0x0e80  CmBatt - ok
12:09:18.0051 0x0e80  [ 1894FD2D5966A81D3B07A7C4D8724D59, 18DCE6DF0DE39DFD1358A1E061AD97099699CE430BCB906AFB7F51277681461D ] CNG             C:\Windows\system32\Drivers\cng.sys
12:09:18.0067 0x0e80  CNG - ok
12:09:18.0067 0x0e80  [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
12:09:18.0067 0x0e80  CompositeBus - ok
12:09:18.0082 0x0e80  COMSysApp - ok
12:09:18.0082 0x0e80  [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv          C:\Windows\system32\drivers\condrv.sys
12:09:18.0082 0x0e80  condrv - ok
12:09:18.0129 0x0e80  [ F0E78B119D12BA81F163D48C0FF30B9A, 9622A2F36F03A33E7D145C439BD62D5AEFD53064D60BCC787555D1AF8CB936A9 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:09:18.0129 0x0e80  CryptSvc - ok
12:09:18.0176 0x0e80  [ A4CCA7289C1A6223D61FD27BF2FC413F, DCDA516FE602690802A8D2A854E607FFCB0BCFDFCDB1F1AC6B30CBAED2663726 ] dam             C:\Windows\system32\drivers\dam.sys
12:09:18.0176 0x0e80  dam - ok
12:09:18.0285 0x0e80  [ D06E443457FADC6B1AFAF3AA4B6936F6, 109B4D05E156604AFB3D63B380CC063B900AEB12F57A1D235B9F9399EE0909C7 ] dc3d            C:\Windows\System32\drivers\dc3d.sys
12:09:18.0285 0x0e80  dc3d - ok
12:09:18.0347 0x0e80  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:09:18.0379 0x0e80  DcomLaunch - ok
12:09:18.0425 0x0e80  [ C8650D1F61149AA546BDBC99172EBBC1, D9592ED1B6F23B6EC76A0B93635B6E38702311B0A6982F0F9DEC37FCDAF1288B ] defragsvc       C:\Windows\System32\defragsvc.dll
12:09:18.0441 0x0e80  defragsvc - ok
12:09:18.0457 0x0e80  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\Windows\system32\das.dll
12:09:18.0472 0x0e80  DeviceAssociationService - ok
12:09:18.0503 0x0e80  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
12:09:18.0503 0x0e80  DeviceInstall - ok
12:09:18.0535 0x0e80  [ 09D9EB9E7898F8E6561473A20CC808B9, 0F511593D36084843E5138AF6D55FE08D77803968AE12A236A02368DB364347E ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
12:09:18.0550 0x0e80  Dfsc - ok
12:09:18.0597 0x0e80  [ CFB72DF4B2364AF6D4D685DCD310E942, 89C72E1008B92B85A275B9F37D96481C3EFCABE9ACD28B698D5A04E0DDA0DF8F ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:09:18.0597 0x0e80  Dhcp - ok
12:09:18.0612 0x0e80  [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache        C:\Windows\system32\drivers\discache.sys
12:09:18.0612 0x0e80  discache - ok
12:09:18.0612 0x0e80  [ 560495FF4CA22E1D9B1972FA18F43B6F, 41FFDD4C1097AA857A8177E34F101A1A9C1429A4E8DEC3D395C6135A9E112CD6 ] disk            C:\Windows\system32\drivers\disk.sys
12:09:18.0628 0x0e80  disk - ok
12:09:18.0644 0x0e80  [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
12:09:18.0644 0x0e80  dmvsc - ok
12:09:18.0675 0x0e80  [ 066B9710B36AB550E01EEFCA52155968, DCA9F3F4856A6866D3F5A2EEE34E96A83F40198DB0B5AC6381A7568DE1F56FAB ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:09:18.0675 0x0e80  Dnscache - ok
12:09:18.0706 0x0e80  [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc         C:\Windows\System32\dot3svc.dll
12:09:18.0722 0x0e80  dot3svc - ok
12:09:18.0737 0x0e80  [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS             C:\Windows\system32\dps.dll
12:09:18.0737 0x0e80  DPS - ok
12:09:18.0784 0x0e80  [ 84D07E4E4FBE72DA3EC1C1E77C49B53C, 81846E3E91080EA3E21FDC1120B5CC2265258AC78AF654DCD1A05E3966AA923A ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:09:18.0784 0x0e80  drmkaud - ok
12:09:18.0815 0x0e80  [ BF48F32EE248C3D371DA5DC93BBEADA7, C8E9B685A8F2F99140382557F11E362D899E7EC6693ADEFE762F0A3850585C63 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
12:09:18.0815 0x0e80  DsmSvc - ok
12:09:18.0893 0x0e80  [ 898BF1647BBF012B38EF45C7F9F7A67E, 800EF0CF107B5F29702FA50D448E20D3EB19984C38D1AA0197636A80629A3160 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:09:18.0925 0x0e80  DXGKrnl - ok
12:09:18.0971 0x0e80  [ 651FBD69A9713D623D456A240F96179C, 22A1F306B454EF9C84D25EF266F3ED0E1D896B1F5BE60170E79F37F2DBCA59F4 ] e1iexpress      C:\Windows\system32\DRIVERS\e1i63x64.sys
12:09:18.0971 0x0e80  e1iexpress - ok
12:09:19.0002 0x0e80  [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost         C:\Windows\System32\eapsvc.dll
12:09:19.0018 0x0e80  Eaphost - ok
12:09:19.0143 0x0e80  [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:09:19.0205 0x0e80  ebdrv - ok
12:09:19.0252 0x0e80  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] EFS             C:\Windows\System32\lsass.exe
12:09:19.0252 0x0e80  EFS - ok
12:09:19.0283 0x0e80  [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
12:09:19.0283 0x0e80  EhStorClass - ok
12:09:19.0299 0x0e80  [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
12:09:19.0299 0x0e80  EhStorTcgDrv - ok
12:09:19.0314 0x0e80  [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev          C:\Windows\System32\drivers\errdev.sys
12:09:19.0330 0x0e80  ErrDev - ok
12:09:19.0377 0x0e80  [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem     C:\Windows\system32\es.dll
12:09:19.0377 0x0e80  EventSystem - ok
12:09:19.0408 0x0e80  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat           C:\Windows\system32\drivers\exfat.sys
12:09:19.0408 0x0e80  exfat - ok
12:09:19.0424 0x0e80  [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:09:19.0424 0x0e80  fastfat - ok
12:09:19.0471 0x0e80  [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax             C:\Windows\system32\fxssvc.exe
12:09:19.0486 0x0e80  Fax - ok
12:09:19.0517 0x0e80  [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc             C:\Windows\System32\drivers\fdc.sys
12:09:19.0517 0x0e80  fdc - ok
12:09:19.0533 0x0e80  [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:09:19.0533 0x0e80  fdPHost - ok
12:09:19.0533 0x0e80  [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:09:19.0533 0x0e80  FDResPub - ok
12:09:19.0580 0x0e80  [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc           C:\Windows\system32\fhsvc.dll
12:09:19.0580 0x0e80  fhsvc - ok
12:09:19.0580 0x0e80  [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:09:19.0580 0x0e80  FileInfo - ok
12:09:19.0595 0x0e80  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:09:19.0595 0x0e80  Filetrace - ok
12:09:19.0595 0x0e80  [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
12:09:19.0595 0x0e80  flpydisk - ok
12:09:19.0627 0x0e80  [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:09:19.0642 0x0e80  FltMgr - ok
12:09:19.0705 0x0e80  [ 305CB1E16576F436BC8797E629A3D46D, E3644AE3FA8F755D306D9C4177262CEC451B33731074508B139F3F86AC1B5AE6 ] FontCache       C:\Windows\system32\FntCache.dll
12:09:19.0736 0x0e80  FontCache - ok
12:09:19.0814 0x0e80  [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:09:19.0814 0x0e80  FontCache3.0.0.0 - ok
12:09:19.0814 0x0e80  [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:09:19.0829 0x0e80  FsDepends - ok
12:09:19.0829 0x0e80  [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:09:19.0829 0x0e80  Fs_Rec - ok
12:09:19.0861 0x0e80  [ FA228F4BB10DC7ED7E7D131C034E2331, 0463B1DB8BB2B5AF95EAD988EA9DEB5483D9E78C07E07BAC1E3CC46C086B3BB0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:09:19.0876 0x0e80  fvevol - ok
12:09:19.0892 0x0e80  [ 3EF3FCCC0E70EEC5C2AD996F32BBA642, AC452FD68519DD1EFC971D223CBB3702F38146CB4203E2F6A4302EE3F76144EB ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
12:09:19.0892 0x0e80  FxPPM - ok
12:09:19.0907 0x0e80  [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:09:19.0907 0x0e80  gagp30kx - ok
12:09:19.0938 0x0e80  [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
12:09:19.0938 0x0e80  gencounter - ok
12:09:19.0970 0x0e80  [ CA18ECFCFFDD638ECE80799A9056B238, FEA6778443253CBAA9FF43A980D576A3F449B036151F91495F04CE0C54F02254 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
12:09:19.0970 0x0e80  GPIOClx0101 - ok
12:09:20.0032 0x0e80  [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:09:20.0063 0x0e80  gpsvc - ok
12:09:20.0110 0x0e80  [ 9FC1F11D4D19F61DFE5CC878B4557D3A, 17A0EC253D04FBD25C2113FD96FBF9D822E8295623C1B1DDA712FB102D42E956 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:09:20.0110 0x0e80  HdAudAddService - ok
12:09:20.0141 0x0e80  [ 7D87B5B6C7188D553E11B59DC7F0B111, FC633DB71E1D72E8AD8F89BBB54324CC6ED17F5594EF55DD0BDB58EE1F601FF5 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
12:09:20.0141 0x0e80  HDAudBus - ok
12:09:20.0157 0x0e80  [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
12:09:20.0157 0x0e80  HidBatt - ok
12:09:20.0157 0x0e80  [ A25BAE8C1F2830C8E5625EC7E4E968BE, 81D441B6616094C604453D8EC289C29D9B84A323B5C7C312C96C8380D51538DA ] HidBth          C:\Windows\System32\drivers\hidbth.sys
12:09:20.0157 0x0e80  HidBth - ok
12:09:20.0172 0x0e80  [ AC0526C4E3A7954F750B8F8D95EFB340, BE5180F60761F513B3CD5FC395BB8BCF6EAB6D7A910E0C824FFBEC128285F7A7 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
12:09:20.0172 0x0e80  hidi2c - ok
12:09:20.0188 0x0e80  [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr           C:\Windows\System32\drivers\hidir.sys
12:09:20.0188 0x0e80  HidIr - ok
12:09:20.0204 0x0e80  [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv         C:\Windows\system32\hidserv.dll
12:09:20.0204 0x0e80  hidserv - ok
12:09:20.0251 0x0e80  [ A9F2301B8D28BB4D887F5AEBB55ACB3A, 886B04224CA0A90B4FD0B9F8D243EED4FBA367D078FB1CAF99EE671FE1FCEC27 ] HIDSwitch       C:\Windows\System32\drivers\AsHIDSwitch64.sys
12:09:20.0251 0x0e80  HIDSwitch - ok
12:09:20.0251 0x0e80  [ 590B6F71BCDA4368B4BF7D8DF22B60F7, 5CED8ACCBBF373607A8CEC81E9F9856C450A73A969E07DF3218B85F444CA7D3F ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
12:09:20.0251 0x0e80  HidUsb - ok
12:09:20.0313 0x0e80  [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:09:20.0313 0x0e80  hkmsvc - ok
12:09:20.0360 0x0e80  [ 6CC1AD7B0E071C317B7FB8FC6AEF0EDA, 2A907E87E491F76B75F13CD921962EA4D1FF4C705E393F8FA3F48EC701E668F5 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:09:20.0375 0x0e80  HomeGroupListener - ok
12:09:20.0407 0x0e80  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:09:20.0422 0x0e80  HomeGroupProvider - ok
12:09:20.0438 0x0e80  [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:09:20.0438 0x0e80  HpSAMD - ok
12:09:20.0485 0x0e80  [ 47DBBF38E00C3F7404B71F6509241EF1, CBB3B3F46F702605DD47F12C318984937D7E8384C0A6B62556A6961F74305292 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:09:20.0516 0x0e80  HTTP - ok
12:09:20.0516 0x0e80  [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:09:20.0516 0x0e80  hwpolicy - ok
12:09:20.0531 0x0e80  [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
12:09:20.0531 0x0e80  hyperkbd - ok
12:09:20.0547 0x0e80  [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
12:09:20.0547 0x0e80  HyperVideo - ok
12:09:20.0562 0x0e80  [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
12:09:20.0562 0x0e80  i8042prt - ok
12:09:20.0609 0x0e80  [ 0FE66A51D81A25AACEAAE4C26308121D, C5553F7ABA74A8EB71A4ED0E8F2A6AA2892F871D164F2D4FADB035BE7D1A8C44 ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
12:09:20.0625 0x0e80  iaStorA - ok
12:09:20.0656 0x0e80  [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:09:20.0672 0x0e80  iaStorV - ok
12:09:21.0202 0x0e80  [ E5272DDF2C9043411809171715B4633D, B98E6565E7EA912E32746E1D35AD29C2EB9F3A21ACA8CB145C9F503B66AF0AFB ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
12:09:21.0530 0x0e80  igfx - ok
12:09:21.0577 0x0e80  [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:09:21.0577 0x0e80  iirsp - ok
12:09:21.0655 0x0e80  [ 45EACE8D94B9CEC746A85154892C4FDC, F2507F1AA4C5D54EC8151B44CD033B231C708B57761432E5EDEE6219122301C2 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:09:21.0670 0x0e80  IKEEXT - ok
12:09:21.0826 0x0e80  [ 6BDCC85422817FA53CD705ADE312CE6A, 2EBEDF34493B4AE34442A89ACBCDB2C39447F21FBB015BDD7935DE95DD217CD0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:09:21.0920 0x0e80  IntcAzAudAddService - ok
12:09:21.0951 0x0e80  [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:09:21.0951 0x0e80  intelide - ok
12:09:21.0967 0x0e80  [ F9E126AA767E2E6E3128434A43C9F713, 1BF023083158DB1D76E89C77D383C082F1CA19F00C8FC3B0C30A93263A32BCEA ] intelppm        C:\Windows\System32\drivers\intelppm.sys
12:09:21.0982 0x0e80  intelppm - ok
12:09:21.0982 0x0e80  [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:09:21.0982 0x0e80  IpFilterDriver - ok
12:09:22.0045 0x0e80  [ CAC5202757EF68C4849B0DFFA75F6D3C, D68EDCED68DB7755AA8BE5EC2784C124888BA4ED33B3E366FD83C3E64E42B770 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:09:22.0060 0x0e80  iphlpsvc - ok
12:09:22.0076 0x0e80  [ 6E98A046A12AA113F8898AA5D612BD6E, 28816CC1F03F2BFBF099C087C0BB6949E959F44C888DD2D0528FF7ED5D665ECF ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
12:09:22.0076 0x0e80  IPMIDRV - ok
12:09:22.0091 0x0e80  [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:09:22.0091 0x0e80  IPNAT - ok
12:09:22.0091 0x0e80  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:09:22.0107 0x0e80  IRENUM - ok
12:09:22.0107 0x0e80  [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:09:22.0123 0x0e80  isapnp - ok
12:09:22.0138 0x0e80  [ F5F0DE1B7F256997501EECECE9648108, F9B602EA6B278980A299BB7A393ED09388761DE56162AC998398AB95B5A4EC3E ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
12:09:22.0138 0x0e80  iScsiPrt - ok
12:09:22.0169 0x0e80  [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
12:09:22.0169 0x0e80  kbdclass - ok
12:09:22.0169 0x0e80  [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
12:09:22.0185 0x0e80  kbdhid - ok
12:09:22.0216 0x0e80  [ A8080BEBCDB7A16495CE1205921DCAC5, D4B0EF97B75BF75934A0BEEE48CACD20E8F505600C3A07243DF7627680EE8552 ] kbfiltr         C:\Windows\System32\drivers\kbfiltr.sys
12:09:22.0216 0x0e80  kbfiltr - ok
12:09:22.0232 0x0e80  [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
12:09:22.0232 0x0e80  kdnic - ok
12:09:22.0247 0x0e80  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] KeyIso          C:\Windows\system32\lsass.exe
12:09:22.0247 0x0e80  KeyIso - ok
12:09:22.0279 0x0e80  [ DFA480F6DED551464F3A5B959F437800, C07AB6F28A09FCBE11EECAD03B06CEAE1016EC24031FCA0C092639E90FBA84CF ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:09:22.0279 0x0e80  KSecDD - ok
12:09:22.0294 0x0e80  [ E427D299CFE267A2465D3AAF81440ED9, 78F2649FDFF78C358E4FF8EB9772F726A23457658C1CCEABA4D4DEF6927A0423 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:09:22.0310 0x0e80  KSecPkg - ok
12:09:22.0310 0x0e80  [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:09:22.0310 0x0e80  ksthunk - ok
12:09:22.0341 0x0e80  [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:09:22.0357 0x0e80  KtmRm - ok
12:09:22.0419 0x0e80  [ 256EE31588257E8A555DBFAA13F1908E, B6817F632EDEA483E35BF26846DCDD4E95E860620959179B2A5D8AD7EEDDB126 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:09:22.0419 0x0e80  LanmanServer - ok
12:09:22.0497 0x0e80  [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:09:22.0497 0x0e80  LanmanWorkstation - ok
12:09:22.0513 0x0e80  [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:09:22.0513 0x0e80  lltdio - ok
12:09:22.0544 0x0e80  [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:09:22.0559 0x0e80  lltdsvc - ok
12:09:22.0575 0x0e80  [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:09:22.0575 0x0e80  lmhosts - ok
12:09:22.0591 0x0e80  [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:09:22.0591 0x0e80  LSI_SAS - ok
12:09:22.0622 0x0e80  [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:09:22.0637 0x0e80  LSI_SAS2 - ok
12:09:22.0637 0x0e80  [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:09:22.0637 0x0e80  LSI_SCSI - ok
12:09:22.0653 0x0e80  [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
12:09:22.0653 0x0e80  LSI_SSS - ok
12:09:22.0684 0x0e80  [ 8FEFDCEE40B75FD23B4BC60DA6576113, 1C3B690B00D95F6A4DB9225A42B1E5BF5A586785A3E097A9D46D35D580490924 ] LSM             C:\Windows\System32\lsm.dll
12:09:22.0700 0x0e80  LSM - ok
12:09:22.0731 0x0e80  [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:09:22.0731 0x0e80  luafv - ok
12:09:22.0793 0x0e80  [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:09:22.0793 0x0e80  MBAMProtector - ok
12:09:22.0903 0x0e80  [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
12:09:22.0949 0x0e80  MBAMScheduler - ok
12:09:22.0996 0x0e80  [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
12:09:23.0012 0x0e80  MBAMService - ok
12:09:23.0043 0x0e80  [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
12:09:23.0059 0x0e80  MBAMSwissArmy - ok
12:09:23.0090 0x0e80  [ 0664F6335F108F38FE08C3CA747311EE, 04C5F31C57573DC4ABFC609D3F7C589835CE5C528AF5EE07FB25E35F72DF98A4 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
12:09:23.0090 0x0e80  MBAMWebAccessControl - ok
12:09:23.0137 0x0e80  [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:09:23.0137 0x0e80  megasas - ok
12:09:23.0152 0x0e80  [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:09:23.0168 0x0e80  MegaSR - ok
12:09:23.0199 0x0e80  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS           C:\Windows\system32\mmcss.dll
12:09:23.0199 0x0e80  MMCSS - ok
12:09:23.0215 0x0e80  [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem           C:\Windows\system32\drivers\modem.sys
12:09:23.0215 0x0e80  Modem - ok
12:09:23.0215 0x0e80  [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935, CC3F4E09F8834C7293B607446FECFE3CBB9B9151E65AAD38E2A4A8B30244DE14 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:09:23.0215 0x0e80  monitor - ok
12:09:23.0230 0x0e80  [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
12:09:23.0230 0x0e80  mouclass - ok
12:09:23.0246 0x0e80  [ CB2527B8B87D83E56FBF3944BBB6F606, F8DA5AF97B91099C58E14D1DACBCA02AF8F193E53A88DDC8CC4C0655A2E4F90B ] mouhid          C:\Windows\System32\drivers\mouhid.sys
12:09:23.0246 0x0e80  mouhid - ok
12:09:23.0246 0x0e80  [ 89D263DBF08119CE16273991C120D6DD, 9771EDAD266F0E234E71DFB6792F396710E051F2ADCA5CDADEBBD2790D0E6054 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:09:23.0246 0x0e80  mountmgr - ok
12:09:23.0293 0x0e80  [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:09:23.0308 0x0e80  MozillaMaintenance - ok
12:09:23.0308 0x0e80  [ 36BF4D86F166ACBC14F0B8B8F90CBCEA, 9127DB0ABCCF57DEEB6447EEE33C5F4724472763DB1941D6FA74C745512D0DA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:09:23.0308 0x0e80  mpsdrv - ok
12:09:23.0371 0x0e80  [ 411EA973A1961C287927DF13891EB41E, 1DA42631346FF8B43443A4DCE838AEB3C7166FBB272FC47740B09A1A1CE5CCBC ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:09:23.0402 0x0e80  MpsSvc - ok
12:09:23.0417 0x0e80  [ 3D70147F55F1EC84EB9139ED7FFE48BC, 12429C2FDDDA13815F0E18F9009011AA5360955759A23A38175543F480CB92EF ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:09:23.0417 0x0e80  MRxDAV - ok
12:09:23.0433 0x0e80  [ 1EEAA5A62E8C49DDF58798F06F78BFFA, D5F37463EC4E4E5F538DCB4B98BFE1415A7CCFA9641BED0621B5BCEBEA91E184 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:09:23.0449 0x0e80  mrxsmb - ok
12:09:23.0464 0x0e80  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:09:23.0464 0x0e80  mrxsmb10 - ok
12:09:23.0480 0x0e80  [ BFBE1EA55ECC15733933D429E384BCA4, 01B2C5B5D92E8F33F5F86A372AE0AFF22779E70377B0C904BEFD0998906DD8B7 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:09:23.0495 0x0e80  mrxsmb20 - ok
12:09:23.0511 0x0e80  [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
12:09:23.0511 0x0e80  MsBridge - ok
12:09:23.0527 0x0e80  [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC           C:\Windows\System32\msdtc.exe
12:09:23.0527 0x0e80  MSDTC - ok
12:09:23.0558 0x0e80  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:09:23.0558 0x0e80  Msfs - ok
12:09:23.0589 0x0e80  [ C9BFB0353099B071E70299549C18C8AE, 5BEB200A6B824F63E2F39BA4F0693DBAC948BEA3B5A56AC9715716F1CE387566 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
12:09:23.0589 0x0e80  msgpiowin32 - ok
12:09:23.0620 0x0e80  [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:09:23.0620 0x0e80  mshidkmdf - ok
12:09:23.0620 0x0e80  [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
12:09:23.0620 0x0e80  mshidumdf - ok
12:09:23.0636 0x0e80  [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:09:23.0636 0x0e80  msisadrv - ok
12:09:23.0651 0x0e80  [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:09:23.0667 0x0e80  MSiSCSI - ok
12:09:23.0667 0x0e80  msiserver - ok
12:09:23.0667 0x0e80  [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:09:23.0683 0x0e80  MSKSSRV - ok
12:09:23.0698 0x0e80  [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
12:09:23.0698 0x0e80  MsLldp - ok
12:09:23.0714 0x0e80  [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:09:23.0729 0x0e80  MSPCLOCK - ok
12:09:23.0729 0x0e80  [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:09:23.0729 0x0e80  MSPQM - ok
12:09:23.0761 0x0e80  [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:09:23.0761 0x0e80  MsRPC - ok
 

[cruelreaction]

12:09:23.0792 0x0e80  [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
12:09:23.0792 0x0e80  mssmbios - ok
12:09:23.0792 0x0e80  [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:09:23.0792 0x0e80  MSTEE - ok
12:09:23.0807 0x0e80  [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
12:09:23.0807 0x0e80  MTConfig - ok
12:09:23.0823 0x0e80  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup             C:\Windows\system32\Drivers\mup.sys
12:09:23.0823 0x0e80  Mup - ok
12:09:23.0839 0x0e80  [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
12:09:23.0839 0x0e80  mvumis - ok
12:09:23.0885 0x0e80  [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent        C:\Windows\system32\qagentRT.dll
12:09:23.0885 0x0e80  napagent - ok
12:09:23.0932 0x0e80  [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:09:23.0932 0x0e80  NativeWifiP - ok
12:09:23.0963 0x0e80  [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc          C:\Windows\System32\ncasvc.dll
12:09:23.0963 0x0e80  NcaSvc - ok
12:09:23.0979 0x0e80  [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
12:09:23.0979 0x0e80  NcdAutoSetup - ok
12:09:24.0041 0x0e80  [ FE6463C1574610E26ED8DE2054DF59A4, 736680A9B567709A32D668D84A1AD630AD5CE048BBC3005826EB8F7E40C6ABA2 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:09:24.0073 0x0e80  NDIS - ok
12:09:24.0088 0x0e80  [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:09:24.0088 0x0e80  NdisCap - ok
12:09:24.0119 0x0e80  [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
12:09:24.0119 0x0e80  NdisImPlatform - ok
12:09:24.0119 0x0e80  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:09:24.0119 0x0e80  NdisTapi - ok
12:09:24.0151 0x0e80  [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:09:24.0151 0x0e80  Ndisuio - ok
12:09:24.0151 0x0e80  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:09:24.0166 0x0e80  NdisWan - ok
12:09:24.0166 0x0e80  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
12:09:24.0166 0x0e80  NDISWANLEGACY - ok
12:09:24.0182 0x0e80  [ CE6EBC0AD38CC6482D8FBB744FF15CE2, B8712DB2E574ECFBC840FAAFB874644AB56909382BA2A5A8BC599874BBEAA543 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:09:24.0182 0x0e80  NDProxy - ok
12:09:24.0213 0x0e80  [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu             C:\Windows\system32\drivers\Ndu.sys
12:09:24.0213 0x0e80  Ndu - ok
12:09:24.0213 0x0e80  [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:09:24.0213 0x0e80  NetBIOS - ok
12:09:24.0244 0x0e80  [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:09:24.0244 0x0e80  NetBT - ok
12:09:24.0275 0x0e80  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] Netlogon        C:\Windows\system32\lsass.exe
12:09:24.0275 0x0e80  Netlogon - ok
12:09:24.0307 0x0e80  [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman          C:\Windows\System32\netman.dll
12:09:24.0307 0x0e80  Netman - ok
12:09:24.0338 0x0e80  [ 20F6FD63E6D456114BC8056D62792786, 12EDB8DD4D647F8CF680ABD1A36704EE9BEBE5F65C821E6D76F798441AF2C199 ] netprofm        C:\Windows\System32\netprofmsvc.dll
12:09:24.0353 0x0e80  netprofm - ok
12:09:24.0525 0x0e80  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:09:24.0525 0x0e80  NetTcpPortSharing - ok
12:09:24.0853 0x0e80  [ 57B9C04D673F236D41FAB03842C8640B, 898DCBBBF94875059CD328B0FC75BE36A4E3DD471C6E28BFAE064BCF84349518 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
12:09:25.0040 0x0e80  NETwNs64 - ok
12:09:25.0118 0x0e80  [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:09:25.0118 0x0e80  nfrd960 - ok
12:09:25.0149 0x0e80  [ 80ABCD4C2DE9FD832477303AE0CA3BE5, 98F3958E650CEB1006D92980503E1B176D2CA55D2A6742C1C27CDE829D137DA9 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:09:25.0165 0x0e80  NlaSvc - ok
12:09:25.0180 0x0e80  [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:09:25.0180 0x0e80  Npfs - ok
12:09:25.0180 0x0e80  [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
12:09:25.0196 0x0e80  npsvctrig - ok
12:09:25.0211 0x0e80  [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi             C:\Windows\system32\nsisvc.dll
12:09:25.0227 0x0e80  nsi - ok
12:09:25.0227 0x0e80  [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:09:25.0227 0x0e80  nsiproxy - ok
12:09:25.0305 0x0e80  [ 4A7EEA9C4AD5CBFDA3C0E5B821C99CAD, 4F9872ACF27D9C7D52256CAB09AEEC760402B69088789018D0736F16236C1FE3 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:09:25.0352 0x0e80  Ntfs - ok
12:09:25.0367 0x0e80  [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null            C:\Windows\system32\drivers\Null.sys
12:09:25.0367 0x0e80  Null - ok
12:09:25.0383 0x0e80  [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:09:25.0383 0x0e80  nvraid - ok
12:09:25.0414 0x0e80  [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:09:25.0414 0x0e80  nvstor - ok
12:09:25.0430 0x0e80  [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:09:25.0430 0x0e80  nv_agp - ok
12:09:25.0477 0x0e80  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:09:25.0492 0x0e80  p2pimsvc - ok
12:09:25.0523 0x0e80  [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc          C:\Windows\system32\p2psvc.dll
12:09:25.0539 0x0e80  p2psvc - ok
12:09:25.0570 0x0e80  [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport         C:\Windows\System32\drivers\parport.sys
12:09:25.0570 0x0e80  Parport - ok
12:09:25.0570 0x0e80  [ C1D7BA7F0DE487DFEEB51BF8D3EC5562, 72F38D6C6FD1ED6E1BC47B781A06FFBE29C99A70382D38759B53A184F61B6643 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:09:25.0586 0x0e80  partmgr - ok
12:09:25.0633 0x0e80  [ 19E41F140A6ADBD38943710DA7FF0E38, AF9FDBEB0E519B7EA034C76077E514FE27138204E9874F4DDEA0B1CB26A45BA0 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:09:25.0648 0x0e80  PcaSvc - ok
12:09:25.0679 0x0e80  [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci             C:\Windows\system32\drivers\pci.sys
12:09:25.0695 0x0e80  pci - ok
12:09:25.0711 0x0e80  [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide          C:\Windows\system32\drivers\pciide.sys
12:09:25.0711 0x0e80  pciide - ok
12:09:25.0726 0x0e80  [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:09:25.0726 0x0e80  pcmcia - ok
12:09:25.0742 0x0e80  [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw             C:\Windows\system32\drivers\pcw.sys
12:09:25.0742 0x0e80  pcw - ok
12:09:25.0773 0x0e80  [ A192B9FC67F181A78B05175EE0A244FA, CC62F12062066AAF0BD96163448FA5599F3B468E7DFE5704FF5288F32F01391B ] pdc             C:\Windows\system32\drivers\pdc.sys
12:09:25.0773 0x0e80  pdc - ok
12:09:25.0820 0x0e80  [ 70DBB6A8B52B3830922F1C5789E1BEEB, 30288885789753FE19B51A200137E916E10BCD4211EFF50931C19E88824EADC0 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:09:25.0835 0x0e80  PEAUTH - ok
12:09:26.0069 0x0e80  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:09:26.0069 0x0e80  PerfHost - ok
12:09:26.0147 0x0e80  [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla             C:\Windows\system32\pla.dll
12:09:26.0179 0x0e80  pla - ok
12:09:26.0210 0x0e80  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:09:26.0210 0x0e80  PlugPlay - ok
12:09:26.0225 0x0e80  [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:09:26.0225 0x0e80  PNRPAutoReg - ok
12:09:26.0257 0x0e80  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:09:26.0272 0x0e80  PNRPsvc - ok
12:09:26.0319 0x0e80  [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:09:26.0319 0x0e80  PolicyAgent - ok
12:09:26.0335 0x0e80  [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power           C:\Windows\system32\umpo.dll
12:09:26.0335 0x0e80  Power - ok
12:09:26.0381 0x0e80  [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:09:26.0381 0x0e80  PptpMiniport - ok
12:09:26.0537 0x0e80  [ CC0B8655E4B2A5BBB215CDA8FC3BE4DE, 878E46E308BC3AC689CFC401BAA12D217BFB9911C29A10DB5DFFAC250A58CE55 ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
12:09:26.0600 0x0e80  PrintNotify - ok
12:09:26.0631 0x0e80  [ 8DA167F8967AB35A2487095CB1B879A0, 78FD1D87F0A52254DFD71B76BEEA4179CECF830D1CF623A12FBD991B7C1CDDC1 ] Processor       C:\Windows\System32\drivers\processr.sys
12:09:26.0631 0x0e80  Processor - ok
12:09:26.0662 0x0e80  [ 429E8502AD2227CF88F8840FC5BD590D, A186DA46C083580ACEDE9C7E3156865034302CD803140EEEC8E1DE16DA4BC99B ] ProfSvc         C:\Windows\system32\profsvc.dll
12:09:26.0678 0x0e80  ProfSvc - ok
12:09:26.0709 0x0e80  [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:09:26.0709 0x0e80  Psched - ok
12:09:26.0740 0x0e80  [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE           C:\Windows\system32\qwave.dll
12:09:26.0756 0x0e80  QWAVE - ok
12:09:26.0771 0x0e80  [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:09:26.0771 0x0e80  QWAVEdrv - ok
12:09:26.0787 0x0e80  [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:09:26.0787 0x0e80  RasAcd - ok
12:09:26.0818 0x0e80  [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:09:26.0818 0x0e80  RasAgileVpn - ok
12:09:26.0849 0x0e80  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto         C:\Windows\System32\rasauto.dll
12:09:26.0865 0x0e80  RasAuto - ok
12:09:26.0865 0x0e80  [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:09:26.0881 0x0e80  Rasl2tp - ok
12:09:26.0896 0x0e80  [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan          C:\Windows\System32\rasmans.dll
12:09:26.0912 0x0e80  RasMan - ok
12:09:26.0927 0x0e80  [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:09:26.0927 0x0e80  RasPppoe - ok
12:09:26.0943 0x0e80  [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:09:26.0943 0x0e80  RasSstp - ok
12:09:26.0974 0x0e80  [ B72C33DBD5326B3864CF2091AF8B906B, 85A22311FA870CE43CF70F69D7D101D96B9095A992DCF5FA1587886F6D4282DC ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:09:26.0974 0x0e80  rdbss - ok
12:09:26.0990 0x0e80  [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
12:09:26.0990 0x0e80  rdpbus - ok
12:09:27.0005 0x0e80  [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:09:27.0005 0x0e80  RDPDR - ok
12:09:27.0021 0x0e80  [ 3B4F32CA8B37584ECF98BCE136E38B96, 2B39224FEF5C0AE000FF667B3D6C3C279DBEE8EABAE2F5C40BBCF6DDFFD4DE3C ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:09:27.0021 0x0e80  RdpVideoMiniport - ok
12:09:27.0021 0x0e80  [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:09:27.0037 0x0e80  RDPWD - ok
12:09:27.0068 0x0e80  [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:09:27.0083 0x0e80  rdyboost - ok
12:09:27.0115 0x0e80  [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:09:27.0115 0x0e80  RemoteAccess - ok
12:09:27.0161 0x0e80  [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:09:27.0161 0x0e80  RemoteRegistry - ok
12:09:27.0177 0x0e80  [ 17EF582CBC4809F96B9E6D0543480763, 7097ACDC565A50C7F3F8659693356EE9CAA6B922124C27C4F9D7C89526A87481 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:09:27.0177 0x0e80  RFCOMM - ok
12:09:27.0208 0x0e80  [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:09:27.0208 0x0e80  RpcEptMapper - ok
12:09:27.0255 0x0e80  [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator      C:\Windows\system32\locator.exe
12:09:27.0255 0x0e80  RpcLocator - ok
12:09:27.0302 0x0e80  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs           C:\Windows\system32\rpcss.dll
12:09:27.0317 0x0e80  RpcSs - ok
12:09:27.0317 0x0e80  [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:09:27.0333 0x0e80  rspndr - ok
12:09:27.0380 0x0e80  [ 34DA0D14F5C3F1883A331AFB975AB434, BB5D580C1DCAE59CC1DB75C411A5A4DDF435931469E7EBFF5DFDADBFE07ADEBF ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
12:09:27.0395 0x0e80  RTL8168 - ok
12:09:27.0427 0x0e80  [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
12:09:27.0427 0x0e80  s3cap - ok
12:09:27.0442 0x0e80  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] SamSs           C:\Windows\system32\lsass.exe
12:09:27.0442 0x0e80  SamSs - ok
12:09:27.0458 0x0e80  [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:09:27.0458 0x0e80  sbp2port - ok
12:09:27.0505 0x0e80  [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:09:27.0505 0x0e80  SCardSvr - ok
12:09:27.0520 0x0e80  [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:09:27.0536 0x0e80  scfilter - ok
12:09:27.0583 0x0e80  [ EDCDF4DB82EF825B94B190D544C8C58B, 65E316CB66893FBA852D44F6ACE0F1DA415DBADADCA838B31DF3AB6B681E33B6 ] Schedule        C:\Windows\system32\schedsvc.dll
12:09:27.0614 0x0e80  Schedule - ok
12:09:27.0661 0x0e80  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:09:27.0661 0x0e80  SCPolicySvc - ok
12:09:27.0707 0x0e80  [ A27CF856218B1B1442A7A3B5CF94B4B9, A3BBF36034BBF92E81FDDB9E22370D9AF132997593452BEAAEDCBA43BC5F5D79 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
12:09:27.0707 0x0e80  sdbus - ok
12:09:27.0739 0x0e80  [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:09:27.0739 0x0e80  SDRSVC - ok
12:09:27.0739 0x0e80  [ 74369A913837FB46C3B27373DA2ADF4E, 30CB6AD90520D410D914C5D654C8838DF13B2FC850EB7F0BFB2B937F9BC14E2E ] sdstor          C:\Windows\System32\drivers\sdstor.sys
12:09:27.0754 0x0e80  sdstor - ok
12:09:27.0754 0x0e80  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:09:27.0770 0x0e80  secdrv - ok
12:09:27.0785 0x0e80  [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon        C:\Windows\system32\seclogon.dll
12:09:27.0785 0x0e80  seclogon - ok
12:09:27.0801 0x0e80  [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS            C:\Windows\System32\sens.dll
12:09:27.0801 0x0e80  SENS - ok
12:09:27.0817 0x0e80  [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:09:27.0817 0x0e80  SensrSvc - ok
12:09:27.0848 0x0e80  [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
12:09:27.0848 0x0e80  SerCx - ok
12:09:27.0863 0x0e80  [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum         C:\Windows\System32\drivers\serenum.sys
12:09:27.0863 0x0e80  Serenum - ok
12:09:27.0863 0x0e80  [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial          C:\Windows\System32\drivers\serial.sys
12:09:27.0879 0x0e80  Serial - ok
12:09:27.0895 0x0e80  [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
12:09:27.0895 0x0e80  sermouse - ok
12:09:27.0926 0x0e80  [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv      C:\Windows\system32\sessenv.dll
12:09:27.0941 0x0e80  SessionEnv - ok
12:09:27.0957 0x0e80  [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
12:09:27.0957 0x0e80  sfloppy - ok
12:09:28.0004 0x0e80  [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:09:28.0019 0x0e80  SharedAccess - ok
12:09:28.0082 0x0e80  [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:09:28.0097 0x0e80  ShellHWDetection - ok
12:09:28.0097 0x0e80  [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:09:28.0097 0x0e80  SiSRaid2 - ok
12:09:28.0113 0x0e80  [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:09:28.0113 0x0e80  SiSRaid4 - ok
12:09:28.0129 0x0e80  [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:09:28.0129 0x0e80  SNMPTRAP - ok
12:09:28.0191 0x0e80  [ 465F3C355CE5ED2779B8F460F14C5A78, 4CDFBACBC2C228D6655DFE151249725D72D58DAE3299E15EAAEBC26FE0F712DC ] spaceport       C:\Windows\system32\drivers\spaceport.sys
12:09:28.0191 0x0e80  spaceport - ok
12:09:28.0207 0x0e80  [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
12:09:28.0207 0x0e80  SpbCx - ok
12:09:28.0253 0x0e80  [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler         C:\Windows\System32\spoolsv.exe
12:09:28.0285 0x0e80  Spooler - ok
12:09:28.0456 0x0e80  [ EC84D961501054F87A6878EC5D53388F, C69F3542B182BED4260EE1906361B72B9FFDE47FD92A161850E28BC6ED7505CC ] sppsvc          C:\Windows\system32\sppsvc.exe
12:09:28.0565 0x0e80  sppsvc - ok
12:09:28.0612 0x0e80  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:09:28.0612 0x0e80  srv - ok
12:09:28.0659 0x0e80  [ 0DE224F7B8041B17AA53D00327A86396, 283AD5E9EE8F0C2F47B81FF246BC42ED0656026DA760CAB9EA25611785BBFED8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:09:28.0659 0x0e80  srv2 - ok
12:09:28.0690 0x0e80  [ 9400C71F5A1A380B494B6922F007D485, 66C293974BA4A61A06DC26EF48D5FA5E75377F66AD1CD774AA6827FA20A5F46E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:09:28.0690 0x0e80  srvnet - ok
12:09:28.0721 0x0e80  [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:09:28.0721 0x0e80  SSDPSRV - ok
12:09:28.0753 0x0e80  [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:09:28.0753 0x0e80  SstpSvc - ok
12:09:28.0768 0x0e80  [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:09:28.0768 0x0e80  stexstor - ok
12:09:28.0815 0x0e80  [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc          C:\Windows\System32\wiaservc.dll
12:09:28.0831 0x0e80  stisvc - ok
12:09:28.0846 0x0e80  [ C588BBD37B432CE3204E5765B459E6B2, 6A30570C82390C4D6668137D05C7EFBE243CAC243CBE405D308E3F7B2BC5729D ] storahci        C:\Windows\system32\drivers\storahci.sys
12:09:28.0846 0x0e80  storahci - ok
12:09:28.0862 0x0e80  [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
12:09:28.0862 0x0e80  storflt - ok
12:09:28.0893 0x0e80  [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc         C:\Windows\system32\storsvc.dll
12:09:28.0893 0x0e80  StorSvc - ok
12:09:28.0909 0x0e80  [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:09:28.0909 0x0e80  storvsc - ok
12:09:28.0909 0x0e80  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc           C:\Windows\system32\svsvc.dll
12:09:28.0924 0x0e80  svsvc - ok
12:09:28.0924 0x0e80  [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum          C:\Windows\System32\drivers\swenum.sys
12:09:28.0924 0x0e80  swenum - ok
12:09:28.0955 0x0e80  [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv           C:\Windows\System32\swprv.dll
12:09:28.0971 0x0e80  swprv - ok
12:09:29.0033 0x0e80  [ DC21E1F06343773D7E24362DCEF7944B, E5C13A2D4DEEBEDC6E0E4882FFC56322EA0474A3BD8B1C8A077293F433854F9B ] SysMain         C:\Windows\system32\sysmain.dll
12:09:29.0065 0x0e80  SysMain - ok
12:09:29.0096 0x0e80  [ 079244F281621FEDCC161D3923E858FE, A9997FF335B2A81CD9C1DFF8177FBBD4E36360BC1F3E7CD260144806EB12BC5E ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
12:09:29.0096 0x0e80  SystemEventsBroker - ok
12:09:29.0127 0x0e80  [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\Windows\System32\TabSvc.dll
12:09:29.0127 0x0e80  TabletInputService - ok
12:09:29.0158 0x0e80  [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:09:29.0174 0x0e80  TapiSrv - ok
12:09:29.0267 0x0e80  [ 1D644E2D0FC395A055AB1C23C3B43631, 2AF96480449756C76C2466E546912D1EBB2847490BF611FEBE842CC25EA98765 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:09:29.0314 0x0e80  Tcpip - ok
12:09:29.0392 0x0e80  [ 1D644E2D0FC395A055AB1C23C3B43631, 2AF96480449756C76C2466E546912D1EBB2847490BF611FEBE842CC25EA98765 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:09:29.0439 0x0e80  TCPIP6 - ok
12:09:29.0486 0x0e80  [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:09:29.0486 0x0e80  tcpipreg - ok
12:09:29.0486 0x0e80  [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:09:29.0501 0x0e80  tdx - ok
12:09:29.0501 0x0e80  [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
12:09:29.0501 0x0e80  terminpt - ok
12:09:29.0548 0x0e80  [ 541EE228D0DEF392F7B2DFD885DD021B, 594D6538FA4DB5EF4D130007D7C29051EC2EDCA39EBB119695B58E9CBB0EB728 ] TermService     C:\Windows\System32\termsrv.dll
12:09:29.0564 0x0e80  TermService - ok
12:09:29.0579 0x0e80  [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes          C:\Windows\system32\themeservice.dll
12:09:29.0579 0x0e80  Themes - ok
12:09:29.0611 0x0e80  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER     C:\Windows\system32\mmcss.dll
12:09:29.0611 0x0e80  THREADORDER - ok
12:09:29.0657 0x0e80  [ 52066C139CC189468845D5BE557B25EB, 65A6828240CC06435C1A5FD48B443C3023CE2E8A0A6BDEF67795612457B0CF60 ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
12:09:29.0657 0x0e80  TimeBroker - ok
12:09:29.0673 0x0e80  [ B44EFE254C0B3719E4037088D24FE4B5, 5AC07658A599470C2BCB2813E644B132DDF886510470F5CC636113CEC48DC0F3 ] TPM             C:\Windows\system32\drivers\tpm.sys
12:09:29.0673 0x0e80  TPM - ok
12:09:29.0704 0x0e80  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks          C:\Windows\System32\trkwks.dll
12:09:29.0720 0x0e80  TrkWks - ok
12:09:29.0782 0x0e80  [ 8D516AEF3C1DF980664CF17BB1FF6093, D68A82D7DE647EAD68D5B8F3E8174B520C7FC6387EC68C8685B3E161C6020488 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:09:29.0782 0x0e80  TrustedInstaller - ok
12:09:29.0829 0x0e80  [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:09:29.0829 0x0e80  TsUsbFlt - ok
12:09:29.0829 0x0e80  [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
12:09:29.0829 0x0e80  TsUsbGD - ok
12:09:29.0845 0x0e80  [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:09:29.0845 0x0e80  tunnel - ok
12:09:29.0860 0x0e80  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:09:29.0860 0x0e80  uagp35 - ok
12:09:29.0876 0x0e80  [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
12:09:29.0876 0x0e80  UASPStor - ok
12:09:29.0891 0x0e80  [ 1ED222DFE6C13DA50FE081ABF90CAFE1, B3DFAE29D2E08E2A5ABEF8B4D2C03CD25EE22B11D6E0B6BFCAC2D09B8D73AD49 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
12:09:29.0891 0x0e80  UCX01000 - ok
12:09:29.0923 0x0e80  [ DC5A461591C71AF7F19DC048A81E3F88, C6689C70B6CDE5A5707C06ABDC9CABF87CCE549BD23B96969EF3AA177A889320 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:09:29.0923 0x0e80  udfs - ok
12:09:29.0954 0x0e80  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:09:29.0954 0x0e80  UI0Detect - ok
12:09:29.0969 0x0e80  [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:09:29.0969 0x0e80  uliagpkx - ok
12:09:29.0969 0x0e80  [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus           C:\Windows\System32\drivers\umbus.sys
12:09:29.0969 0x0e80  umbus - ok
12:09:29.0985 0x0e80  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass          C:\Windows\System32\drivers\umpass.sys
12:09:29.0985 0x0e80  UmPass - ok
12:09:30.0016 0x0e80  [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService    C:\Windows\System32\umrdp.dll
12:09:30.0016 0x0e80  UmRdpService - ok
12:09:30.0063 0x0e80  [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost        C:\Windows\System32\upnphost.dll
12:09:30.0063 0x0e80  upnphost - ok
12:09:30.0094 0x0e80  [ 2AF9F0E16D75B8F783A1ACE74EF51C9B, AADB8991174CCDA3ADE14AF3EFB3A9826EC17A0F989F449FF43010A99D8CAA1F ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
12:09:30.0094 0x0e80  usbccgp - ok
12:09:30.0110 0x0e80  [ B395B62B62F28106218FA6FB17F4C797, 231CA3512B02BBE70E630A6304E899BCB741CE411FB10C2B3DE48E52034F24BB ] usbcir          C:\Windows\System32\drivers\usbcir.sys
12:09:30.0110 0x0e80  usbcir - ok
12:09:30.0141 0x0e80  [ 52F267AEE8CA5AA5CEB88C6A71EE1E86, 93E2CC1D4A56A3BBDD85020A8F4AD1B9B119953DB83A155C56D667924D5D8A02 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
12:09:30.0141 0x0e80  usbehci - ok
12:09:30.0188 0x0e80  [ 4875DC63E548812C75D4FDEF84970C89, 6A29306BAB6F95F0384E16533A9588A654A6E3CFC35D55A4CEB2B14EF34EEE19 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
12:09:30.0188 0x0e80  usbfilter - ok
12:09:30.0219 0x0e80  [ FBB6794E3BBAD92D66D59D206C1F849F, CEA5B07518699F09B2ABA372312FF0769B913DC4C43CC142BDB25274B52825DA ] usbhub          C:\Windows\System32\drivers\usbhub.sys
12:09:30.0235 0x0e80  usbhub - ok
12:09:30.0266 0x0e80  [ 7B886003CEEBF3C8E4FDF3586DCB3787, 7206C2F264EE3339460D5E1218B0A83E222CB670AB100A4FEB67AAF2FD6CC6C9 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
12:09:30.0266 0x0e80  USBHUB3 - ok
12:09:30.0281 0x0e80  [ EC1303E3DBF312B846377A84C0D15F27, D710EA9DC98FD157DF6B312AF5D716DD0AD2F3DF2351571DEA399642BC023EDD ] usbohci         C:\Windows\System32\drivers\usbohci.sys
12:09:30.0281 0x0e80  usbohci - ok
12:09:30.0297 0x0e80  [ BA3ABE0CD1C14B3295BAD0F076B84CAC, 19E0679D44A9BD9DDCC336C7DE784147D6CFC3DE4250D5CA31CE49867D51A414 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
12:09:30.0297 0x0e80  usbprint - ok
12:09:30.0313 0x0e80  [ F77177F6C95B2116EE7AD23B5EF57007, 646E345DE5AFF26B338E17BC9D03D0EDA5608DF77D7685DE7AFF6E4113B9EB87 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
12:09:30.0313 0x0e80  USBSTOR - ok
12:09:30.0328 0x0e80  [ D25EF4A6EC244C5DE85D88A05B7C149D, A08793945D5FDC2CCCB2C621853A69941F1A108DF6CB559F3E8A21A047A8CCB3 ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
12:09:30.0328 0x0e80  usbuhci - ok
12:09:30.0375 0x0e80  [ 09799E701B4327097E9F63D3FE221083, CF2B97D5B3D434D8E5547B2A86771C69A6F7F4857CAD70865B50462A04A27A48 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:09:30.0375 0x0e80  usbvideo - ok
12:09:30.0406 0x0e80  [ 9CD4259AD15F84DE27B94A956C978D6C, F3289BBB1C52E49D8F76D07877541A74DFB7AD3E950C2E58A2C6CDC443F824CF ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
12:09:30.0406 0x0e80  USBXHCI - ok
12:09:30.0422 0x0e80  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] VaultSvc        C:\Windows\system32\lsass.exe
12:09:30.0422 0x0e80  VaultSvc - ok
12:09:30.0453 0x0e80  [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:09:30.0453 0x0e80  vdrvroot - ok
12:09:30.0515 0x0e80  [ 00FBA165A1167738802DA5D0EE78EF10, 3BA85214F881AB2629CAD73BA0F8D7B1BD18831344FE4A56476B97591602B99B ] vds             C:\Windows\System32\vds.exe
12:09:30.0531 0x0e80  vds - ok
12:09:30.0547 0x0e80  [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
12:09:30.0547 0x0e80  VerifierExt - ok
12:09:30.0578 0x0e80  [ 8628FA679F0EC4B709CCD1F6B6A3233B, E8A99795BB7956BFB9FDF6D24209280917FE6500E52F82F50C9FAD2EA6EDFA88 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
12:09:30.0593 0x0e80  vhdmp - ok
12:09:30.0609 0x0e80  [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:09:30.0609 0x0e80  viaide - ok
12:09:30.0625 0x0e80  [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:09:30.0640 0x0e80  vmbus - ok
12:09:30.0640 0x0e80  [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
12:09:30.0640 0x0e80  VMBusHID - ok
12:09:30.0687 0x0e80  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
12:09:30.0703 0x0e80  vmicheartbeat - ok
12:09:30.0718 0x0e80  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\Windows\System32\ICSvc.dll
12:09:30.0718 0x0e80  vmickvpexchange - ok
12:09:30.0734 0x0e80  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv         C:\Windows\System32\ICSvc.dll
12:09:30.0749 0x0e80  vmicrdv - ok
12:09:30.0749 0x0e80  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown    C:\Windows\System32\ICSvc.dll
12:09:30.0765 0x0e80  vmicshutdown - ok
12:09:30.0781 0x0e80  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync    C:\Windows\System32\ICSvc.dll
12:09:30.0781 0x0e80  vmictimesync - ok
12:09:30.0796 0x0e80  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss         C:\Windows\System32\ICSvc.dll
12:09:30.0812 0x0e80  vmicvss - ok
12:09:30.0812 0x0e80  [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:09:30.0812 0x0e80  volmgr - ok
12:09:30.0843 0x0e80  [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:09:30.0859 0x0e80  volmgrx - ok
12:09:30.0874 0x0e80  [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE, 26FD9DBCFAEDE0F945D80B11769741A3A837F84461263217A43C458B674566EE ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:09:30.0890 0x0e80  volsnap - ok
12:09:30.0890 0x0e80  [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci            C:\Windows\System32\drivers\vpci.sys
12:09:30.0890 0x0e80  vpci - ok
12:09:30.0905 0x0e80  [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:09:30.0905 0x0e80  vsmraid - ok
12:09:30.0983 0x0e80  [ EA658570314042C914964FC72AB50E6B, 0B10E16D5136BF71EAF68F0D9A8B25F92F6D686BF9F80FEEB9F291221C6B8284 ] VSS             C:\Windows\system32\vssvc.exe
12:09:31.0015 0x0e80  VSS - ok
12:09:31.0046 0x0e80  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
12:09:31.0061 0x0e80  VSTXRAID - ok
12:09:31.0061 0x0e80  [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:09:31.0061 0x0e80  vwifibus - ok
12:09:31.0077 0x0e80  [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:09:31.0077 0x0e80  vwififlt - ok
12:09:31.0093 0x0e80  [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:09:31.0093 0x0e80  vwifimp - ok
12:09:31.0108 0x0e80  [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time         C:\Windows\system32\w32time.dll
12:09:31.0124 0x0e80  W32Time - ok
12:09:31.0124 0x0e80  [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
12:09:31.0139 0x0e80  WacomPen - ok
12:09:31.0155 0x0e80  [ 6081CEC9EF9EB145D8B46655C7708D51, 34E421501185BDE9049AC68F0604F4AD694AF6DA1D52A7D75C2BD050B5817ADF ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
12:09:31.0155 0x0e80  Wanarp - ok
12:09:31.0171 0x0e80  [ 6081CEC9EF9EB145D8B46655C7708D51, 34E421501185BDE9049AC68F0604F4AD694AF6DA1D52A7D75C2BD050B5817ADF ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:09:31.0171 0x0e80  Wanarpv6 - ok
12:09:31.0233 0x0e80  [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine        C:\Windows\system32\wbengine.exe
12:09:31.0280 0x0e80  wbengine - ok
12:09:31.0311 0x0e80  [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:09:31.0311 0x0e80  WbioSrvc - ok
12:09:31.0342 0x0e80  [ D9C1E82651BF19C6FF69CEC6FD400124, 93B96481A5B26F5617B16DD775AF0F8CE9001B30251FFF58D6EF9044D5EE91CD ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
12:09:31.0342 0x0e80  Wcmsvc - ok
12:09:31.0405 0x0e80  [ 4507D89FA9E4283100948C91E867D130, 7DEEE18C903752A46D9B23B8C8F50A0028E6682321B365EC87F87D1E7EFB8621 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:09:31.0420 0x0e80  wcncsvc - ok
12:09:31.0436 0x0e80  [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:09:31.0436 0x0e80  WcsPlugInService - ok
12:09:31.0467 0x0e80  [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd              C:\Windows\system32\drivers\wd.sys
12:09:31.0467 0x0e80  Wd - ok
12:09:31.0483 0x0e80  [ 260F8DFC4D5748F4CCB9B19CFB0E58EA, 36A6B264677A8A5A4E4785C9BE49E39C82B552460C46026964B700CCBA51FBB0 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
12:09:31.0483 0x0e80  WdBoot - ok
12:09:31.0529 0x0e80  [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:09:31.0545 0x0e80  Wdf01000 - ok
12:09:31.0561 0x0e80  [ 880FFFC4D5BBBB4187B6B04AB2E8C32A, 406363087976285481A8401FC5A8BBAF0DDCCC8D9228F39702D5B80ADC61EEA9 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
12:09:31.0576 0x0e80  WdFilter - ok
12:09:31.0592 0x0e80  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:09:31.0592 0x0e80  WdiServiceHost - ok
12:09:31.0607 0x0e80  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:09:31.0607 0x0e80  WdiSystemHost - ok
12:09:31.0654 0x0e80  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6, 4281100271761521F75F4D5A3D2E9FF40A9C7D81CEDAFD2EDD95788534090CA6 ] WebClient       C:\Windows\System32\webclnt.dll
12:09:31.0654 0x0e80  WebClient - ok
12:09:31.0701 0x0e80  [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:09:31.0701 0x0e80  Wecsvc - ok
12:09:31.0717 0x0e80  [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:09:31.0732 0x0e80  wercplsupport - ok
12:09:31.0748 0x0e80  [ 8E2426162ED6749A127B35D235F21E11, 3B92CE177DE926CC801B71EACC2901DB11BDBF4A1269A004BFFECB3047E17E4C ] WerSvc          C:\Windows\System32\WerSvc.dll
12:09:31.0748 0x0e80  WerSvc - ok
12:09:31.0748 0x0e80  [ FE762D3498719C3A23471BBA62F747B4, 7F9390D5B0133BF1FA66BFC5FD933E17AADEB7845F141948EE4A52AB779A69F8 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
12:09:31.0763 0x0e80  WFPLWFS - ok
12:09:31.0763 0x0e80  [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc          C:\Windows\System32\wiarpc.dll
12:09:31.0779 0x0e80  WiaRpc - ok
12:09:31.0779 0x0e80  [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:09:31.0779 0x0e80  WIMMount - ok
12:09:31.0841 0x0e80  WinDefend - ok
12:09:31.0904 0x0e80  [ 1369928779943B5C7AABA263E6E2BBC1, 5DB4E77912051839B842F43B01933A07D72BD9E772F129573B1504361A9AA6A4 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
12:09:31.0919 0x0e80  WinHttpAutoProxySvc - ok
12:09:32.0091 0x0e80  [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:09:32.0091 0x0e80  Winmgmt - ok
12:09:32.0231 0x0e80  [ 8E212A627F33F6FC3B5F3BB47212F66E, 9BBFE26ABFA14F346FE3711D13D959523EEA23608A33C16F3D750D66CA511911 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:09:32.0294 0x0e80  WinRM - ok
12:09:32.0341 0x0e80  [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
12:09:32.0341 0x0e80  WinUsb - ok
12:09:32.0403 0x0e80  [ 19B3CFB1D6516AB2C54772CB75426AD4, 9DB10D2BE984AC665562FB6095F32E0A9E7FDCCF1580C87A7F5DCEAA3EC4C463 ] WlanSvc         C:\Windows\System32\wlansvc.dll
12:09:32.0450 0x0e80  WlanSvc - ok
12:09:32.0543 0x0e80  [ 08EFA13A2234C8C3B8A99E4B88BE7E9B, 460ACD1687A2E5443A1B0E1786A517E67DB876403AC3498555848BD16DA08929 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
12:09:32.0590 0x0e80  wlidsvc - ok
12:09:32.0606 0x0e80  [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
12:09:32.0606 0x0e80  WmiAcpi - ok
12:09:32.0637 0x0e80  [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:09:32.0637 0x0e80  wmiApSrv - ok
12:09:32.0668 0x0e80  WMPNetworkSvc - ok
12:09:32.0699 0x0e80  [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
12:09:32.0699 0x0e80  wpcfltr - ok
12:09:32.0731 0x0e80  [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:09:32.0731 0x0e80  WPCSvc - ok
12:09:32.0746 0x0e80  [ 94AA5150E35B3ABB7191FE641E3C2473, 48CC776E92579188FF75BADFABF7BDBED0092AF5EE2BDBDEF9C3834A01E39CAB ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:09:32.0746 0x0e80  WPDBusEnum - ok
12:09:32.0777 0x0e80  [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
12:09:32.0777 0x0e80  WpdUpFltr - ok
12:09:32.0777 0x0e80  [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:09:32.0793 0x0e80  ws2ifsl - ok
12:09:32.0809 0x0e80  [ FB0C1B7F94FA08E72F19F6F2CE7210E1, DC5475E9172BD732A654838CDB8057FCD83A02060C0C79B141F74A74D4C77555 ] wscsvc          C:\Windows\System32\wscsvc.dll
12:09:32.0809 0x0e80  wscsvc - ok
12:09:32.0809 0x0e80  WSearch - ok
12:09:32.0933 0x0e80  [ C10BFFEE7E0D7A1366E84F251796C51D, E1FD1DF5F5C5934F9A8584D54F35720655AC4F5D4CFD69CD1E063C0BBEC4D33D ] WSService       C:\Windows\System32\WSService.dll
12:09:32.0996 0x0e80  WSService - ok
12:09:33.0152 0x0e80  [ 69DDDAF7BB4D39A4CC928EA434A3E258, 3C3335682C53C283E9C2C42EBB557944C4808F8C0F1781A8B2C4CA24D1677531 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:09:33.0214 0x0e80  wuauserv - ok
12:09:33.0261 0x0e80  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:09:33.0261 0x0e80  WudfPf - ok
12:09:33.0277 0x0e80  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
12:09:33.0277 0x0e80  WUDFRd - ok
12:09:33.0308 0x0e80  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:09:33.0308 0x0e80  wudfsvc - ok
12:09:33.0323 0x0e80  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
12:09:33.0323 0x0e80  WUDFWpdMtp - ok
12:09:33.0355 0x0e80  [ F9D8D2E6ECE08B278621D5BF3A7240A6, 99EEEE51EA6CE8909713CA81A2AFA5102774AE9C8554F422F4D9A1D8B0ABDB09 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:09:33.0370 0x0e80  WwanSvc - ok
12:09:33.0495 0x0e80  [ 918C73F0275D7813E6F01E100B39DBD9, 06D08C9B0894A307A4D215B445A5EA08CD53DEA19526FECBB4ADDB833D1070D1 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
12:09:33.0511 0x0e80  ZAtheros Bt&Wlan Coex Agent - ok
12:09:33.0526 0x0e80  ================ Scan global ===============================
12:09:33.0573 0x0e80  [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\Windows\system32\basesrv.dll
12:09:33.0620 0x0e80  [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\Windows\system32\winsrv.dll
12:09:33.0667 0x0e80  [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\Windows\system32\sxssrv.dll
12:09:33.0698 0x0e80  [ 8F226143046435C75C033B0C52E90FFE, 54FA316485B57D7B8104FE621F5F40DEC35E3D57C3DF46B5F7EACF57445FE7CA ] C:\Windows\system32\services.exe
12:09:33.0698 0x0e80  [ Global ] - ok
12:09:33.0698 0x0e80  ================ Scan MBR ==================================
12:09:33.0713 0x0e80  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
12:09:33.0729 0x0e80  \Device\Harddisk0\DR0 - ok
12:09:33.0729 0x0e80  ================ Scan VBR ==================================
12:09:33.0760 0x0e80  [ C8B6857C0E957EAC4F9361FD8FFC4D45 ] \Device\Harddisk0\DR0\Partition1
12:09:33.0776 0x0e80  \Device\Harddisk0\DR0\Partition1 - ok
12:09:33.0791 0x0e80  [ 6EF0792F4E5D1796BFEF84FB294AEA04 ] \Device\Harddisk0\DR0\Partition2
12:09:33.0807 0x0e80  \Device\Harddisk0\DR0\Partition2 - ok
12:09:33.0807 0x0e80  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
12:09:33.0807 0x0e80  \Device\Harddisk0\DR0\Partition3 - ok
12:09:33.0823 0x0e80  [ 9A729AD5B3C9C844E18C0CB4CC516B25 ] \Device\Harddisk0\DR0\Partition4
12:09:33.0838 0x0e80  \Device\Harddisk0\DR0\Partition4 - ok
12:09:33.0870 0x0e80  [ 90C1553218090E00F05040146FE6CC02 ] \Device\Harddisk0\DR0\Partition5
12:09:33.0885 0x0e80  \Device\Harddisk0\DR0\Partition5 - ok
12:09:33.0901 0x0e80  [ E9ECA4EAFB37F42FBAC2FDD95A37FC15 ] \Device\Harddisk0\DR0\Partition6
12:09:33.0916 0x0e80  \Device\Harddisk0\DR0\Partition6 - ok
12:09:33.0916 0x0e80  ================ Scan generic autorun ======================
12:09:34.0415 0x0e80  [ 9AC062437035B077C0F3B1BD738EC82A, DAC42AA903C3A6F7CB196D3D738FFDDADC8BD2138F0703F1DB035337540D53B7 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
12:09:34.0696 0x0e80  RTHDVCPL - ok
12:09:34.0821 0x0e80  [ BED2FC346920A8B9F5B6CA9417A50E8F, 8F4B3E6987CA3BDB9D7C6DC59CB6578C26E95760E1D72FF78E89D76787FFECFA ] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
12:09:34.0837 0x0e80  BtTray - ok
12:09:34.0852 0x0e80  [ 4518F9E8966D584FF52B2D3A65E2320D, 9F3225B91B478C8A0B836F2F3E28014F144109C10A445FA162FA2AF6C3B716E9 ] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
12:09:34.0868 0x0e80  BtvStack - ok
12:09:34.0946 0x0e80  [ B7BCA8A30CE13A283CDBDECEF5616C39, C734A8C3633653E0C903E7F14F574DEED763613F9E6A5CE7862D547CAE9AEDDB ] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
12:09:34.0946 0x0e80  ACMON - ok
12:09:35.0055 0x0e80  [ E97140424C378ACBD47DF493A6AB7235, 00F26F670AD6B03C465C4FC834DC993B551B8A8E73B603FE7B9CFFA893094A3D ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
12:09:35.0055 0x0e80  Adobe Reader Speed Launcher - ok
12:09:35.0164 0x0e80  [ BAD6BEA0DE1F69C82BDB74378CE0C20A, ADA84B75173E9D03C180B527E31475ACA16CB19532C3EDA11357BD37049927E3 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
12:09:35.0180 0x0e80  Adobe ARM - ok
12:09:35.0180 0x0e80  mcui_exe - ok
12:09:35.0274 0x0e80  [ B7995C675014EEBE77A0BEB7AFCCFC08, 41D186C63273301CF0A1C1EE7B6EB0BB75A251DD441532C5CEB7A4095FB103CD ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
12:09:35.0274 0x0e80  RemoteControl10 - ok
12:09:35.0492 0x0e80  [ FF3ADE2620DD221C3E011DC614EA71EF, 572A0D40E30A1F8B2121B5B4AE9B46301CEF0E370318EAF1F8FC7916DE7470F2 ] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe
12:09:35.0570 0x0e80  ASUSWebStorage - ok
12:09:35.0710 0x0e80  [ B6EF24044DD4794240E914AB4CDB255B, 96FB13F26538B47345DC51F5BF89F29F2AC292C096EE83CE7F0A45F464A5642A ] C:\Program Files (x86)\Gyazo\GyStation.exe
12:09:35.0773 0x0e80  Gyazo - ok
12:09:35.0866 0x0e80  [ F4BBAAC708FA033EEA88BA070E43DF51, C0A99216B05790B83BBCF10732F5F8E907ABB732FA7F90C2F7B5E0AA2D8B7920 ] C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe
12:09:35.0882 0x0e80  AppEx Accelerator UI - ok
12:09:35.0898 0x0e80  Waiting for KSN requests completion. In queue: 72
12:09:36.0911 0x0e80  Waiting for KSN requests completion. In queue: 72
12:09:37.0926 0x0e80  Waiting for KSN requests completion. In queue: 72
12:09:38.0955 0x0e80  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.0.9200.16384 ), 0x61100 ( enabled : updated )
12:09:38.0955 0x0e80  Win FW state via NFP2: enabled
12:09:41.0482 0x0e80  ============================================================
12:09:41.0482 0x0e80  Scan finished
12:09:41.0482 0x0e80  ============================================================
12:09:41.0482 0x0ec8  Detected object count: 0
12:09:41.0482 0x0ec8  Actual detected object count: 0
12:09:47.0145 0x0828  Deinitialize success

[kevinf80]

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes 2.0, run a Threat Scan

 

• 
  

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 

• 
  

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

• 
  

Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

Please download Junkware Removal Tool to your desktop.

• 
  

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Kevin

 

 

 

fixlist.txt

[cruelreaction]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-06-2014
Ran by CR at 2014-06-18 12:28:27 Run:1
Running from C:\Users\CR\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
U0 msahci;
C:\ProgramData\SetStretch.exe
C:\Users\CR\AppData\Local\Temp\{57C192E7-A003-4120-AB40-37C466E1A727}.exe
End
*****************

msahci => Service deleted successfully.
C:\ProgramData\SetStretch.exe => Moved successfully.
C:\Users\CR\AppData\Local\Temp\{57C192E7-A003-4120-AB40-37C466E1A727}.exe => Moved successfully.

==== End of Fixlog ====

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 18/06/2014
Scan Time: 12:29:25
Logfile: MALWAREBYTESLOGKEVIN.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.18.03
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: CR

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 295870
Time Elapsed: 12 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Malware Bytes didnt ask me to restart the system so i just exported the log and im now proceding with your instructions for the other 2 programs.

Gonna paste the logs in the next reply.

[cruelreaction]

# AdwCleaner v3.023 - Report created 05/04/2014 at 13:56:50
# Updated 01/04/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : CR - CRUELREACTION
# Running from : C:\Users\CR\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\Program Files (x86)\MediaPlayerV1
Folder Deleted : C:\Program Files (x86)\MediaWatchV1
Folder Deleted : C:\Program Files (x86)\Search Results Toolbar
Folder Deleted : C:\Program Files (x86)\VideoPlayerV3
Folder Deleted : C:\Program Files (x86)\WebexpEnhancedV1
Folder Deleted : C:\Users\CR\AppData\Local\SoftwareUpdater
Folder Deleted : C:\Users\CR\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\CR\AppData\Roaming\cacaoweb
Folder Deleted : C:\Users\CR\AppData\Roaming\FreeSoftwareUpdater
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Users\CR\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Users\CR\AppData\Roaming\Mozilla\Firefox\Profiles\vp56u9ep.default-1391683283027\searchplugins\Ask.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [12x3q@3244516.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ext@bettersurfplus.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [cacaoweb]
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [software updater]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Key Deleted : HKCU\Software\cacaoweb
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\BetterSurf
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\MOVIES~1\Datamngr\mgrldr.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\CR\AppData\Roaming\Mozilla\Firefox\Profiles\vp56u9ep.default-1391683283027\prefs.js ]

Line Deleted : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\CR\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [14920 octets] - [05/04/2014 13:55:12]
AdwCleaner[s0].txt - [14790 octets] - [05/04/2014 13:56:50]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14851 octets] ##########
# AdwCleaner v3.212 - Report created 18/06/2014 at 12:49:45
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : CR - CRUELREACTION
# Running from : C:\Users\CR\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16384


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\CR\AppData\Roaming\Mozilla\Firefox\Profiles\oknidhmn.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [15725 octets] - [05/04/2014 13:55:12]
AdwCleaner[s0].txt - [15788 octets] - [05/04/2014 13:56:50]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [15849 octets] ##########

 

 

================================================================================================================================

 

After this im not really, sure , i dont have any protection software beside malware bytes and windows firewall and windows defender, should i turn these off before running  JRT.exe?

Waiting on your reply to continue with the cleaning procedure.

 

[cruelreaction]

Afterall i thought disconnecting from the internet then turning off the firewalls and windows defender, and also the Malware Bytes processes would be safe enough to run JRT.exe without conflicts, so i did.

 

Heres the log as requested.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by CR on 18/06/2014 at 13:25:29.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/06/2014 at 13:31:22.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[cruelreaction]

Hello Kevin, just updating;  I turned the firewalls / defender /mbam services and apps back on, after the JRT scan.

The laptop has been running perfectly smoothly for the past 2 hours with no apparent freeze, or high disk usage as i was previously having.

 

I still havent installed any new program as i am waiting for your instructions to move further.  Any idea of what was causing the issue?

Thanks a lot for your help !

Saverio.

[kevinf80]

Not a great deal wrong with your system, some unwanted adware related to Conduit and Ask, also potential browser hijacker, before we say we are done and clean up, one final scan:

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

• 
  

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 

• 
  

If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 

• 
  

click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Thank you,

 

Kevin...

[cruelreaction]

Hello Kevin, just checking in, i was away from the computer for about 1 hour, and left it in standby  by pushing the power button.

 

When i came back i simply opened the screen and the normal behavior of the computer seems back, super fast at coming back from standby mode.

I am running the ESET online scanner from IE as requested as of now.

Will update you once its done.

Cheers, Saverio.

[kevinf80]

Thanks for the update, ESET is very thorough so may take several hours.

[cruelreaction]

Hey Kevin,  exactly 1 hour and 30 min into the full scan.

 

You might find this interesting:

4 threats found so far.

a variant of Win32/HackTool.Patcher.AD potentially unsafe application

Win32/OpenCandy potentially unsafe application

NSIS/TrojanDownloader.Agent.NNX trojan

a variant of Win32/Amonetize.I potentially unwanted application

 

Now this concerns me a little bit.

P.S. since im not home and due to a problem i will be forced to move back in about 1.20h, should i stop the scan and just export the log of what i got so far, and then running it again later on?

(im sorry about this but i couldnt really know about it)

Thanks a lot for putting up with me and for all your help <3

 

Saverio

[cruelreaction]

In the meanwhile the threats became 13.

I cant scroll down nor enalrge the window to see all of them sadly, but i can see the top 6 which are all entries for Win32/Conduit.SearchProtect.R , and other variations.

Let me know what should i do regarding interrupting the scan aswell.

Cheers.

 

[cruelreaction]

Heres the log of the finished scan yo.

 

C:\AdwCleaner\Quarantine\C\Users\CR\AppData\Local\SwvUpdater\Updater.exe.vir a variant of Win32/Amonetize.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\CR\AppData\Roaming\FreeSoftwareUpdater\updater.exe.vir NSIS/TrojanDownloader.Agent.NNX trojan
C:\Users\CR\Downloads\any-audio-converter.exe Win32/OpenCandy potentially unsafe application
C:\Users\CR\Downloads\Live912.WiN.x64(1).rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Windows.old\Users\CR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P9O8SM52\spstub[1].exe a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Windows.old\Users\CR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9UA7B31\SPSetup[1].exe a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Windows.old\Users\CR\AppData\Local\Temp\nse31E3.exe Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows.old\Users\CR\AppData\Local\Temp\nsj13E.exe Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows.old\Users\CR\AppData\Local\Temp\nsj2EF5.exe Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows.old\Users\CR\AppData\Local\Temp\nstFEBD.exe Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows.old\Users\CR\AppData\Local\Temp\nsv9545.exe Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows.old\Users\CR\AppData\Local\Temp\sp-downloader.exe Win32/Toolbar.Conduit.R potentially unwanted application
C:\Windows.old\Users\CR\AppData\Local\Temp\nst605C\SpSetup.exe a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
 

[kevinf80]

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

• Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files
  
  

  :Filesipconfig /flushdns /cC:\Users\CR\Downloads\any-audio-converter.exeC:\Users\CR\Downloads\Live912.WiN.x64(1).rarC:\Windows.old\Users\CR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P9O8SM52\spstub[1].exeC:\Windows.old\Users\CR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9UA7B31\SPSetup[1].exeC:\Windows.old\Users\CR\AppData\Local\Temp\nse31E3.exeC:\Windows.old\Users\CR\AppData\Local\Temp\nsj13E.exeC:\Windows.old\Users\CR\AppData\Local\Temp\nsj2EF5.exeC:\Windows.old\Users\CR\AppData\Local\Temp\nstFEBD.exeC:\Windows.old\Users\CR\AppData\Local\Temp\nsv9545.exeC:\Windows.old\Users\CR\AppData\Local\Temp\sp-downloader.exeC:\Windows.old\Users\CR\AppData\Local\Temp\nst605C\SpSetup.exe:Commands[EmptyTemp]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Let me see that log, also give an update on any remaining issues or concerns...

 

Kevin

[cruelreaction]

Hello Kevin sorry for the late reply but i just got back home and had the time to turn the laptop back on and run the scan.

 

Heres the log:

 

 

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\CR\Desktop\cmd.bat deleted successfully.
C:\Users\CR\Desktop\cmd.txt deleted successfully.
C:\Users\CR\Downloads\any-audio-converter.exe moved successfully.
C:\Users\CR\Downloads\Live912.WiN.x64(1).rar moved successfully.
C:\Windows.old\Users\CR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P9O8SM52\spstub[1].exe moved successfully.
C:\Windows.old\Users\CR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9UA7B31\SPSetup[1].exe moved successfully.
C:\Windows.old\Users\CR\AppData\Local\Temp\nse31E3.exe moved successfully.
C:\Windows.old\Users\CR\AppData\Local\Temp\nsj13E.exe moved successfully.
C:\Windows.old\Users\CR\AppData\Local\Temp\nsj2EF5.exe moved successfully.
C:\Windows.old\Users\CR\AppData\Local\Temp\nstFEBD.exe moved successfully.
C:\Windows.old\Users\CR\AppData\Local\Temp\nsv9545.exe moved successfully.
C:\Windows.old\Users\CR\AppData\Local\Temp\sp-downloader.exe moved successfully.
C:\Windows.old\Users\CR\AppData\Local\Temp\nst605C\SpSetup.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 128 bytes
 
User: All Users
 
User: CR
->Temp folder emptied: 416182678 bytes
->Temporary Internet Files folder emptied: 62702073 bytes
->FireFox cache emptied: 19455610 bytes
->Flash cache emptied: 2201 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5575166 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 16532104 bytes
 
Total Files Cleaned = 496.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 06182014_223511

Files moved on Reboot...
C:\Users\CR\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

Registry entries deleted on Reboot...


The only concern i still have really is just about those entries found by ESET and also the deletion of the C:\Users\CR\Downloads\Live912.WiN.x64(1).rar  which was  a trusted file.

Would love to know what was happening with all those freezes cause im startin to be scared it was some kind of hardware issue having to do with the battery.

 

Thanks a lot again for all your help.

[cruelreaction]

Funny thing, as i posted my previous reply, the computer froze again for about 1 minute, windows explorer not responding aswell as firefox.

I was able to move the mouse , just had the blue wheel spinning all the time and (Not Responding) after programs names on the bar.

Just patiently waited and its back smooth.

 

Should i start considering hardware issues?

[kevinf80]

Regarding the trusted file, "C:\Users\CR\Downloads\Live912.WiN.x64(1).rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application"

 

ESET does not see it as safe, I can only go of what the logs tell me, you always have the option to ignore any given advice if you feel it aint right....

 

Regarding the freezing, hardware issue is a possibility amongst others... Lets run a clean boot first, see if the same issue still happens...

 

Go here: http://support.microsoft.com/kb/929135 Expand the options for "How to perform a clean boot" then the option for "Windows 8" Follow those instructions and run in clean boot mode, ensure to leave security enabled....

 

See how the system responds in that mode...

 

Kevin

[cruelreaction]

Goodmorning Kevin, when i woke up this morning i just had the time to read your reply about the safe boot, and the computer froze again so i had to manually shut off via  power button and then proceed to rebooting the system with a Clean Boot.

 

Nothing. The problem occurred once again. Blue wheel spinning programs not responding.

I have noticed a weird issue with the battery tho, it seems to never be fully charging up and never going past 97% charge.

I have now removed the battery and rebooted manually again via power button, waiting to see how the puter acts.

[cruelreaction]

I am deeply considering bringing the computer to assistance to check for hardware issues, i have just turned the laptop back on , running only with battery and it has been ok for 15 minutes already with no problems whatsoever.....

 

I wonder if some hardware battery related issue is possible at this point.

[kevinf80]

I`m not sure what you mean regarding the battery, it either charges or not. It will degrade over time. The full charge status will slowly reduce from 100% after each charge. My own laptop only reaches about 60% now, when it goes to less than 50% I usually buy a new one.

Can you shutdown the laptop altogether, remove the battery. Connect the power cable and re-boot with no battery. See if the laptop responds ok with only the power source and no battery