Safer Browser Hijacker/Virus Removal Help

April 19, 2015 at 17:10:21
Specs: Windows 8
So I've ended up with Safer Browser on my computer and have been to a few different website tutorials and discussions attempting to figure out how to remove it. I came across this forum post...

http://www.computing.net/answers/se...

...and have been utilizing the advice to attempt to remove it. So far with limited success.

I've already "uninstalled" it via the Control Panel, and I've run both Malwarebytes and AdwCleaner and quarantined/deleted every malicious item each found and subsequently rebooted. But Safer Browser is still on my computer in the form of a desktop icon, so I'm certain there are still Safer Browser files on my computer.

As per Johnw in the previous thread I mentioned, I've downloaded and run OTL by OldTimer. And I did run it with the settings Johnw mentioned. (From his post May 3, 2014 - near the bottom of the thread.) I've got the logs, but I'm not sure what I'm looking for - and I really don't want to delete or quarantine anything that isn't related to Safer Browser/a virus or malware.

If someone could please assist me and take a look at the logs and let me know what needs to be deleted, it would be very much appreciated.

Thanks for any help/advice in advance. I'll post the logs in a separate post momentarily.


See More: Safer Browser Hijacker/Virus Removal Help

Report •


#1
April 19, 2015 at 17:11:49
OTL Extras logfile created on: 4/19/2015 4:38:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Serah\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17728)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 6.03 Gb Available Physical Memory | 76.48% Memory free
15.89 Gb Paging File | 13.81 Gb Available in Paging File | 86.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 910.40 Gb Total Space | 817.14 Gb Free Space | 89.76% Space Free | Partition Type: NTFS

Computer Name: ATLATICA | User Name: Serah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1228125814-1879135357-2724809167-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05CD49B1-F5CE-4865-8007-EFFFE3253874}" = rport=445 | protocol=6 | dir=out | app=system |
"{08F20478-1F47-45A6-A043-F40E1B8F61FC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{151227DB-FDEC-4D72-820F-D98C6E2D16F4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{19E8EAE5-3F02-4A24-B44B-B2F365C00CF3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A390648-B298-4F5B-B608-2FF5C7527C80}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{278CC625-8E96-4C06-93FE-5285E1EC57DE}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{2D8414B4-50AC-4876-A2C3-6A3A3F2C08CE}" = lport=138 | protocol=17 | dir=in | app=system |
"{339DB529-45BC-498A-9296-5085E288187D}" = rport=139 | protocol=6 | dir=out | app=system |
"{47F69BAE-3FAE-4E55-A7F1-BC8D7C7505D6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{500EDD21-1536-40AF-992D-AAB5D9EF89F2}" = rport=137 | protocol=17 | dir=out | app=system |
"{6E90F4E1-D543-49B3-8CFA-75755F6B94C5}" = rport=138 | protocol=17 | dir=out | app=system |
"{90B3BE5A-53D1-49FB-B909-FAEA4BED3922}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{927FB750-DAA8-48D5-B2E1-2A4A9627A849}" = lport=10243 | protocol=6 | dir=in | app=system |
"{97703D74-19F1-4129-9B95-3517808927A6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A25E1350-2658-4E8E-8F39-B370E4B392F0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D1E202DC-B4BB-4AE9-960D-5672BC1F6D82}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DC3BAC2C-50FB-4417-8FD5-82F1BEB21A9B}" = lport=137 | protocol=17 | dir=in | app=system |
"{E0CF4496-4F8B-4347-A3DD-6ACAB84723B4}" = lport=445 | protocol=6 | dir=in | app=system |
"{EA0847BD-CDB0-432A-A2CC-8CFC0185356E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\safer technologies\safer browser\application\safer.exe |
"{F11808A4-FD12-44B9-844F-EF0F4E709007}" = lport=139 | protocol=6 | dir=in | app=system |
"{F30537E3-5645-4D40-89C7-7A1C08F6D291}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F5EFA4A3-FA42-4F1C-A389-A67CE8743DD7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FFD791CB-9BB9-461C-B033-E09956EA4068}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C28BCA-C2EF-4F2B-92B2-B89EC291DA1A}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{08989B33-8A36-4990-9245-513BB995798F}" = protocol=6 | dir=in | app=c:\program files (x86)\toolbar cleaner\toolbarcleaner.exe |
"{089FBA3E-B160-41B7-8C74-7A923ECB0041}" = dir=out | name=client for youtube |
"{11B14B8C-4A27-442E-BDEC-857B573A0BB6}" = dir=out | name=@{microsoft.zunemusic_2.6.672.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{1224966F-08B7-4E86-80D8-D33929238D36}" = dir=out | name=asus webstorage |
"{12EE8F2B-F207-4538-94EB-D20CF3C2F019}" = protocol=17 | dir=in | app=c:\program files (x86)\pandasecuritytb\toolbarcleaner.exe |
"{13C042E2-D15D-4071-B029-921151B0D471}" = dir=in | name=asus webstorage |
"{158A8285-890B-4513-AA71-A650EA101A22}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{17F973C0-5D9D-43E5-A7A0-8FCFAA3E7882}" = protocol=6 | dir=in | app=c:\users\serah\appdata\roaming\bittorrent\bittorrent.exe |
"{18B92FA5-D5EF-4F2C-82C4-EBB1CA3A6F8B}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{1D2AFB4F-7AA9-4889-9F95-69FEC63A0CD0}" = dir=out | name=dictionary. |
"{29590E44-2568-4BE6-BFAD-D4A3875C1A82}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{2C62004C-245D-4205-B0C9-B3A6492D5648}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{32146E69-0A7A-4F4A-BC38-167EBD55ACC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3248B897-1970-414B-B997-7DBDDAF729CB}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{332D4501-7D74-44D4-AB5C-C5012F09147E}" = protocol=17 | dir=in | app=c:\program files (x86)\pandasecuritytb\dtuser.exe |
"{3442C160-7941-4589-A981-9DF3FF76A0BB}" = dir=out | name=@{microsoft.bingsports_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{38670D36-00FB-4CA0-8F58-1AF06E88D545}" = dir=out | name=@{magix.musicmakerjam_2.2.1036.2_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} |
"{3B10F1EC-1372-4174-904B-FD04E878BC06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3E22DAB9-7758-44AD-A098-418E885813A3}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{41A19FF2-A5C2-47E5-9C11-327EC541A7F2}" = dir=out | name=the cw |
"{41E8B2F3-4065-41C7-9910-3CD62315B49A}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{42B7BDD2-790A-4983-8734-B9EE19B488E1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4935E413-A560-4FE7-8E72-3737628E4C66}" = protocol=6 | dir=in | app=c:\program files (x86)\pandasecuritytb\dtuser.exe |
"{4CB86386-2AD6-4D89-9867-BB32C17B3ECB}" = dir=out | name=@{microsoft.bingweather_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |
"{4E7AAAE6-31E6-4383-949E-A189746F17F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4EA8D0C5-A859-482B-A867-76F57D58C2C0}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{56CBD55F-A962-4960-A1A8-721682290000}" = dir=in | name=ted |
"{56F59365-7351-4980-9BB0-B836C38FE1FA}" = dir=out | name=@{microsoft.bingtravel_3.0.4.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{5ACB9D4B-41B5-454D-823F-D630CFBE0C85}" = dir=out | name=windows_ie_ac_001 |
"{5B7302DD-B02E-4BA8-9EA9-A4B7CAE84C4C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{5F63E779-D1A5-466C-B503-ADF1B3AFBB3A}" = dir=out | name=zinio |
"{620229C2-D92B-4B07-B99C-E04BB4198724}" = dir=out | name=@{26720randomsaladgamesllc.sudoku-pro_1.6.0.21_neutral__kx24dqmazqk8j?ms-resource://26720randomsaladgamesllc.sudoku-pro/resources/gametitle} |
"{67D22476-0907-4176-B0CF-1574DC27CE95}" = dir=out | name=onenote |
"{681E4814-9EB4-4066-84CA-EA3D6BB07DB0}" = dir=in | name=the cw |
"{6BCF663E-5E55-4C42-9592-8284E6C5A958}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{6D94885E-F479-435D-AEC5-0520454D9762}" = dir=out | name=history |
"{6DBD1FF7-34B2-4EA4-AC87-9A2EC5D66DEB}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{7173F380-741D-4FDA-97FE-B4E8E31EBECC}" = dir=out | name=microsoft mahjong |
"{765D96DD-18D7-4BC3-B1DF-9C999C95213F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{789C44B8-6B2F-4D18-8E12-6F9213BA1A77}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{7A7FAA9A-1177-469D-98CB-E7C086DF8DB5}" = dir=out | name=@{microsoft.bingnews_3.0.4.268_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{7BA8FA7A-0FFF-4F54-871A-F8E16C1FCEA7}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{7BF151EA-3D78-4085-B25E-E355EDAE4A1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D2FBC3D-C988-419C-A676-1E7AD8DA2271}" = dir=in | name=onenote |
"{818E6E63-BFA0-4028-B980-3D9C24B71E45}" = dir=in | name=microsoft mahjong |
"{854F60AE-8E50-484A-9700-6C50C4C77E37}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{85AF1F79-437B-4051-965E-69164BE46A21}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{865C3EDA-E604-44F9-A0AC-E2AA94046263}" = protocol=17 | dir=in | app=c:\program files (x86)\toolbar cleaner\toolbarcleaner.exe |
"{896409B4-2848-420F-AFFC-7592774547DE}" = dir=out | name=@{microsoft.zunevideo_2.6.439.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{8F66A23E-9EB2-46F6-A28A-C6F56091B6FD}" = dir=in | name=zinio |
"{91729ABE-ED39-4556-B639-C573E6F7E0F2}" = dir=out | name=fresh paint |
"{9424FB5F-E58D-4AE8-9868-47D64CD33639}" = dir=out | name=facebook |
"{97A93DE1-0EA6-4423-8072-401B31A77D9B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9A7E68E3-9E82-4B8C-9937-D2D123AF05F7}" = dir=out | name=kindle |
"{9AE3DB41-6E98-47B5-9A11-6D5FCBCB16FB}" = dir=out | name=skype |
"{9C25A2E3-4CA9-40C9-BA69-51B9CB5F4009}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D4A9F30-93B4-440F-AD44-0602323DD372}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A00D405F-96D1-4DB0-B750-3ACC840DF737}" = dir=out | name=twitter |
"{A9563C5C-9AA7-42B2-A5EC-A97732DACBAF}" = protocol=6 | dir=in | app=c:\program files (x86)\pandasecuritytb\toolbarcleaner.exe |
"{B2ECF8BB-5C1A-4C29-928F-0C4487C32958}" = dir=out | name=- games app - |
"{B3C6CE2D-3498-4A7E-9362-AD87037C4907}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.313_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{B994816A-E506-487C-926A-02433C4BD957}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9C43E3F-0304-4F53-AEF9-80F7674BA9DA}" = dir=out | name=ted |
"{BC365693-893F-42B5-8597-D343CDC95561}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC95131F-2D91-43E6-B894-09FF50E933CE}" = protocol=17 | dir=in | app=c:\users\serah\appdata\roaming\bittorrent\bittorrent.exe |
"{BEC6F5DD-56A3-47E4-8C10-DDB08FED5F37}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{CB07850C-42B0-4340-8914-A10BBD66FCA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB5277A5-7821-46B4-B9FA-3C7C176D0821}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CDC5741C-5C48-4D39-9068-3877232BCFAC}" = protocol=6 | dir=out | app=system |
"{CF15F35D-C15A-4307-B080-3FD257D223FA}" = dir=in | name=@{magix.musicmakerjam_2.2.1036.2_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} |
"{D61416C0-C4E5-4088-B693-C453E960CF0A}" = dir=out | name=clienttube |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D84FFA95-0503-4CCE-B95E-824E851A2E2F}" = dir=in | name=skype |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DC77B806-E921-4192-A8B4-A1C2798AE868}" = dir=out | name=netflix |
"{DD819E9A-FEAD-409F-B78B-AA22A0B7DEC4}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{E372C4EA-BE3A-47B5-AA3E-71D4D653B6B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E483B1A1-ABE8-4AEB-877D-9427B787186D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E4F8CC6D-F6F4-42B8-BC13-FB08E18141CA}" = dir=out | name=@{microsoft.bingfinance_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{E8E3A306-1A8A-4CB1-8BA1-85CCBBD95396}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{E9E1A403-9E5B-428E-8403-F7EFDAC344EA}" = dir=out | name=the curse of the werewolves |
"{EB73B098-1ACE-40CE-B31D-9665B5A011A6}" = dir=out | name=line |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2DFD8316-9EF1-3210-908C-4CB61961C1AC}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{457D6189-416A-44CD-A0A6-D6D75AD25CCF}" = Intel® Trusted Connect Service Client
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9D5E6ECB-C686-4FFC-8EA8-2DF907C6B733}" = Panda Free Antivirus
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{BF71A719-CEC2-4D0E-8EAC-8F375B677D0E}" = Update for Microsoft en-us Dictionary
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"8BA9C239ED04E09F06755E1497239BEFC08085C2" = Windows Driver Package - ASUS (ATP) Mouse (11/20/2013 1.0.0.194)
"CCleaner" = CCleaner

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}" = ASUS Screen Saver
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{2B4B4082-8043-4646-8334-B0A29E641211}" = Adobe Illustrator CC 2014
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{949F1EA1-D3E2-472E-BC7C-CB72374C0E55}" = Panda Devices Agent
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C87EF11D-36E9-479D-9898-7541EA1E8A6A}" = OpenOffice 4.1.0
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}" = Adobe Photoshop CC 2014
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"Adobe Flash Player NPAPI" = Adobe Flash Player 17 NPAPI
"Asus Vibe2.0" = AsusVibe2.0
"Audacity_is1" = Audacity 2.0.6
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C" = Intel(R) Dynamic Platform and Thermal Framework
"Freemake Video Downloader_is1" = Freemake Video Downloader
"Google Chrome" = Google Chrome
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"NewBlue Video Essentials for Windows" = NewBlue Video Essentials for Windows
"Panda Devices Agent" = Panda Devices Agent
"Panda Security URL Filtering" = Panda Security URL Filtering
"Panda Universal Agent Endpoint" = Panda Free Antivirus
"pandasecuritytb" = Panda Security Toolbar
"VLC media player" = VLC media player
"WebStorage" = WebStorage
"WinPcapInst" = WinPcap 4.1.2

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1228125814-1879135357-2724809167-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 3/29/2015 8:26:43 PM | Computer Name = Atlatica | Source = Application Hang | ID = 1002
Description = The program backgroundTaskHost.exe version 6.3.9600.17415 stopped
interacting with Windows and was closed. To see if more information about the problem
is available, check the problem history in the Action Center control panel. Process
ID: 18c0 Start Time: 01d06a7f7b72bc16 Termination Time: 4294967295 Application Path:
C:\Windows\system32\backgroundTaskHost.exe Report Id: 6ef361b1-d673-11e4-826f-40167e13df51

Faulting
package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Faulting package-relative
application ID: App

Error - 3/29/2015 9:03:34 PM | Computer Name = Atlatica | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416,
time stamp: 0x5452eed9 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000409 Fault offset: 0x00000000 Faulting process id:
0xb6c Faulting application start time: 0x01d06a853ed9198d Faulting application path:
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: unknown
Report
Id: 962f266f-d678-11e4-826f-40167e13df51 Faulting package full name: Faulting package-relative
application ID:

Error - 3/31/2015 8:26:49 PM | Computer Name = Atlatica | Source = Application Hang | ID = 1002
Description = The program backgroundTaskHost.exe version 6.3.9600.17415 stopped
interacting with Windows and was closed. To see if more information about the problem
is available, check the problem history in the Action Center control panel. Process
ID: e58 Start Time: 01d06c1289015c1d Termination Time: 4294967295 Application Path:
C:\Windows\system32\backgroundTaskHost.exe Report Id: c827bd05-d805-11e4-826f-40167e13df51

Faulting
package full name: Microsoft.Office.OneNote_16.0.3327.1030_x64__8wekyb3d8bbwe Faulting
package-relative application ID: microsoft.onenoteim

Error - 3/31/2015 8:26:49 PM | Computer Name = Atlatica | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim
failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log
for additional information.

Error - 3/31/2015 9:54:57 PM | Computer Name = Atlatica | Source = Winlogon | ID = 4005
Description = The Windows logon process has unexpectedly terminated.

Error - 4/2/2015 12:42:31 AM | Computer Name = Atlatica | Source = Application Hang | ID = 1002
Description = The program backgroundTaskHost.exe version 6.3.9600.17415 stopped
interacting with Windows and was closed. To see if more information about the problem
is available, check the problem history in the Action Center control panel. Process
ID: bb0 Start Time: 01d06cfeb6ca3bbf Termination Time: 4294967295 Application Path:
C:\Windows\system32\backgroundTaskHost.exe Report Id: aa4c0d78-d8f2-11e4-8270-40167e13df51

Faulting
package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Faulting package-relative
application ID: App

Error - 4/2/2015 5:57:06 PM | Computer Name = Atlatica | Source = Application Hang | ID = 1002
Description = The program LiveComm.exe version 17.5.9600.20689 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: adc Start
Time: 01d06d8ff1a2bf7a Termination Time: 4294967295 Application Path: C:\Program
Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report
Id: 325d5da9-d983-11e4-8270-40167e13df51 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting
package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error - 4/6/2015 10:07:51 PM | Computer Name = Atlatica | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_SysMain, version: 6.3.9600.17415,
time stamp: 0x54504177 Faulting module name: sysmain.dll, version: 6.3.9600.17415,
time stamp: 0x545041b7 Exception code: 0xc0000420 Fault offset: 0x00000000000bf882
Faulting
process id: 0x8cc Faulting application start time: 0x01d06c1f819f681a Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll
Report
Id: e49f72db-dcca-11e4-8270-40167e13df51 Faulting package full name: Faulting package-relative
application ID:

Error - 4/9/2015 3:21:13 AM | Computer Name = Atlatica | Source = Application Hang | ID = 1002
Description = The program backgroundTaskHost.exe version 6.3.9600.17415 stopped
interacting with Windows and was closed. To see if more information about the problem
is available, check the problem history in the Action Center control panel. Process
ID: 1c88 Start Time: 01d07295ba624b0d Termination Time: 4294967295 Application Path:
C:\Windows\system32\backgroundTaskHost.exe Report Id: ff8c2996-de88-11e4-8270-40167e13df51

Faulting
package full name: Microsoft.Office.OneNote_16.0.3327.1030_x64__8wekyb3d8bbwe Faulting
package-relative application ID: microsoft.onenoteim

Error - 4/9/2015 3:21:13 AM | Computer Name = Atlatica | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim
failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log
for additional information.

[ System Events ]
Error - 3/9/2015 3:32:29 PM | Computer Name = Atlatica | Source = DCOM | ID = 10010
Description =

Error - 3/15/2015 8:59:05 PM | Computer Name = Atlatica | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo64 Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/16/2015 5:11:10 PM | Computer Name = Atlatica | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 3/21/2015 10:19:32 PM | Computer Name = Atlatica | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the BITS service.

Error - 3/25/2015 5:04:36 PM | Computer Name = Atlatica | Source = Service Control Manager | ID = 7031
Description = The Superfetch service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/29/2015 6:52:36 PM | Computer Name = Atlatica | Source = DCOM | ID = 10010
Description =

Error - 3/29/2015 6:52:36 PM | Computer Name = Atlatica | Source = DCOM | ID = 10010
Description =

Error - 3/31/2015 9:59:14 PM | Computer Name = Atlatica | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:39:55 PM on ?3/?31/?2015 was unexpected.

Error - 3/31/2015 9:59:47 PM | Computer Name = Atlatica | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 4/6/2015 10:07:55 PM | Computer Name = Atlatica | Source = Service Control Manager | ID = 7031
Description = The Superfetch service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.


< End of report >


Report •

#2
April 19, 2015 at 17:32:43
Attempting to post the OTL Log, having some trouble with the forum. It keeps locking up. If anyone is already looking at this, I will have the OTL posted shortly.

Report •

#3
April 19, 2015 at 17:33:58
Here is the OTL log - which I've divided into four posts, as it's apparently too large for one.

OTL logfile created on: 4/19/2015 4:38:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Serah\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17728)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 6.03 Gb Available Physical Memory | 76.48% Memory free
15.89 Gb Paging File | 13.81 Gb Available in Paging File | 86.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 910.40 Gb Total Space | 817.14 Gb Free Space | 89.76% Space Free | Partition Type: NTFS

Computer Name: ATLATICA | User Name: Serah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/04/19 16:36:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Serah\Downloads\OTL.exe
PRC - [2015/04/15 11:15:14 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2015/04/13 14:55:42 | 000,812,872 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/10/16 06:21:23 | 000,038,136 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
PRC - [2014/10/16 06:21:22 | 000,037,624 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
PRC - [2014/10/13 13:03:10 | 000,142,072 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
PRC - [2014/10/09 16:40:48 | 000,066,808 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
PRC - [2014/01/24 03:05:00 | 000,323,584 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2014/01/16 10:35:24 | 019,647,568 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2013/12/12 14:07:08 | 000,019,256 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2013/11/08 17:08:52 | 000,227,936 | ---- | M] (WildTangent) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
PRC - [2013/10/23 13:45:30 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/10/23 13:44:48 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2013/10/23 13:44:48 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2013/10/07 16:22:26 | 000,055,880 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2013/10/07 14:36:58 | 000,181,360 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
PRC - [2013/09/23 15:59:24 | 000,303,928 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2013/09/09 11:36:34 | 000,406,328 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2013/09/09 10:04:42 | 000,111,416 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2013/05/30 14:17:48 | 000,205,624 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2013/03/08 15:18:34 | 000,095,192 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/05/28 10:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012/01/17 16:09:42 | 000,563,104 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2012/01/17 16:09:40 | 001,884,576 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2012/01/17 16:09:38 | 007,029,664 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/11/21 14:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/04/13 14:55:41 | 014,980,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll
MOD - [2015/04/13 14:55:40 | 001,252,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
MOD - [2015/04/13 14:55:39 | 000,080,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
MOD - [2013/10/08 20:41:42 | 000,037,968 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
MOD - [2013/09/09 18:23:06 | 000,162,816 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
MOD - [2012/01/17 16:09:50 | 000,022,944 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2012/01/17 15:27:56 | 000,669,696 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/08/22 21:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 21:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 21:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 21:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 20:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2015/02/20 16:49:18 | 000,780,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2015/02/03 16:58:28 | 000,366,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:[b]64bit:[/b] - [2015/02/03 16:58:28 | 000,023,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2014/12/05 18:35:00 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2014/10/30 21:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014/10/28 20:59:51 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2014/10/28 20:50:11 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2014/10/28 19:42:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:[b]64bit:[/b] - [2014/10/28 19:42:03 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2014/10/28 19:34:51 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2014/10/28 19:33:55 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2014/10/28 19:29:22 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2014/10/28 18:57:05 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:[b]64bit:[/b] - [2014/10/28 18:48:20 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2014/10/28 18:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2014/10/28 18:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2014/10/28 18:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2014/10/28 18:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2014/10/28 18:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2014/10/28 18:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2014/10/28 18:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:[b]64bit:[/b] - [2014/10/28 18:27:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:[b]64bit:[/b] - [2014/10/28 18:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2014/10/28 18:26:02 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2014/10/28 18:24:37 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:[b]64bit:[/b] - [2014/10/28 18:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2014/10/28 18:20:03 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2014/10/28 18:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/10/28 18:16:17 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:[b]64bit:[/b] - [2014/10/28 18:13:24 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2014/10/28 18:13:02 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2014/10/28 18:12:36 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2014/10/28 18:12:22 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2014/10/28 18:11:10 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2014/10/28 18:09:48 | 000,521,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:[b]64bit:[/b] - [2014/10/28 18:05:09 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2014/10/28 17:57:18 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2014/10/28 17:48:52 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:[b]64bit:[/b] - [2014/10/28 17:46:48 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:[b]64bit:[/b] - [2014/10/28 17:35:51 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:[b]64bit:[/b] - [2013/10/17 19:24:42 | 000,148,160 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyCriticalService.exe -- (DptfPolicyCriticalService)
SRV:[b]64bit:[/b] - [2013/10/17 19:24:42 | 000,126,952 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyLpmService.exe -- (DptfPolicyLpmService)
SRV:[b]64bit:[/b] - [2013/10/17 19:24:42 | 000,117,704 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService)
SRV:[b]64bit:[/b] - [2013/10/17 19:24:42 | 000,116,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService)
SRV:[b]64bit:[/b] - [2013/09/02 13:31:00 | 000,827,392 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV - [2015/04/18 21:54:57 | 000,145,888 | ---- | M] (Safer Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Safer Technologies\Update\SaferUpdate.exe -- (saferm)
SRV - [2015/04/18 21:54:57 | 000,145,888 | ---- | M] (Safer Technologies, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Safer Technologies\Update\SaferUpdate.exe -- (safer)
SRV - [2015/04/15 16:40:21 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/04/15 11:15:14 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2014/10/28 20:50:11 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/10/28 18:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/10/28 18:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/10/28 17:53:11 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/10/16 06:21:23 | 000,038,136 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe -- (PSUAService)
SRV - [2014/10/13 13:03:10 | 000,142,072 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe -- (NanoServiceMain)
SRV - [2014/10/09 16:40:48 | 000,066,808 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe -- (PandaAgent)
SRV - [2014/09/19 05:45:18 | 000,296,760 | ---- | M] (Panda Security) [Auto | Running] -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- (panda_url_filtering)
SRV - [2014/02/09 23:03:14 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/01/24 03:27:22 | 000,319,104 | ---- | M] (Windows (R) Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2014/01/24 03:05:00 | 000,323,584 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2013/11/08 17:08:52 | 000,227,936 | ---- | M] (WildTangent) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/10/23 13:45:30 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/10/23 13:44:48 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/10/23 13:44:48 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2013/09/09 10:04:42 | 000,111,416 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2013/08/16 01:04:18 | 000,071,680 | ---- | M] (ASUS Cloud Corporation) [Auto | Running] -- C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe -- (Asus WebStorage Windows Service)
SRV - [2012/01/17 16:09:42 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011/11/21 14:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

message edited by FalconCry


Report •

Related Solutions

#4
April 19, 2015 at 17:37:23
[color=#E56717]========== Driver Services (All) ==========[/color]

DRV:[b]64bit:[/b] - [2015/03/04 03:25:11 | 000,377,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2015/02/24 01:32:52 | 000,991,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\http.sys -- (HTTP)
DRV:[b]64bit:[/b] - [2015/02/05 13:24:44 | 001,113,920 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ndis.sys -- (NDIS)
DRV:[b]64bit:[/b] - [2015/02/03 16:58:33 | 000,264,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2015/02/03 16:58:33 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:[b]64bit:[/b] - [2015/02/03 16:58:04 | 000,044,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2015/01/29 20:01:51 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbth.sys -- (HidBth)
DRV:[b]64bit:[/b] - [2015/01/15 15:43:08 | 000,177,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:[b]64bit:[/b] - [2015/01/15 15:43:01 | 000,563,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:[b]64bit:[/b] - [2014/12/18 23:26:49 | 000,140,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mrxdav.sys -- (MRxDAV)
DRV:[b]64bit:[/b] - [2014/12/11 17:51:20 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:[b]64bit:[/b] - [2014/10/28 21:09:06 | 000,033,600 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:[b]64bit:[/b] - [2014/10/28 20:59:47 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2014/10/28 20:59:47 | 000,014,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swenum.sys -- (swenum)
DRV:[b]64bit:[/b] - [2014/10/28 20:59:12 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2014/10/28 20:58:59 | 000,014,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drmkaud.sys -- (drmkaud)
DRV:[b]64bit:[/b] - [2014/10/28 20:57:42 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2014/10/28 20:57:39 | 001,552,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV:[b]64bit:[/b] - [2014/10/28 20:56:50 | 000,097,048 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:[b]64bit:[/b] - [2014/10/28 20:56:50 | 000,049,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:[b]64bit:[/b] - [2014/10/28 20:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2014/10/28 20:52:15 | 002,485,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tcpip.sys -- (TCPIP6)
DRV:[b]64bit:[/b] - [2014/10/28 20:52:15 | 002,485,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tcpip.sys -- (Tcpip)
DRV:[b]64bit:[/b] - [2014/10/28 20:52:15 | 000,100,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecdd.sys -- (KSecDD)
DRV:[b]64bit:[/b] - [2014/10/28 19:48:01 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rasacd.sys -- (RasAcd)
DRV:[b]64bit:[/b] - [2014/10/28 19:47:58 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbscan.sys -- (usbscan)
DRV:[b]64bit:[/b] - [2014/10/28 19:47:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:[b]64bit:[/b] - [2014/10/28 19:47:40 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV:[b]64bit:[/b] - [2014/10/28 19:47:33 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndistapi.sys -- (NdisTapi)
DRV:[b]64bit:[/b] - [2014/10/28 19:47:23 | 000,048,128 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\netbios.sys -- (NetBIOS)
DRV:[b]64bit:[/b] - [2014/10/28 19:47:05 | 000,098,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbcir.sys -- (usbcir)
DRV:[b]64bit:[/b] - [2014/10/28 19:46:57 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:[b]64bit:[/b] - [2014/10/28 19:46:54 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndproxy.sys -- (NDProxy)
DRV:[b]64bit:[/b] - [2014/10/28 19:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:[b]64bit:[/b] - [2014/10/28 19:46:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2014/10/28 19:46:41 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2014/10/28 19:46:27 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:[b]64bit:[/b] - [2014/10/28 19:46:13 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WUDFRd.sys -- (WUDFWpdMtp)
DRV:[b]64bit:[/b] - [2014/10/28 19:46:13 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WUDFRd.sys -- (WUDFWpdFs)
DRV:[b]64bit:[/b] - [2014/10/28 19:46:13 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WUDFRd.sys -- (WUDFRd)
DRV:[b]64bit:[/b] - [2014/10/28 19:46:09 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:[b]64bit:[/b] - [2014/10/28 19:46:07 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:[b]64bit:[/b] - [2014/10/28 19:46:03 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nsiproxy.sys -- (nsiproxy)
DRV:[b]64bit:[/b] - [2014/10/28 19:45:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2014/10/28 19:45:41 | 000,445,440 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\nwifi.sys -- (NativeWifiP)
DRV:[b]64bit:[/b] - [2014/10/28 19:45:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2014/10/28 19:45:31 | 000,151,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pacer.sys -- (Psched)
DRV:[b]64bit:[/b] - [2014/10/28 19:45:31 | 000,074,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mpsdrv.sys -- (mpsdrv)
DRV:[b]64bit:[/b] - [2014/10/28 19:45:24 | 000,115,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bridge.sys -- (MsBridge)
DRV:[b]64bit:[/b] - [2014/10/28 19:45:16 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2014/10/15 01:32:37 | 002,025,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\ntfs.sys -- (Ntfs)
DRV:[b]64bit:[/b] - [2014/10/15 01:32:36 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:[b]64bit:[/b] - [2014/10/15 01:32:36 | 000,551,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:[b]64bit:[/b] - [2014/10/15 01:32:36 | 000,088,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\partmgr.sys -- (partmgr)
DRV:[b]64bit:[/b] - [2014/10/15 01:32:36 | 000,061,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:[b]64bit:[/b] - [2014/10/13 13:04:37 | 000,107,792 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINReg.sys -- (PSINReg)
DRV:[b]64bit:[/b] - [2014/10/13 13:04:36 | 000,163,088 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
DRV:[b]64bit:[/b] - [2014/10/13 13:04:36 | 000,121,616 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
DRV:[b]64bit:[/b] - [2014/10/12 19:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2014/10/12 19:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2014/10/12 19:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:[b]64bit:[/b] - [2014/10/08 02:24:09 | 000,467,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2014/10/08 00:33:33 | 000,678,400 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srv2.sys -- (srv2)
DRV:[b]64bit:[/b] - [2014/10/08 00:32:10 | 000,405,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb.sys -- (mrxsmb)
DRV:[b]64bit:[/b] - [2014/10/06 23:54:45 | 000,324,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2014/10/06 23:54:45 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2014/10/06 23:54:39 | 000,059,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbdclass.sys -- (kbdclass)
DRV:[b]64bit:[/b] - [2014/10/06 23:54:39 | 000,051,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouclass.sys -- (mouclass)
DRV:[b]64bit:[/b] - [2014/10/06 23:44:55 | 000,102,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mountmgr.sys -- (mountmgr)
DRV:[b]64bit:[/b] - [2014/10/06 23:44:53 | 000,533,824 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpi.sys -- (ACPI)
DRV:[b]64bit:[/b] - [2014/10/06 23:44:39 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2014/10/06 20:30:14 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sermouse.sys -- (sermouse)
DRV:[b]64bit:[/b] - [2014/10/06 20:29:50 | 000,107,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\i8042prt.sys -- (i8042prt)
DRV:[b]64bit:[/b] - [2014/10/06 20:29:43 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbdhid.sys -- (kbdhid)
DRV:[b]64bit:[/b] - [2014/10/06 20:29:43 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mouhid.sys -- (mouhid)
DRV:[b]64bit:[/b] - [2014/09/26 21:59:28 | 000,202,752 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV:[b]64bit:[/b] - [2014/08/30 17:17:06 | 000,148,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBSTOR.SYS -- (USBSTOR)
DRV:[b]64bit:[/b] - [2014/08/25 20:30:21 | 000,354,112 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fltMgr.sys -- (FltMgr)
DRV:[b]64bit:[/b] - [2014/08/14 17:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2014/07/24 11:24:04 | 000,132,128 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
DRV:[b]64bit:[/b] - [2014/07/24 11:24:03 | 000,195,616 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
DRV:[b]64bit:[/b] - [2014/07/24 11:24:03 | 000,122,400 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
DRV:[b]64bit:[/b] - [2014/07/24 08:28:38 | 000,419,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbhub.sys -- (usbhub)
DRV:[b]64bit:[/b] - [2014/07/24 08:28:38 | 000,143,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbccgp.sys -- (usbccgp)
DRV:[b]64bit:[/b] - [2014/07/24 08:28:35 | 000,280,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pci.sys -- (pci)
DRV:[b]64bit:[/b] - [2014/07/24 04:46:02 | 000,079,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV:[b]64bit:[/b] - [2014/07/24 04:45:39 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hdaudbus.sys -- (HDAudBus)
DRV:[b]64bit:[/b] - [2014/07/24 04:43:29 | 000,412,160 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\srv.sys -- (srv)
DRV:[b]64bit:[/b] - [2014/06/26 23:22:23 | 000,246,272 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srvnet.sys -- (srvnet)
DRV:[b]64bit:[/b] - [2014/06/21 00:33:40 | 000,212,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo)
DRV:[b]64bit:[/b] - [2014/06/18 19:13:36 | 000,310,080 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volsnap.sys -- (volsnap)
DRV:[b]64bit:[/b] - [2014/06/18 03:18:25 | 000,162,336 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSHttp.sys -- (NNSHTTP)
DRV:[b]64bit:[/b] - [2014/06/04 08:59:32 | 000,261,152 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSStrm.sys -- (NNSSTRM)
DRV:[b]64bit:[/b] - [2014/06/04 08:59:32 | 000,109,088 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNStlsc.sys -- (NNSTLSC)
DRV:[b]64bit:[/b] - [2014/06/04 08:59:31 | 000,306,720 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSProt.sys -- (NNSPROT)
DRV:[b]64bit:[/b] - [2014/06/04 08:59:31 | 000,169,504 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPrv.sys -- (NNSPRV)
DRV:[b]64bit:[/b] - [2014/06/04 08:59:31 | 000,115,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV:[b]64bit:[/b] - [2014/06/04 08:59:30 | 000,125,984 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPop3.sys -- (NNSPOP3)
DRV:[b]64bit:[/b] - [2014/06/04 08:59:30 | 000,070,176 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV:[b]64bit:[/b] - [2014/06/04 08:59:29 | 000,115,232 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSIds.sys -- (NNSIDS)
DRV:[b]64bit:[/b] - [2014/06/04 08:59:29 | 000,095,776 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSpicc.sys -- (NNSPICC)
DRV:[b]64bit:[/b] - [2014/06/04 08:59:28 | 000,112,160 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSHttps.sys -- (NNSHTTPS)
DRV:[b]64bit:[/b] - [2014/06/04 08:59:27 | 000,096,800 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSAlpc.sys -- (NNSALPC)
DRV:[b]64bit:[/b] - [2014/05/31 03:07:08 | 000,089,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbehci.sys -- (usbehci)
DRV:[b]64bit:[/b] - [2014/05/30 23:30:09 | 000,037,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbuhci.sys -- (usbuhci)
DRV:[b]64bit:[/b] - [2014/05/29 20:03:03 | 000,563,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afd.sys -- (AFD)
DRV:[b]64bit:[/b] - [2014/04/29 23:43:46 | 000,071,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:[b]64bit:[/b] - [2014/04/29 23:41:59 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifimp.sys -- (vwifimp)
DRV:[b]64bit:[/b] - [2014/04/07 19:01:25 | 000,589,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:[b]64bit:[/b] - [2014/04/06 09:34:08 | 000,275,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msiscsi.sys -- (iScsiPrt)
DRV:[b]64bit:[/b] - [2014/03/25 06:15:06 | 000,060,400 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:[b]64bit:[/b] - [2014/03/13 05:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:[b]64bit:[/b] - [2014/03/11 08:48:35 | 000,040,480 | ---- | M] (Panda Security, S.L.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\PsBoot.sys -- (PsBoot)
DRV:[b]64bit:[/b] - [2014/03/06 02:24:15 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidusb.sys -- (HidUsb)
DRV:[b]64bit:[/b] - [2014/03/06 02:22:50 | 000,134,144 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\dfsc.sys -- (Dfsc)
DRV:[b]64bit:[/b] - [2014/03/06 02:19:59 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tcpipreg.sys -- (tcpipreg)
DRV:[b]64bit:[/b] - [2014/03/06 02:19:36 | 000,283,648 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV:[b]64bit:[/b] - [2014/02/22 09:00:25 | 000,249,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:[b]64bit:[/b] - [2014/02/22 09:00:23 | 000,079,192 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fileinfo.sys -- (FileInfo)

Report •

#5
April 19, 2015 at 17:37:56
DRV:[b]64bit:[/b] - [2014/02/22 08:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2014/02/22 05:14:25 | 000,124,416 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\luafv.sys -- (luafv)
DRV:[b]64bit:[/b] - [2014/02/22 05:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2014/02/22 05:09:37 | 000,663,040 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PEAuth.sys -- (PEAUTH)
DRV:[b]64bit:[/b] - [2014/02/09 23:02:52 | 004,221,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2014/02/04 19:08:56 | 000,450,520 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2014/01/24 03:06:14 | 000,035,016 | ---- | M] (Qualcomm Atheros) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:[b]64bit:[/b] - [2014/01/16 10:42:18 | 000,047,360 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSNAHSL.sys -- (NNSNAHSL)
DRV:[b]64bit:[/b] - [2014/01/03 17:26:08 | 000,014,136 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Program Files\ASUS\P4G\PLCTRL.sys -- (plctrl)
DRV:[b]64bit:[/b] - [2013/12/26 16:30:20 | 000,038,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:[b]64bit:[/b] - [2013/12/26 16:30:20 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:[b]64bit:[/b] - [2013/12/17 00:21:26 | 000,408,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\rdbss.sys -- (rdbss)
DRV:[b]64bit:[/b] - [2013/12/13 15:32:18 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:[b]64bit:[/b] - [2013/12/13 15:22:35 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2013/12/12 14:07:14 | 000,070,928 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusTP.sys -- (ATP)
DRV:[b]64bit:[/b] - [2013/12/12 01:10:38 | 003,881,472 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr)
DRV:[b]64bit:[/b] - [2013/11/27 05:02:29 | 000,142,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipnat.sys -- (IPNAT)
DRV:[b]64bit:[/b] - [2013/11/19 07:37:50 | 003,722,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTKVHD64.sys -- (IntcAzAudAddService)
DRV:[b]64bit:[/b] - [2013/10/25 18:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:[b]64bit:[/b] - [2013/10/23 13:44:48 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2013/10/17 19:24:40 | 000,494,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfManager.sys -- (DptfManager)
DRV:[b]64bit:[/b] - [2013/10/17 19:24:40 | 000,289,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevProc.sys -- (DptfDevProc)
DRV:[b]64bit:[/b] - [2013/10/17 19:24:40 | 000,116,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevPch.sys -- (DptfDevPch)
DRV:[b]64bit:[/b] - [2013/10/17 19:24:38 | 000,145,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevDram.sys -- (DptfDevDram)
DRV:[b]64bit:[/b] - [2013/10/07 18:47:18 | 000,020,280 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV:[b]64bit:[/b] - [2013/08/22 12:11:06 | 000,195,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpdr.sys -- (RDPDR)
DRV:[b]64bit:[/b] - [2013/08/22 12:11:03 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2013/08/22 08:35:09 | 000,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\secdrv.sys -- (secdrv)
DRV:[b]64bit:[/b] - [2013/08/22 06:25:41 | 000,839,488 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Wdf01000.sys -- (Wdf01000)
DRV:[b]64bit:[/b] - [2013/08/22 06:25:41 | 000,058,880 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\npfs.sys -- (Npfs)
DRV:[b]64bit:[/b] - [2013/08/22 06:25:41 | 000,030,208 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\msfs.sys -- (Msfs)
DRV:[b]64bit:[/b] - [2013/08/22 06:25:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\null.sys -- (Null)
DRV:[b]64bit:[/b] - [2013/08/22 06:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2013/08/22 06:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2013/08/22 06:25:35 | 000,366,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msrpc.sys -- (MsRPC)
DRV:[b]64bit:[/b] - [2013/08/22 06:25:35 | 000,107,520 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tdx.sys -- (tdx)
DRV:[b]64bit:[/b] - [2013/08/22 05:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2013/08/22 05:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2013/08/22 05:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2013/08/22 05:49:30 | 000,217,952 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\fastfat.sys -- (fastfat)
DRV:[b]64bit:[/b] - [2013/08/22 05:49:30 | 000,114,528 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\pcmcia.sys -- (pcmcia)
DRV:[b]64bit:[/b] - [2013/08/22 05:49:29 | 000,078,688 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\mup.sys -- (Mup)
DRV:[b]64bit:[/b] - [2013/08/22 05:49:29 | 000,037,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mssmbios.sys -- (mssmbios)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:49 | 000,017,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\msisadrv.sys -- (msisadrv)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:45 | 000,575,840 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\megasr.sys -- (megasr)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:45 | 000,412,000 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorV.sys -- (iaStorV)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:45 | 000,065,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\GAGP30KX.SYS -- (gagp30kx)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:45 | 000,056,672 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\megasas.sys -- (megasas)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:45 | 000,021,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\isapnp.sys -- (isapnp)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:44 | 000,109,408 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas.sys -- (LSI_SAS)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:44 | 000,018,272 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\intelide.sys -- (intelide)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:41 | 000,114,016 | ---- | M] (PMC-Sierra, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\arcsas.sys -- (arcsas)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:41 | 000,026,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\atapi.sys -- (atapi)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:40 | 000,062,304 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\AGP440.sys -- (agp440)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:34 | 000,168,800 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\vsmraid.sys -- (vsmraid)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:34 | 000,019,808 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\viaide.sys -- (viaide)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:33 | 000,065,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\ULIAGPKX.SYS -- (uliagpkx)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:33 | 000,064,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\UAGP35.SYS -- (uagp35)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:32 | 000,168,288 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\nvstor.sys -- (nvstor)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:32 | 000,124,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\NV_AGP.SYS -- (nv_agp)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:32 | 000,081,760 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sisraid4.sys -- (SiSRaid4)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:31 | 000,150,368 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\nvraid.sys -- (nvraid)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:31 | 000,044,896 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sisraid2.sys -- (SiSRaid2)
DRV:[b]64bit:[/b] - [2013/08/22 05:43:31 | 000,014,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\pciide.sys -- (pciide)
DRV:[b]64bit:[/b] - [2013/08/22 05:39:47 | 000,024,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:[b]64bit:[/b] - [2013/08/22 05:39:44 | 000,100,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\disk.sys -- (disk)
DRV:[b]64bit:[/b] - [2013/08/22 05:39:15 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgrx.sys -- (volmgrx)
DRV:[b]64bit:[/b] - [2013/08/22 05:39:15 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sbp2port.sys -- (sbp2port)
DRV:[b]64bit:[/b] - [2013/08/22 05:39:15 | 000,073,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgr.sys -- (volmgr)
DRV:[b]64bit:[/b] - [2013/08/22 05:39:15 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:[b]64bit:[/b] - [2013/08/22 05:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:[b]64bit:[/b] - [2013/08/22 05:37:27 | 000,037,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:[b]64bit:[/b] - [2013/08/22 05:36:48 | 000,045,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:[b]64bit:[/b] - [2013/08/22 05:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2013/08/22 04:40:24 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:[b]64bit:[/b] - [2013/08/22 04:40:20 | 000,316,928 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:[b]64bit:[/b] - [2013/08/22 04:40:18 | 000,200,704 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\exfat.sys -- (exfat)
DRV:[b]64bit:[/b] - [2013/08/22 04:40:18 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fdc.sys -- (fdc)
DRV:[b]64bit:[/b] - [2013/08/22 04:40:18 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\flpydisk.sys -- (flpydisk)
DRV:[b]64bit:[/b] - [2013/08/22 04:40:17 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serenum.sys -- (Serenum)
DRV:[b]64bit:[/b] - [2013/08/22 04:40:15 | 000,088,576 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:[b]64bit:[/b] - [2013/08/22 04:40:15 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\modem.sys -- (Modem)
DRV:[b]64bit:[/b] - [2013/08/22 04:40:08 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serial.sys -- (Serial)
DRV:[b]64bit:[/b] - [2013/08/22 04:40:04 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wmiacpi.sys -- (WmiAcpi)
DRV:[b]64bit:[/b] - [2013/08/22 04:40:03 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:[b]64bit:[/b] - [2013/08/22 04:40:02 | 000,094,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\parport.sys -- (Parport)
DRV:[b]64bit:[/b] - [2013/08/22 04:40:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sfloppy.sys -- (sfloppy)
DRV:[b]64bit:[/b] - [2013/08/22 04:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:[b]64bit:[/b] - [2013/08/22 04:39:43 | 000,025,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:[b]64bit:[/b] - [2013/08/22 04:39:41 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\filetrace.sys -- (Filetrace)
DRV:[b]64bit:[/b] - [2013/08/22 04:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2013/08/22 04:39:31 | 000,021,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ksthunk.sys -- (ksthunk)
DRV:[b]64bit:[/b] - [2013/08/22 04:39:31 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mskssrv.sys -- (MSKSSRV)
DRV:[b]64bit:[/b] - [2013/08/22 04:39:31 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspqm.sys -- (MSPQM)
DRV:[b]64bit:[/b] - [2013/08/22 04:39:30 | 000,007,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspclock.sys -- (MSPCLOCK)
DRV:[b]64bit:[/b] - [2013/08/22 04:39:27 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbohci.sys -- (usbohci)
DRV:[b]64bit:[/b] - [2013/08/22 04:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2013/08/22 04:39:16 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidir.sys -- (HidIr)
DRV:[b]64bit:[/b] - [2013/08/22 04:39:15 | 000,026,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacompen.sys -- (WacomPen)
DRV:[b]64bit:[/b] - [2013/08/22 04:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2013/08/22 04:39:06 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:[b]64bit:[/b] - [2013/08/22 04:39:01 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:[b]64bit:[/b] - [2013/08/22 04:39:00 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:[b]64bit:[/b] - [2013/08/22 04:38:59 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\umbus.sys -- (umbus)
DRV:[b]64bit:[/b] - [2013/08/22 04:38:58 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:[b]64bit:[/b] - [2013/08/22 04:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2013/08/22 04:38:53 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:[b]64bit:[/b] - [2013/08/22 04:38:52 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:[b]64bit:[/b] - [2013/08/22 04:38:48 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:[b]64bit:[/b] - [2013/08/22 04:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2013/08/22 04:38:45 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\errdev.sys -- (ErrDev)
DRV:[b]64bit:[/b] - [2013/08/22 04:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2013/08/22 04:38:38 | 000,102,912 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bowser.sys -- (bowser)
DRV:[b]64bit:[/b] - [2013/08/22 04:38:38 | 000,007,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstee.sys -- (MSTEE)
DRV:[b]64bit:[/b] - [2013/08/22 04:38:37 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:[b]64bit:[/b] - [2013/08/22 04:38:30 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irenum.sys -- (IRENUM)
DRV:[b]64bit:[/b] - [2013/08/22 04:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2013/08/22 04:38:25 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\circlass.sys -- (circlass)
DRV:[b]64bit:[/b] - [2013/08/22 04:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2013/08/22 04:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2013/08/22 04:38:21 | 000,395,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:[b]64bit:[/b] - [2013/08/22 04:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2013/08/22 04:38:15 | 000,231,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:[b]64bit:[/b] - [2013/08/22 04:37:55 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:[b]64bit:[/b] - [2013/08/22 04:37:50 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:[b]64bit:[/b] - [2013/08/22 04:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2013/08/22 04:37:36 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:[b]64bit:[/b] - [2013/08/22 04:37:34 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndisuio.sys -- (Ndisuio)
DRV:[b]64bit:[/b] - [2013/08/22 04:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013/08/22 04:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2013/08/22 04:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2013/08/22 04:37:02 | 000,282,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netbt.sys -- (NetBT)
DRV:[b]64bit:[/b] - [2013/08/22 04:36:44 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthmodem.sys -- (BTHMODEM)
DRV:[b]64bit:[/b] - [2013/08/22 04:36:37 | 000,084,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\raspppoe.sys -- (RasPppoe)
DRV:[b]64bit:[/b] - [2013/08/22 04:36:37 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\monitor.sys -- (monitor)
DRV:[b]64bit:[/b] - [2013/08/22 04:36:34 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rspndr.sys -- (rspndr)
DRV:[b]64bit:[/b] - [2013/08/22 04:36:33 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbprint.sys -- (usbprint)
DRV:[b]64bit:[/b] - [2013/08/22 04:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:[b]64bit:[/b] - [2013/08/22 04:36:18 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lltdio.sys -- (lltdio)
DRV:[b]64bit:[/b] - [2013/08/22 04:35:56 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiswan.sys -- (NdisWanLegacy)
DRV:[b]64bit:[/b] - [2013/08/22 04:35:56 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiswan.sys -- (NdisWan)
DRV:[b]64bit:[/b] - [2013/08/22 04:35:51 | 000,084,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV:[b]64bit:[/b] - [2013/08/22 04:35:45 | 000,154,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tunnel.sys -- (tunnel)
DRV:[b]64bit:[/b] - [2013/08/22 01:46:35 | 000,164,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrom.sys -- (cdrom)
DRV:[b]64bit:[/b] - [2013/08/22 01:46:35 | 000,098,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelppm.sys -- (intelppm)
DRV:[b]64bit:[/b] - [2013/08/22 01:46:35 | 000,098,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:[b]64bit:[/b] - [2013/08/22 01:46:34 | 000,095,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdk8.sys -- (AmdK8)
DRV:[b]64bit:[/b] - [2013/08/22 01:46:34 | 000,092,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\processr.sys -- (Processor)
DRV:[b]64bit:[/b] - [2013/08/22 01:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2013/08/14 23:28:42 | 000,830,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:[b]64bit:[/b] - [2013/08/12 16:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:[b]64bit:[/b] - [2013/08/09 17:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:[b]64bit:[/b] - [2013/08/08 19:31:50 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:[/b] - [2013/07/30 11:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:[b]64bit:[/b] - [2013/07/25 12:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:[b]64bit:[/b] - [2013/07/23 23:53:12 | 000,423,128 | ---- | M] (Realsil Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPer.sys -- (RTSPER)
DRV:[b]64bit:[/b] - [2013/06/18 08:05:45 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:[b]64bit:[/b] - [2013/06/18 07:45:58 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:[b]64bit:[/b] - [2013/06/18 07:45:26 | 000,460,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1i63x64.sys -- (e1iexpress)
DRV:[b]64bit:[/b] - [2013/04/17 15:53:10 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:[b]64bit:[/b] - [2012/08/05 20:17:18 | 000,017,280 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:[b]64bit:[/b] - [2011/02/11 14:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV - [2013/07/02 16:45:52 | 000,019,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


Report •

#6
April 19, 2015 at 17:38:24
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searc...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searc...


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1228125814-1879135357-2724809167-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
IE - HKU\S-1-5-21-1228125814-1879135357-2724809167-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/?pc=ASJB
IE - HKU\S-1-5-21-1228125814-1879135357-2724809167-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1228125814-1879135357-2724809167-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searc...
IE - HKU\S-1-5-21-1228125814-1879135357-2724809167-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@update.safer.com/Safer Update;version=3: C:\Program Files (x86)\Safer Technologies\Update\1.3.23.33\npSaferUpdate3.dll (Safer Technologies, Inc.)
FF - HKLM\Software\MozillaPlugins\@update.safer.com/Safer Update;version=9: C:\Program Files (x86)\Safer Technologies\Update\1.3.23.33\npSaferUpdate3.dll (Safer Technologies, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)



[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Serah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Serah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\Serah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Serah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\Serah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme\4.6_0\
CHR - Extension: No name found = C:\Users\Serah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\
CHR - Extension: No name found = C:\Users\Serah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\
CHR - Extension: No name found = C:\Users\Serah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2013/08/22 06:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll ()
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll ()
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysNative\DptfPolicyLpmServiceHelper.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.1.7.374\ASUSWSLoader.exe ()
O4 - HKU\S-1-5-21-1228125814-1879135357-2724809167-1001..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1228125814-1879135357-2724809167-1001..\Run: [GoogleChromeAutoLaunch_A3261AA418EB47E14C2699507639D60C] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [panda] reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda_XP] reg.exe delete "HKCU\Software\panda" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda] reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda_XP] reg.exe delete "HKCU\Software\panda" /f File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 600
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D10210EC-0AAB-4099-BB7D-AD3C141D8EAC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECE0AD40-227D-476C-BAC0-BE4BC5F57E22}: DhcpNameServer = 192.168.56.1
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2015/04/19 16:12:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/04/19 07:10:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2015/04/18 21:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Technologies
[2015/04/18 21:54:58 | 000,000,000 | ---D | C] -- C:\Users\Serah\AppData\Local\Safer Technologies
[2015/04/18 21:54:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Technologies
[2015/04/18 21:54:20 | 000,040,480 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PsBoot.sys
[2015/04/18 19:49:11 | 007,476,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/04/18 19:49:11 | 001,733,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2015/04/18 19:49:11 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2015/04/18 19:49:10 | 000,749,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2015/04/18 19:49:10 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tracerpt.exe
[2015/04/18 19:49:10 | 000,360,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sechost.dll
[2015/04/18 19:49:10 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2015/04/18 19:49:10 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\microsoft-windows-system-events.dll
[2015/04/18 19:49:09 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tracerpt.exe
[2015/04/18 19:49:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2015/04/18 19:49:02 | 001,385,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2015/04/18 19:48:59 | 000,780,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
[2015/04/18 19:48:51 | 006,025,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/04/18 19:48:48 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/04/18 19:48:47 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015/04/18 19:48:47 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/04/18 19:48:47 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/04/18 19:48:47 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/04/18 19:48:46 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/04/18 19:48:46 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/04/18 19:48:46 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015/04/18 19:48:25 | 000,133,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2015/04/18 19:48:24 | 002,373,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2015/04/18 19:48:24 | 000,891,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2015/04/18 19:48:24 | 000,721,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2015/04/18 19:48:24 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2015/04/18 19:48:24 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2015/04/18 19:48:24 | 000,200,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2015/04/18 19:48:24 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2015/04/18 19:48:24 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2015/04/18 19:48:24 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2015/04/18 19:48:24 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2015/04/18 19:48:24 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2015/04/18 19:48:24 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2015/04/18 19:48:23 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2015/04/18 19:48:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2015/04/18 19:48:22 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2015/04/18 19:48:22 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2015/04/18 19:48:19 | 000,377,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\clfs.sys
[2015/04/18 19:48:19 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\clfsw32.dll
[2015/04/18 19:48:18 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clfsw32.dll
[2015/04/18 19:48:16 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015/04/18 19:48:16 | 000,419,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015/04/18 19:48:16 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2015/04/18 19:48:16 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2015/04/18 19:48:15 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2015/04/18 19:48:15 | 000,957,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2015/04/18 19:48:15 | 000,769,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015/04/18 19:48:15 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2015/04/11 14:12:49 | 000,000,000 | ---D | C] -- C:\Users\Serah\Documents\BBI
[2015/04/03 19:04:29 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\GWX
[2015/04/03 19:04:29 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\GWX
[2015/03/31 18:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\{7866bdea-ad2b-e37d-7866-6bdeaad2f7aa}
[2015/03/29 19:55:18 | 000,000,000 | ---D | C] -- C:\Users\Serah\AppData\Local\FreemakeVideoDownloader
[2015/03/29 19:39:56 | 000,000,000 | ---D | C] -- C:\Users\Serah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2015/03/29 19:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2015/03/29 18:04:00 | 000,000,000 | -HSD | C] -- C:\Users\Serah\AppData\Local\EmieBrowserModeList

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2015/04/19 16:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/04/19 16:18:39 | 000,000,062 | ---- | M] () -- C:\Users\Serah\AppData\Roaming\sp_data.sys
[2015/04/19 16:17:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/04/19 16:16:26 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/04/19 16:16:20 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\SaferUpdateTaskMachineCore.job
[2015/04/19 16:15:48 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/04/19 16:15:45 | 2479,493,119 | -HS- | M] () -- C:\hiberfil.sys
[2015/04/19 16:06:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cfef256828988c.job
[2015/04/19 16:01:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/04/19 16:00:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\SaferUpdateTaskMachineUA.job
[2015/04/19 15:42:17 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/04/18 21:56:10 | 000,002,732 | ---- | M] () -- C:\Users\Serah\Desktop\Twitter.lnk
[2015/04/18 21:56:10 | 000,002,724 | ---- | M] () -- C:\Users\Serah\Desktop\Google.lnk
[2015/04/18 21:56:10 | 000,002,718 | ---- | M] () -- C:\Users\Serah\Desktop\Yahoo!.lnk
[2015/04/18 21:56:10 | 000,001,824 | ---- | M] () -- C:\Users\Serah\Desktop\Safer Browser.lnk
[2015/04/18 21:56:00 | 000,002,539 | ---- | M] () -- C:\Users\Serah\Application Data\Microsoft\Internet Explorer\Quick Launch\Safer Browser.lnk
[2015/04/18 21:55:02 | 000,001,354 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Downloader.lnk
[2015/04/18 19:48:04 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuaext.dll
[2015/04/17 04:02:01 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/04/13 16:24:21 | 000,792,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/04/13 16:24:21 | 000,178,168 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/04/11 23:38:22 | 000,730,419 | ---- | M] () -- C:\Users\Serah\Desktop\The Outback Experience.pdf
[2015/04/04 18:04:02 | 000,863,592 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/04/04 18:04:02 | 000,739,076 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/04/04 18:04:02 | 000,138,670 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/04/03 18:52:08 | 000,094,532 | ---- | M] () -- C:\Users\Serah\Documents\Yoox Order Confirmation.png
[2015/03/29 19:22:22 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/03/29 17:23:30 | 000,238,843 | ---- | M] () -- C:\Users\Serah\Desktop\IMG_20150329_172330.jpg
[2015/03/29 17:18:24 | 000,219,367 | ---- | M] () -- C:\Users\Serah\Desktop\IMG_20150329_171823.jpg
[2015/03/29 17:18:05 | 000,216,209 | ---- | M] () -- C:\Users\Serah\Desktop\IMG_20150329_171804.jpg
[2015/03/26 18:19:48 | 000,007,918 | ---- | M] () -- C:\Users\Serah\Documents\RESUME.html
[2015/03/23 14:59:25 | 001,733,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2015/03/23 14:59:25 | 000,360,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sechost.dll
[2015/03/23 14:59:00 | 007,476,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/03/22 15:45:41 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2015/03/22 15:09:23 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015/03/22 15:09:22 | 001,111,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2015/03/22 15:09:22 | 000,957,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2015/03/22 15:09:22 | 000,769,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015/03/22 15:09:22 | 000,419,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015/03/22 15:09:22 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/04/18 21:56:00 | 000,002,732 | ---- | C] () -- C:\Users\Serah\Desktop\Twitter.lnk
[2015/04/18 21:56:00 | 000,002,724 | ---- | C] () -- C:\Users\Serah\Desktop\Google.lnk
[2015/04/18 21:56:00 | 000,002,718 | ---- | C] () -- C:\Users\Serah\Desktop\Yahoo!.lnk
[2015/04/18 21:56:00 | 000,001,824 | ---- | C] () -- C:\Users\Serah\Desktop\Safer Browser.lnk
[2015/04/18 21:55:50 | 000,002,539 | ---- | C] () -- C:\Users\Serah\Application Data\Microsoft\Internet Explorer\Quick Launch\Safer Browser.lnk
[2015/04/18 21:55:02 | 000,000,930 | ---- | C] () -- C:\Windows\tasks\SaferUpdateTaskMachineUA.job
[2015/04/18 21:55:02 | 000,000,926 | ---- | C] () -- C:\Windows\tasks\SaferUpdateTaskMachineCore.job
[2015/04/18 19:48:46 | 000,016,303 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2015/04/18 19:48:46 | 000,016,303 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2015/04/11 23:38:22 | 000,730,419 | ---- | C] () -- C:\Users\Serah\Desktop\The Outback Experience.pdf
[2015/04/11 16:07:48 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/04/03 18:52:08 | 000,094,532 | ---- | C] () -- C:\Users\Serah\Documents\Yoox Order Confirmation.png
[2015/03/29 19:39:55 | 000,001,354 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Downloader.lnk
[2015/03/29 19:22:22 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/03/29 18:15:06 | 000,238,843 | ---- | C] () -- C:\Users\Serah\Desktop\IMG_20150329_172330.jpg
[2015/03/29 18:15:06 | 000,219,367 | ---- | C] () -- C:\Users\Serah\Desktop\IMG_20150329_171823.jpg
[2015/03/29 18:15:06 | 000,216,209 | ---- | C] () -- C:\Users\Serah\Desktop\IMG_20150329_171804.jpg
[2015/03/26 18:19:37 | 000,007,918 | ---- | C] () -- C:\Users\Serah\Documents\RESUME.html
[2015/03/15 15:50:27 | 000,005,013 | ---- | C] () -- C:\ProgramData\wmzddnmb.cix
[2015/03/10 20:36:57 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2015/03/10 20:34:59 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2015/03/04 00:33:06 | 000,000,034 | ---- | C] () -- C:\Users\Serah\AppData\Roaming\AdobeWLCMCache.dat
[2014/07/03 17:08:38 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2014/07/01 20:26:33 | 000,000,062 | ---- | C] () -- C:\Users\Serah\AppData\Roaming\sp_data.sys
[2014/03/14 21:32:44 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/02/16 21:25:43 | 000,004,606 | ---- | C] () -- C:\Windows\SysWow64\DptfInvalidPolicyRemover.ini
[2014/02/16 21:23:38 | 000,299,520 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2014/02/16 21:23:38 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/02/16 21:23:38 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/12/13 15:43:52 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2013/12/13 15:43:52 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2013/12/13 15:43:52 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS
[2013/09/02 13:03:40 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2013/08/22 08:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/22 08:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 07:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/22 00:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/21 16:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/21 16:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/12 10:40:58 | 022,291,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/12 10:34:06 | 019,731,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/28 18:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/28 17:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/28 18:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2015/03/16 01:20:00 | 000,000,000 | ---D | M] -- C:\Users\Serah\AppData\Roaming\Audacity
[2015/04/19 16:09:50 | 000,000,000 | ---D | M] -- C:\Users\Serah\AppData\Roaming\BitTorrent
[2015/03/15 15:54:45 | 000,000,000 | ---D | M] -- C:\Users\Serah\AppData\Roaming\Movavi
[2014/07/03 18:11:55 | 000,000,000 | ---D | M] -- C:\Users\Serah\AppData\Roaming\OpenOffice
[2014/07/02 18:12:41 | 000,000,000 | ---D | M] -- C:\Users\Serah\AppData\Roaming\Panda Security
[2014/07/01 20:29:13 | 000,000,000 | ---D | M] -- C:\Users\Serah\AppData\Roaming\WebStorage

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 237 bytes -> C:\Users\Serah\SkyDrive:ms-properties

< End of report >


Report •

#7
April 19, 2015 at 23:16:29
Thanks FalconCry, sorry for the delay, I'm here.
http://www.timeanddate.com/worldclo...
I'll get the Farbar log off you as well.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif

message edited by Johnw


Report •

#8
September 15, 2015 at 01:27:28
My System has been affected with Pclaboringnow.com which is a type of harmful domain. I found this type of domain when i scanned my System with anti-virus software. This domain always redirected me into malicious or untrusted domain then I used Automatic Removal Tool to remove this type of harmful domain. If you want to know how is it possible then click - http://www.howtouninstallamalware.c...

Report •

Ask Question