Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Astromenda.A, Hijack.StartMenu, Conduit.SearchProtect, GlobalUpdate.T...


  • This topic is locked This topic is locked
33 replies to this topic

#1 jdesunshine

jdesunshine

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:44 PM

Posted 25 September 2014 - 01:31 AM

DefaultTab.A, BrowserApps.A, CrossRider.A, CrossRider.T, WeatherAlerts, Bundlore, OneSoftPerDay.A, AppMarket.A, Tuto4PC.A, Suspicious.cloud.9, Sonar.Heuristic.120, OptimizerPro have all been found in various scans in the past couple weeks.  I need to be sure that these are all gone.

 

This laptop is used primarily for maintaining and editing photos and general computing and internet surfing and recently has been running slower and slower. The Astromenda was taking over the web browser and even though I've removed it from everywhere, it still appeared in the MBAM scan ran today in addition to Hijack.StartMenu.  I'd like some help making sure all the viruses, PUPs, etc are cleared up. I've downloaded MBAM in addition to using Norton that's installed. I unstalled AVG that was also installed since Norton was the paid edition and I didn't want them to conflict with each other. Also, I can't get into a lot of folders and get the message "Location Not Available and C:\documents and Settings is not accessible. Access is denied" even though the user is an administrator user.  I'm not sure if this is related to any of the virus or malware issues. Thanks in advance for any assistance in this matter.

 

Here's the DDS.txt and the file attach.txt is attached.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.25.2
Run by Owner at 1:46:09 on 2014-09-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.2086 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe
C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coieplg.dll
mRun: [BackupNowEZtray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\Windows\System32\config\systemprofile\AppData\Roaming\SearchProtect"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{4E42BDD4-5092-4834-A52D-EC7520E6B60E} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{4E42BDD4-5092-4834-A52D-EC7520E6B60E}\0716D6A796E6B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4E42BDD4-5092-4834-A52D-EC7520E6B60E}\1447C616E6479636023516E64637 : DHCPNameServer = 68.87.77.130 68.87.72.130
TCP: Interfaces\{4E42BDD4-5092-4834-A52D-EC7520E6B60E}\3416374727F6C6D275966496 : DHCPNameServer = 97.64.209.36 97.64.168.13
TCP: Interfaces\{4E42BDD4-5092-4834-A52D-EC7520E6B60E}\4414659444D20534F5E4564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4E42BDD4-5092-4834-A52D-EC7520E6B60E}\564786F63747275616D6 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{4E42BDD4-5092-4834-A52D-EC7520E6B60E}\8456274727963686027457563747 : DHCPNameServer = 10.224.74.254
TCP: Interfaces\{4E42BDD4-5092-4834-A52D-EC7520E6B60E}\84F4D454D203547334 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coieplg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coieplg.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aeokgtgy.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-18 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1505000.013\symds64.sys [2014-8-16 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1505000.013\symefa64.sys [2014-8-16 1148120]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-7-2 270616]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [2014-9-12 1586904]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1505000.013\ccsetx64.sys [2014-8-16 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140924.001\IDSviA64.sys [2014-9-24 633560]
R1 SMR430;Symantec SMR Utility Service 4.3.0;C:\Windows\System32\drivers\SMR430.SYS [2014-9-24 108216]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1505000.013\ironx64.sys [2014-8-16 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1505000.013\symnets.sys [2014-8-16 593112]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-9-17 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-9-28 26680]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-21 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-21 860472]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe [2014-8-16 276376]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [2013-11-7 46072]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-9-25 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-9-25 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-9-25 171928]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2320920]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-9-29 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-9 142640]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-3-5 158720]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-3-5 271872]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-21 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-21 63704]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-12-20 1014624]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 globalUpdate;globalUpdate Update Service (globalUpdate);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc --> C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe  [?]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2014-9-22 58056]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc --> C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe  [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-12 111616]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-9-19 31800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-12-20 245792]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-9 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-23 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-20 98208]
S4 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
S4 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
.
=============== Created Last 30 ================
.
2014-09-25 04:28:30 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-09-25 04:28:28 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-09-25 04:28:23 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-25 00:58:32 108216 ----a-w- C:\Windows\System32\drivers\SMR430.SYS
2014-09-24 02:38:31 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-24 02:38:31 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-22 17:53:11 -------- d-----w- C:\Windows\en
2014-09-22 17:49:31 58056 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2014-09-22 17:47:46 23256 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-22 17:45:44 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2014-09-22 17:45:44 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2014-09-22 17:45:44 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2014-09-22 17:45:44 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2014-09-22 17:45:43 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2014-09-22 17:45:43 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2014-09-22 17:45:42 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2014-09-22 17:45:42 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-09-22 17:41:15 6081224 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f60a34e91cfd68b06\onedrivesetup.exe
2014-09-22 17:41:15 -------- d-----w- C:\Program Files (x86)\Microsoft OneDrive
2014-09-22 17:41:13 -------- d-----r- C:\Users\Owner\OneDrive
2014-09-22 17:40:56 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2014-09-22 17:38:01 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ed9b932e1cfd68b04\DSETUP.dll
2014-09-22 17:38:01 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ed9b932e1cfd68b04\DXSETUP.exe
2014-09-22 17:38:01 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ed9b932e1cfd68b04\dsetup32.dll
2014-09-22 17:37:46 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e9da857b1cfd68b03\DSETUP.dll
2014-09-22 17:37:46 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e9da857b1cfd68b03\DXSETUP.exe
2014-09-22 17:37:46 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e9da857b1cfd68b03\dsetup32.dll
2014-09-22 17:37:39 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e6dcf1b51cfd68b01\DSETUP.dll
2014-09-22 17:37:39 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e6dcf1b51cfd68b01\DXSETUP.exe
2014-09-22 17:37:39 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e6dcf1b51cfd68b01\dsetup32.dll
2014-09-22 17:21:42 -------- d-----w- C:\ProgramData\Blio
2014-09-22 17:18:57 -------- d-----w- C:\Program Files (x86)\K-NFB Reading Technology Inc
2014-09-22 16:48:22 -------- d-----w- C:\ProgramData\NTIReg
2014-09-22 16:48:22 -------- d-----w- C:\ProgramData\BackupNowEZ
2014-09-22 16:48:18 18432 ----a-w- C:\Windows\System32\drivers\NTIDrvr.sys
2014-09-22 16:48:18 16896 ----a-w- C:\Windows\System32\drivers\UBHelper.sys
2014-09-22 16:47:56 -------- d-----w- C:\Windows\SysWow64\drivers\nti\Xp_x86
2014-09-22 16:47:56 -------- d-----w- C:\Windows\SysWow64\drivers\nti\w2k_x86
2014-09-22 16:47:56 -------- d-----w- C:\Windows\SysWow64\drivers\nti\Vista_x86
2014-09-22 16:47:56 -------- d-----w- C:\Windows\SysWow64\drivers\nti\Vista_ia64
2014-09-22 16:47:56 -------- d-----w- C:\Windows\SysWow64\drivers\nti\Vista_amd64
2014-09-22 16:47:56 -------- d-----w- C:\Windows\SysWow64\drivers\nti\2003_x86
2014-09-22 16:47:56 -------- d-----w- C:\Windows\SysWow64\drivers\nti\2003_ia64
2014-09-22 16:47:56 -------- d-----w- C:\Windows\SysWow64\drivers\nti\2003_amd64
2014-09-22 16:47:40 -------- d-----w- C:\Windows\SysWow64\drivers\nti
2014-09-22 16:47:40 -------- d-----w- C:\Program Files (x86)\NTI
2014-09-21 23:13:10 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-21 23:12:44 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-21 23:12:44 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-21 23:12:44 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-21 23:12:44 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-21 23:12:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-21 00:46:40 -------- d-----w- C:\Windows\ERUNT
2014-09-20 20:04:35 -------- d-----w- C:\Program Files\CCleaner
2014-09-20 19:07:44 -------- d-----w- C:\Program Files\Easy Duplicate Finder 4
2014-09-20 19:07:03 -------- d-----w- C:\Users\Owner\AppData\Roaming\EasyDuplicateFinder
2014-09-20 19:07:03 -------- d-----w- C:\ProgramData\Easy Duplicate Finder
2014-09-20 02:25:54 78936 ----a-r- C:\Windows\System32\drivers\SymIMV.sys
2014-09-19 23:55:45 -------- d-----w- C:\Users\Owner\AppData\Local\VS Revo Group
2014-09-19 23:55:40 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2014-09-19 23:55:40 -------- d-----w- C:\ProgramData\VS Revo Group
2014-09-19 23:55:38 -------- d-----w- C:\Program Files\VS Revo Group
2014-09-17 19:44:27 -------- d-----w- C:\Users\Owner\AppData\Roaming\TuneUp Software
2014-09-17 19:43:09 -------- d--h--w- C:\$AVG
2014-09-17 19:41:55 -------- d-----w- C:\Program Files (x86)\AVG
2014-09-17 19:40:05 -------- d--h--w- C:\ProgramData\Common Files
2014-09-17 19:40:05 -------- d-----w- C:\Users\Owner\AppData\Local\MFAData
2014-09-17 19:40:05 -------- d-----w- C:\ProgramData\MFAData
2014-09-15 20:22:21 -------- d-----w- C:\NPE
2014-09-15 20:19:33 -------- d-----w- C:\Users\Owner\AppData\Local\NPE
2014-09-12 10:55:55 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-12 10:55:55 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-11 23:52:21 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-11 23:52:20 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-11 23:52:06 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-11 23:52:05 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-11 23:51:23 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-11 23:51:22 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-11 23:51:21 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-11 23:51:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-11 23:51:21 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-11 23:51:04 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-11 23:51:04 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-11 09:12:01 -------- d-----w- C:\Users\Owner\AppData\Local\Astromenda
2014-09-10 18:09:05 -------- d-----w- C:\Program Files (x86)\predm
2014-09-07 17:54:51 -------- d-----w- C:\Users\Owner\AppData\Local\AstromendaKMS
2014-09-07 17:45:57 -------- d-----w- C:\Users\Owner\AppData\Local\IsolatedStorage
2014-09-07 17:27:39 -------- d-----w- C:\Users\Owner\AppData\Local\globalUpdate
2014-09-07 17:27:39 -------- d-----w- C:\Program Files (x86)\globalUpdate
2014-08-29 03:42:29 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-29 03:42:29 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-29 03:42:29 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
==================== Find3M  ====================
.
2014-09-25 02:29:18 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-25 02:29:18 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-25 06:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-18 19:53:26 313624 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-07-02 13:58:24 270616 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
.
============= FINISH:  1:46:44.01 ===============
 


BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 25 September 2014 - 09:43 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 jdesunshine

jdesunshine
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:44 PM

Posted 25 September 2014 - 07:50 PM

Thank you for your help.  Here's the results of the scans you requested.

 

Scan with FRST in normal mode:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-09-2014 01

Ran by Owner (administrator) on OWNER-HP on 25-09-2014 16:02:52
Running from C:\Users\Owner\Downloads
Loaded Profile: Owner (Available profiles: Owner & Administrator & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [1294840 2013-11-07] (NTI Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2685544483-1962792413-3496003650-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2685544483-1962792413-3496003650-1000\...\MountPoints2: F - F:\LiteAuto.exe
HKU\S-1-5-21-2685544483-1962792413-3496003650-1000\...\MountPoints2: {ed395048-569d-11e1-bf61-806e6f6e6963} - F:\LiteAuto.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
ShellIconOverlayIdentifiers: 00Zecter -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 01Zecter -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 02Zecter -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 03Zecter -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 04Zecter -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKCU - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aeokgtgy.default
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: {{EXT_NAME}} - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aeokgtgy.default\Extensions\jid0-j253QhG0S1FBMdVUnCkPZnGZODY@jetpack [2014-09-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-06]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-20]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-09-24]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-05-27]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aeokgtgy.default\extensions\addon@defaulttab.com.xpi [Not Found]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aeokgtgy.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com [Not Found]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (         "name": "",) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.61267_0\plugin/gc_getcid.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-12]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-12]
CHR Extension: (Norton Identity Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-17]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-07-31] (Symantec Corporation)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-11-07] (NTI Corporation)
S4 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140924.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140924.019\ENG64.SYS [129752 2014-09-24] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140924.019\EX64.SYS [2137304 2014-09-24] (Symantec Corporation)
R1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [108216 2014-09-24] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1505000.013\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1505000.013\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1505000.013\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-27] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-10-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S1 {e6ca9971-30ed-444a-9489-82fca50b2062}Gw64; system32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-25 16:02 - 2014-09-25 16:03 - 00020293 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-25 16:02 - 2014-09-25 16:02 - 00000000 ____D () C:\FRST
2014-09-25 16:01 - 2014-09-25 16:01 - 02108928 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-25 01:58 - 2014-09-25 01:58 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-09-25 01:58 - 2014-09-25 01:58 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-09-25 01:57 - 2014-09-25 01:57 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-09-25 01:51 - 2014-09-25 01:52 - 140852175 _____ () C:\Users\Owner\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2014-09-25 01:44 - 2014-09-25 02:45 - 00000000 ____D () C:\Users\Owner\Desktop\Utilities
2014-09-25 01:42 - 2009-06-10 17:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140925-014208.backup
2014-09-25 00:36 - 2014-09-25 00:36 - 00000000 ____D () C:\Users\Owner\Documents\ProcAlyzer Dumps
2014-09-25 00:28 - 2014-09-25 01:39 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-25 00:28 - 2014-09-25 00:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-25 00:28 - 2014-09-25 00:28 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-25 00:28 - 2014-09-25 00:28 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-25 00:28 - 2014-09-25 00:28 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-09-25 00:28 - 2014-09-25 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-25 00:28 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-09-25 00:25 - 2014-09-25 00:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Owner\Downloads\spybot-2.4.exe
2014-09-24 21:20 - 2014-09-24 21:20 - 00000020 _____ () C:\Windows\system32\Drivers\SMR430.dat
2014-09-24 20:58 - 2014-09-24 21:20 - 00108216 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR430.SYS
2014-09-23 22:38 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 22:38 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-22 16:01 - 2014-09-22 16:01 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-22 16:01 - 2014-09-22 16:01 - 00001413 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 16:01 - 2014-09-22 16:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-09-22 16:01 - 2014-09-22 16:01 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-22 16:00 - 2014-09-22 16:01 - 00000000 ____D () C:\Users\Administrator
2014-09-22 16:00 - 2014-09-22 16:00 - 00000258 __RSH () C:\Users\Administrator\ntuser.pol
2014-09-22 16:00 - 2014-09-22 16:00 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-09-22 16:00 - 2014-09-22 13:41 - 00002104 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-22 16:00 - 2014-01-15 18:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\SlimWare Utilities Inc
2014-09-22 16:00 - 2010-12-20 04:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-09-22 16:00 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 16:00 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-22 14:45 - 2014-09-22 14:45 - 00000000 ____D () C:\Users\Owner\Documents\EasyDuplicateFinder
2014-09-22 13:53 - 2014-09-22 13:53 - 00000000 ____D () C:\Windows\en
2014-09-22 13:52 - 2014-09-22 13:52 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-09-22 13:52 - 2014-09-22 13:52 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-09-22 13:49 - 2014-03-31 21:06 - 00058056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2014-09-22 13:45 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-09-22 13:45 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-09-22 13:45 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-09-22 13:45 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-09-22 13:45 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-09-22 13:45 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-09-22 13:45 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-09-22 13:45 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-09-22 13:41 - 2014-09-22 14:20 - 00002178 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-22 13:41 - 2014-09-22 13:41 - 00002104 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-22 13:41 - 2014-09-22 13:41 - 00002104 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 ___RD () C:\Users\Owner\OneDrive
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-09-22 13:40 - 2014-09-22 13:40 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-09-22 13:21 - 2014-09-22 13:21 - 00000000 ____D () C:\ProgramData\Blio
2014-09-22 13:19 - 2014-09-22 13:19 - 00002089 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Blio.lnk
2014-09-22 13:18 - 2014-09-22 13:18 - 00000000 ____D () C:\Users\Public\Blio
2014-09-22 13:18 - 2014-09-22 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-NFB Reading Technology
2014-09-22 13:18 - 2014-09-22 13:18 - 00000000 ____D () C:\Program Files (x86)\K-NFB Reading Technology Inc
2014-09-22 13:06 - 2014-09-22 13:06 - 00000000 ____D () C:\Users\Owner\Documents\Blio
2014-09-22 12:48 - 2014-09-22 12:48 - 00002091 _____ () C:\Users\Public\Desktop\NTI Backup Now EZ.lnk
2014-09-22 12:48 - 2014-09-22 12:48 - 00000000 ____D () C:\ProgramData\NTIReg
2014-09-22 12:48 - 2014-09-22 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup Now EZ
2014-09-22 12:48 - 2014-09-22 12:48 - 00000000 ____D () C:\ProgramData\BackupNowEZ
2014-09-22 12:48 - 2009-05-05 16:46 - 00018432 _____ (NewTech Infosystems, Inc.) C:\Windows\system32\Drivers\NTIDrvr.sys
2014-09-22 12:48 - 2009-05-05 16:46 - 00016896 _____ (NewTech Infosystems Corporation) C:\Windows\system32\Drivers\UBHelper.sys
2014-09-22 12:47 - 2014-09-22 12:47 - 00000000 ____D () C:\Windows\SysWOW64\Drivers\nti
2014-09-22 12:47 - 2014-09-22 12:47 - 00000000 ____D () C:\Program Files (x86)\NTI
2014-09-21 19:13 - 2014-09-25 03:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 19:12 - 2014-09-21 19:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-21 19:12 - 2014-09-21 19:12 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-21 19:12 - 2014-09-21 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-21 19:12 - 2014-09-21 19:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-21 19:12 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-21 19:12 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-21 19:12 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-20 20:46 - 2014-09-20 20:46 - 00000000 ____D () C:\Windows\ERUNT
2014-09-20 16:04 - 2014-09-20 16:07 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-20 16:04 - 2014-09-20 16:07 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-20 16:04 - 2014-09-20 16:04 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-20 16:04 - 2014-09-20 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-20 15:07 - 2014-09-20 15:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\EasyDuplicateFinder
2014-09-20 15:07 - 2014-09-20 15:08 - 00000000 ____D () C:\ProgramData\Easy Duplicate Finder
2014-09-20 15:07 - 2014-09-20 15:07 - 00000972 _____ () C:\Users\Public\Desktop\Easy Duplicate Finder 4.lnk
2014-09-20 15:07 - 2014-09-20 15:07 - 00000000 ____D () C:\Users\Public\Documents\EasyDuplicateFinder
2014-09-20 15:07 - 2014-09-20 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Duplicate Finder 4
2014-09-20 15:07 - 2014-09-20 15:07 - 00000000 ____D () C:\Program Files\Easy Duplicate Finder 4
2014-09-19 22:25 - 2013-10-30 03:26 - 00078936 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys
2014-09-19 20:29 - 2014-09-19 20:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-09-19 20:28 - 2014-09-19 20:28 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
2014-09-19 19:55 - 2014-09-19 19:55 - 00001077 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-09-19 19:55 - 2014-09-19 19:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\VS Revo Group
2014-09-19 19:55 - 2014-09-19 19:55 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-09-19 19:55 - 2014-09-19 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-09-19 19:55 - 2014-09-19 19:55 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-19 19:55 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-09-17 15:44 - 2014-09-17 15:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\TuneUp Software
2014-09-17 15:43 - 2014-09-17 15:43 - 00000000 ___HD () C:\$AVG
2014-09-17 15:41 - 2014-09-19 20:02 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-17 15:40 - 2014-09-22 15:10 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-17 15:40 - 2014-09-17 15:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\MFAData
2014-09-15 16:22 - 2014-09-24 21:03 - 00000000 ____D () C:\NPE
2014-09-15 16:19 - 2014-09-24 21:20 - 00000000 ____D () C:\Users\Owner\AppData\Local\NPE
2014-09-15 16:19 - 2014-09-15 16:19 - 03060320 ____N (Symantec Corporation) C:\Users\Owner\Downloads\NPE.exe
2014-09-12 07:19 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 07:19 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 07:19 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 07:19 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 07:19 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 07:19 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 07:19 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 07:19 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 07:19 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 07:19 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 07:19 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 07:19 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 07:19 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 07:19 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 07:19 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 07:19 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 07:19 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 07:19 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 07:19 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 07:19 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 07:19 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 07:19 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 07:19 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 07:19 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 07:19 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 07:19 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 07:19 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 07:19 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 07:19 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 07:19 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 07:19 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 07:19 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 07:19 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 07:19 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 07:19 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 07:19 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 07:19 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 07:19 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 07:19 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 07:19 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 07:19 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 07:19 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 07:19 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 07:19 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 07:19 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 07:19 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 07:19 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 07:19 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 07:19 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 07:19 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 07:19 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 07:19 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 07:19 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 07:19 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 07:19 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 07:19 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 06:55 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 06:55 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 19:52 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 19:52 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 19:52 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 19:52 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 19:51 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 19:51 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 19:51 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 19:51 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 19:51 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 19:51 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 19:51 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 19:26 - 2014-09-11 19:26 - 00000000 ____D () C:\Users\Public\Documents\Blio
2014-09-11 05:12 - 2014-09-11 05:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Astromenda
2014-09-10 22:12 - 2014-09-12 00:12 - 00000061 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-09-10 14:09 - 2014-09-10 14:09 - 00000000 ____D () C:\Program Files (x86)\predm
2014-09-07 13:54 - 2014-09-07 13:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\AstromendaKMS
2014-09-07 13:45 - 2014-09-07 13:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\IsolatedStorage
2014-09-07 13:27 - 2014-09-21 23:35 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-07 13:27 - 2014-09-07 13:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\globalUpdate
2014-08-28 23:42 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 23:42 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 23:42 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-25 16:03 - 2014-09-25 16:02 - 00020293 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-25 16:03 - 2012-09-03 08:54 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-25 16:02 - 2014-09-25 16:02 - 00000000 ____D () C:\FRST
2014-09-25 16:01 - 2014-09-25 16:01 - 02108928 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-25 16:01 - 2011-01-23 13:14 - 00112352 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-25 15:57 - 2012-09-13 09:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-25 15:57 - 2012-09-03 08:54 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 15:57 - 2010-12-20 04:42 - 01643998 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 03:32 - 2014-09-21 19:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 02:45 - 2014-09-25 01:44 - 00000000 ____D () C:\Users\Owner\Desktop\Utilities
2014-09-25 02:27 - 2013-06-23 23:47 - 00002160 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-25 01:58 - 2014-09-25 01:58 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-09-25 01:58 - 2014-09-25 01:58 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-09-25 01:57 - 2014-09-25 01:57 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-09-25 01:57 - 2011-01-29 16:25 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2014-09-25 01:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-25 01:52 - 2014-09-25 01:51 - 140852175 _____ () C:\Users\Owner\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2014-09-25 01:39 - 2014-09-25 00:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-25 00:36 - 2014-09-25 00:36 - 00000000 ____D () C:\Users\Owner\Documents\ProcAlyzer Dumps
2014-09-25 00:32 - 2014-09-25 00:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-25 00:28 - 2014-09-25 00:28 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-25 00:28 - 2014-09-25 00:28 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-25 00:28 - 2014-09-25 00:28 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-09-25 00:28 - 2014-09-25 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-25 00:26 - 2014-09-25 00:25 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Owner\Downloads\spybot-2.4.exe
2014-09-24 22:29 - 2012-09-13 09:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 22:29 - 2012-09-13 09:42 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 22:29 - 2011-05-18 01:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 21:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2014-09-24 21:23 - 2009-07-14 00:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-24 21:23 - 2009-07-14 00:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-24 21:20 - 2014-09-24 21:20 - 00000020 _____ () C:\Windows\system32\Drivers\SMR430.dat
2014-09-24 21:20 - 2014-09-24 20:58 - 00108216 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR430.SYS
2014-09-24 21:20 - 2014-09-15 16:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\NPE
2014-09-24 21:03 - 2014-09-15 16:22 - 00000000 ____D () C:\NPE
2014-09-24 21:02 - 2012-03-27 18:41 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-09-24 21:02 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-24 21:01 - 2014-04-22 10:40 - 00022451 _____ () C:\Windows\setupact.log
2014-09-24 20:58 - 2009-07-14 01:13 - 00800436 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 20:57 - 2012-08-23 08:26 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOwner
2014-09-24 20:57 - 2012-08-23 08:26 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner.job
2014-09-22 16:01 - 2014-09-22 16:01 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-22 16:01 - 2014-09-22 16:01 - 00001413 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 16:01 - 2014-09-22 16:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-09-22 16:01 - 2014-09-22 16:01 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-22 16:01 - 2014-09-22 16:00 - 00000000 ____D () C:\Users\Administrator
2014-09-22 16:00 - 2014-09-22 16:00 - 00000258 __RSH () C:\Users\Administrator\ntuser.pol
2014-09-22 16:00 - 2014-09-22 16:00 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-09-22 15:43 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-22 15:10 - 2014-09-17 15:40 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-22 14:55 - 2012-04-07 15:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
2014-09-22 14:45 - 2014-09-22 14:45 - 00000000 ____D () C:\Users\Owner\Documents\EasyDuplicateFinder
2014-09-22 14:20 - 2014-09-22 13:41 - 00002178 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-22 13:53 - 2014-09-22 13:53 - 00000000 ____D () C:\Windows\en
2014-09-22 13:52 - 2014-09-22 13:52 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-09-22 13:52 - 2014-09-22 13:52 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-09-22 13:52 - 2012-04-07 15:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-09-22 13:51 - 2012-04-07 15:11 - 00001458 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-09-22 13:50 - 2012-04-07 15:11 - 00002486 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-09-22 13:49 - 2012-04-07 15:10 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-09-22 13:48 - 2012-04-07 15:09 - 00000000 ____D () C:\Program Files\Windows Live
2014-09-22 13:42 - 2010-10-20 01:44 - 00000958 _____ () C:\Windows\DirectX.log
2014-09-22 13:41 - 2014-09-22 16:00 - 00002104 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-22 13:41 - 2014-09-22 13:41 - 00002104 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-22 13:41 - 2014-09-22 13:41 - 00002104 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 ___RD () C:\Users\Owner\OneDrive
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-09-22 13:41 - 2011-01-23 13:13 - 00000000 ____D () C:\Users\Owner
2014-09-22 13:40 - 2014-09-22 13:40 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-09-22 13:21 - 2014-09-22 13:21 - 00000000 ____D () C:\ProgramData\Blio
2014-09-22 13:19 - 2014-09-22 13:19 - 00002089 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Blio.lnk
2014-09-22 13:19 - 2011-01-29 15:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\Kjs.AppLife.Update
2014-09-22 13:18 - 2014-09-22 13:18 - 00000000 ____D () C:\Users\Public\Blio
2014-09-22 13:18 - 2014-09-22 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-NFB Reading Technology
2014-09-22 13:18 - 2014-09-22 13:18 - 00000000 ____D () C:\Program Files (x86)\K-NFB Reading Technology Inc
2014-09-22 13:18 - 2011-01-29 15:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Blio
2014-09-22 13:14 - 2012-04-28 16:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\Downloaded Installations
2014-09-22 13:06 - 2014-09-22 13:06 - 00000000 ____D () C:\Users\Owner\Documents\Blio
2014-09-22 12:50 - 2011-01-24 05:09 - 00687524 _____ () C:\Windows\PFRO.log
2014-09-22 12:48 - 2014-09-22 12:48 - 00002091 _____ () C:\Users\Public\Desktop\NTI Backup Now EZ.lnk
2014-09-22 12:48 - 2014-09-22 12:48 - 00000000 ____D () C:\ProgramData\NTIReg
2014-09-22 12:48 - 2014-09-22 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup Now EZ
2014-09-22 12:48 - 2014-09-22 12:48 - 00000000 ____D () C:\ProgramData\BackupNowEZ
2014-09-22 12:48 - 2010-10-20 01:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-22 12:47 - 2014-09-22 12:47 - 00000000 ____D () C:\Windows\SysWOW64\Drivers\nti
2014-09-22 12:47 - 2014-09-22 12:47 - 00000000 ____D () C:\Program Files (x86)\NTI
2014-09-22 12:46 - 2012-02-13 19:56 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-09-21 23:35 - 2014-09-07 13:27 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-21 19:42 - 2014-09-21 19:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-21 19:12 - 2014-09-21 19:12 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-21 19:12 - 2014-09-21 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-21 19:12 - 2014-09-21 19:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-20 20:46 - 2014-09-20 20:46 - 00000000 ____D () C:\Windows\ERUNT
2014-09-20 20:05 - 2010-12-20 04:56 - 00000000 ____D () C:\ProgramData\WildTangent
2014-09-20 16:17 - 2014-04-22 09:55 - 00000000 ____D () C:\Windows\pss
2014-09-20 16:07 - 2014-09-20 16:04 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-20 16:07 - 2014-09-20 16:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-20 16:04 - 2014-09-20 16:04 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-20 16:04 - 2014-09-20 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-20 15:48 - 2011-03-14 16:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-09-20 15:08 - 2014-09-20 15:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\EasyDuplicateFinder
2014-09-20 15:08 - 2014-09-20 15:07 - 00000000 ____D () C:\ProgramData\Easy Duplicate Finder
2014-09-20 15:07 - 2014-09-20 15:07 - 00000972 _____ () C:\Users\Public\Desktop\Easy Duplicate Finder 4.lnk
2014-09-20 15:07 - 2014-09-20 15:07 - 00000000 ____D () C:\Users\Public\Documents\EasyDuplicateFinder
2014-09-20 15:07 - 2014-09-20 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Duplicate Finder 4
2014-09-20 15:07 - 2014-09-20 15:07 - 00000000 ____D () C:\Program Files\Easy Duplicate Finder 4
2014-09-19 20:32 - 2010-10-20 01:42 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2014-09-19 20:29 - 2014-09-19 20:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-09-19 20:28 - 2014-09-19 20:28 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
2014-09-19 20:16 - 2010-10-20 01:46 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-19 20:13 - 2011-05-24 23:52 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-09-19 20:13 - 2011-05-24 23:50 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-09-19 20:02 - 2014-09-17 15:41 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-19 19:55 - 2014-09-19 19:55 - 00001077 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-09-19 19:55 - 2014-09-19 19:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\VS Revo Group
2014-09-19 19:55 - 2014-09-19 19:55 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-09-19 19:55 - 2014-09-19 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-09-19 19:55 - 2014-09-19 19:55 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-18 08:02 - 2014-04-22 08:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet
2014-09-17 15:44 - 2014-09-17 15:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\TuneUp Software
2014-09-17 15:43 - 2014-09-17 15:43 - 00000000 ___HD () C:\$AVG
2014-09-17 15:40 - 2014-09-17 15:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\MFAData
2014-09-15 16:42 - 2014-06-29 11:32 - 00000000 ____D () C:\Users\Guest
2014-09-15 16:20 - 2010-12-20 04:55 - 00000000 ____D () C:\ProgramData\Norton
2014-09-15 16:19 - 2014-09-15 16:19 - 03060320 ____N (Symantec Corporation) C:\Users\Owner\Downloads\NPE.exe
2014-09-14 13:02 - 2013-05-14 23:25 - 00000000 ____D () C:\ProgramData\Skype
2014-09-14 13:01 - 2013-05-14 23:26 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-09-14 13:01 - 2011-05-17 20:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 11:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-12 09:42 - 2011-04-07 16:33 - 00001854 _____ () C:\Users\Owner\AppData\Roaming\GhostObjGAFix.xml
2014-09-12 07:15 - 2011-01-29 15:07 - 00793050 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 07:11 - 2013-08-14 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 06:57 - 2011-01-23 16:18 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 06:55 - 2014-05-06 20:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 00:12 - 2014-09-10 22:12 - 00000061 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-09-11 19:26 - 2014-09-11 19:26 - 00000000 ____D () C:\Users\Public\Documents\Blio
2014-09-11 05:12 - 2014-09-11 05:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Astromenda
2014-09-10 14:09 - 2014-09-10 14:09 - 00000000 ____D () C:\Program Files (x86)\predm
2014-09-10 14:06 - 2014-03-09 19:37 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Garmin
2014-09-10 14:06 - 2014-03-09 19:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Garmin
2014-09-10 14:06 - 2014-03-09 19:31 - 00000000 ____D () C:\ProgramData\Garmin
2014-09-10 14:06 - 2014-03-09 19:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-10 14:06 - 2014-03-09 19:30 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-09-10 12:44 - 2009-07-13 22:34 - 00000505 _____ () C:\Windows\win.ini
2014-09-09 18:11 - 2014-09-23 22:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-09 17:47 - 2014-09-23 22:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-07 13:54 - 2014-09-07 13:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\AstromendaKMS
2014-09-07 13:45 - 2014-09-07 13:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\IsolatedStorage
2014-09-07 13:27 - 2014-09-07 13:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\globalUpdate
2014-09-04 22:10 - 2014-09-11 19:51 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 22:05 - 2014-09-11 19:51 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-29 03:40 - 2009-07-14 00:45 - 00388360 _____ () C:\Windows\system32\FNTCACHE.DAT
 
Files to move or delete:
====================
C:\Users\Owner\HPACTIVECHECK.JS
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-20 23:06
 
==================== End Of Log ============================
 
 
Addition.txt file:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2014 01
Ran by Owner at 2014-09-25 16:03:55
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.25 - ArcSoft)
ArcSoft PhotoImpression 6 (HKLM-x32\...\{D03E7B00-CA85-4684-9321-1888873C34BD}) (Version: 6 - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version:  - ArcSoft)
Blio (HKLM-x32\...\{F85AB1B2-DB2D-4E40-AA18-AECB1F0476DA}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.14.15.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1920 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1920 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4604 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4604 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.3321 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.2.3321 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EasyDuplicateFinder v4.5 (HKLM\...\Easy Duplicate Finder 4_is1) (Version:  - WebMinds, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
EPSON Stylus CX7400 Series Scanner Driver Update (HKLM-x32\...\{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}) (Version:  - )
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
HP CloudDrive (HKLM-x32\...\ZumoDrive) (Version:  - Zecter Inc.)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{2385DA7C-F545-4E66-A968-D464F0519425}) (Version: 1.4.0.0 - Hewlett-Packard)
HP Game Console (x32 Version:  - WildTangent) Hidden
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.023 - Hewlett-Packard) Hidden
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.4042 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{AF306BD8-F9D1-4627-89B9-246E59074A05}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EF682D1C-591D-48B5-9803-628DA622C281}) (Version: 2.2.7 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{6B114F59-6732-4EA5-A33E-ACC6DEC49B61}) (Version: 4.0.70.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}) (Version: 5.1.8.12 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416021FF}) (Version: 6.0.210 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3220 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3220 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 7.1 (HKLM\...\{5EBE0F1F-45DF-4298-AC6B-E8E54EAEC834}) (Version: 7.10.344.0 - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 4.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 4.0.1 (x86 en-US)) (Version: 4.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.5.0.19 - Symantec Corporation)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.55 - NTI Corporation)
NTI Backup Now EZ (x32 Version: 3.0.2.55 - NTI Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Photo Explosion (HKLM-x32\...\{822944D4-BC5D-44AE-9315-16C174D318B0}) (Version: 4.0.0.12 - Nova Development)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4419 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4419 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3320 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3320 - CyberLink Corp.) Hidden
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.1.11.0 - Ralink)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30120 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3223 - CyberLink Corp.) Hidden
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.2 - Nikon)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2685544483-1962792413-3496003650-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2685544483-1962792413-3496003650-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2685544483-1962792413-3496003650-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2685544483-1962792413-3496003650-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2685544483-1962792413-3496003650-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
22-09-2014 16:47:08 Installed NTI Backup Now EZ
22-09-2014 17:17:24 Installed Blio.
22-09-2014 17:37:42 Windows Live Essentials
22-09-2014 17:41:27 Installed DirectX
22-09-2014 17:43:11 Installed DirectX
22-09-2014 17:45:23 Installed DirectX
22-09-2014 17:48:06 WLSetup
22-09-2014 19:09:59 Revo Uninstaller Pro's restore point - AVG 2015
22-09-2014 19:11:31 Revo Uninstaller Pro's restore point - AVG 2015
22-09-2014 19:12:01 Revo Uninstaller Pro's restore point - AVG 2015
22-09-2014 19:12:13 Removed AVG 2015
22-09-2014 19:13:04 Revo Uninstaller Pro's restore point - AVG 2015
22-09-2014 19:13:34 Revo Uninstaller Pro's restore point - AVG 2015
22-09-2014 19:15:12 Revo Uninstaller Pro's restore point - Bing Rewards Client Installer
22-09-2014 19:18:38 Revo Uninstaller Pro's restore point - Diner Dash 2 Restaurant Rescue
22-09-2014 19:19:13 Revo Uninstaller Pro's restore point - Chuzzle Deluxe
22-09-2014 19:19:50 Revo Uninstaller Pro's restore point - Blackhawk Striker 2
22-09-2014 19:20:25 Revo Uninstaller Pro's restore point - Agatha Christie - Peril at End House
22-09-2014 19:21:04 Revo Uninstaller Pro's restore point - Blasterball 3
22-09-2014 19:22:07 Revo Uninstaller Pro's restore point - Bounce Symphony
22-09-2014 19:22:48 Revo Uninstaller Pro's restore point - Wheel of Fortune 2
22-09-2014 19:23:21 Revo Uninstaller Pro's restore point - Jewel Quest Solitaire 2
22-09-2014 19:25:36 Revo Uninstaller Pro's restore point - Escape Rosecliff Island
22-09-2014 19:26:02 Revo Uninstaller Pro's restore point - Escape Rosecliff Island
22-09-2014 19:26:50 Revo Uninstaller Pro's restore point - Virtual Villagers 4 - The Tree of Life
22-09-2014 19:27:29 Revo Uninstaller Pro's restore point - Plants vs. Zombies
22-09-2014 19:28:08 Revo Uninstaller Pro's restore point - Virtual Families
22-09-2014 19:28:41 Revo Uninstaller Pro's restore point - FATE
22-09-2014 19:29:25 Revo Uninstaller Pro's restore point - Final Drive Nitro
22-09-2014 19:30:03 Revo Uninstaller Pro's restore point - Heroes of Hellas 2 - Olympia
22-09-2014 19:30:49 Revo Uninstaller Pro's restore point - Penguins!
22-09-2014 19:31:22 Revo Uninstaller Pro's restore point - Poker Superstars III
22-09-2014 19:31:55 Revo Uninstaller Pro's restore point - Polar Bowler
22-09-2014 19:32:38 Revo Uninstaller Pro's restore point - Polar Golfer
22-09-2014 19:33:20 Revo Uninstaller Pro's restore point - Zuma Deluxe
22-09-2014 19:43:16 Revo Uninstaller Pro's restore point - HP Games
22-09-2014 19:43:58 Revo Uninstaller Pro's restore point - HP Game Console
22-09-2014 19:44:44 Revo Uninstaller Pro's restore point - Mystery P.I. - The London Caper
22-09-2014 19:45:47 Revo Uninstaller Pro's restore point - Farm Frenzy
22-09-2014 19:46:32 Revo Uninstaller Pro's restore point - Cake Mania
24-09-2014 02:54:54 HPSF Restore Point
25-09-2014 00:57:05 Windows Update
25-09-2014 05:54:09 Installed OpenOffice 4.1.1
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-09-25 01:42 - 00000824 ____R C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2570314D-1D30-4C51-BBBA-9AFEB94F7FB6} - System32\Tasks\DTReg => C:\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {2D7BBE21-1070-48AD-AE2E-7783A7A948C3} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {48AE27F2-A490-4DC5-BCB5-4E05D98649E0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {49733D77-C42B-485A-B8A5-8ADFD57D2B46} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {5BBD2074-7C10-438C-9E0C-C718C07667FF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {5E450FA2-77F3-44F8-9C83-65B26EF028F6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {65CBEE2D-2ED5-48F4-9478-0137D7DD7EA3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company)
Task: {84DF347A-290C-44B8-B80F-A008FBC57AFE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {9740AC3D-24B9-4E17-AC18-CE72F950969F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2685544483-1962792413-3496003650-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B66C5D1D-13A0-468B-A44E-CA2EA84A5B85} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B8AE64BE-7AA9-4EF5-9A2C-485FAC24F80E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {BDAC46EB-52D2-476A-8B70-B91441BAE827} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-09-29] (CyberLink)
Task: {C1FDB373-D726-4166-A276-84BA779A28D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\GetAssistance Maintenance Events => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSAObjUtil.exe [2011-03-17] (HP)
Task: {CF7956ED-8FFE-423A-A982-D57A15A026F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03] (Google Inc.)
Task: {D0447E5C-6608-445F-B384-908A13B51452} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company)
Task: {DA06C125-1125-411C-B414-29D27BC4D97B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {DCD7BFB2-851A-4CB1-BB7D-032D7ABBA815} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2009-11-05] (Microsoft Corporation)
Task: {DEA44909-BCB0-4FDF-B8FA-7724749A59D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03] (Google Inc.)
Task: {E69FDACE-7864-47D3-A85E-1A55F5256BF5} - System32\Tasks\Test TimeTrigger => C:\Users\Owner\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {F0FCF61D-0E93-4F3D-80D9-8619FFAC5CE3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {FF126FA1-BA0D-4721-AE9F-DD370421CE1F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2685544483-1962792413-3496003650-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-07-21 17:33 - 2010-07-21 17:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2013-11-07 17:14 - 2013-11-07 17:14 - 00465824 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
2014-09-25 00:28 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-25 00:28 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-25 00:28 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-25 00:28 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-25 00:28 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-09-25 02:27 - 2014-09-23 00:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 02:27 - 2014-09-23 00:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-25 02:27 - 2014-09-23 00:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 02:27 - 2014-09-23 00:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 02:27 - 2014-09-23 00:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:D346F792
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: AddressBookReminderApp => C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\ReminderApp.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BackgroundContainerV2 => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: PC Health Kit Pro => C:\Program Files (x86)\PC Health Kit Pro\PCHKProLauncher.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TBHostSupport => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2685544483-1962792413-3496003650-500 -> Administrator - Disabled - Status: Degraded) => C:\Users\Administrator
Guest (S-1-5-21-2685544483-1962792413-3496003650-501 -> Limited - Disabled - Status: Degraded) => C:\Users\Guest
Guest User (S-1-5-21-2685544483-1962792413-3496003650-1006 -> Limited - Enabled - Status: OK)
HomeGroupUser$ (S-1-5-21-2685544483-1962792413-3496003650-1004 -> Limited - Enabled - Status: OK)
Owner (S-1-5-21-2685544483-1962792413-3496003650-1000 -> Administrator - Enabled - Status: OK) => C:\Users\Owner
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/24/2014 09:12:49 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).
 
Error: (09/24/2014 08:56:31 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
 
System errors:
=============
Error: (09/24/2014 09:04:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error: 
%%2
 
Error: (09/24/2014 09:02:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64
 
Error: (09/24/2014 09:01:50 PM) (Source: RTL8167) (EventID: 5008) (User: )
Description: Realtek PCIe FE Family Controller : Has encountered an invalid network address.
 
Error: (09/24/2014 09:00:14 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (09/24/2014 08:59:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The NPEService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
Microsoft Office Sessions:
=========================
Error: (09/24/2014 09:12:49 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).
 
Error: (09/24/2014 08:56:31 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 55%
Total physical RAM: 3893.86 MB
Available physical RAM: 1743.69 MB
Total Pagefile: 9731.04 MB
Available Pagefile: 7231.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:446.37 GB) (Free:317.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.09 GB) (Free:2.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: DD97EECE)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================
 
Scan with Gmer rootkit scanner "ark.txt"
 
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-25 20:04:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.02.0 465.76GB
Running: yjxyuk9g.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgtiapow.sys
 
 
---- Disk sectors - GMER 2.1 ----
 
Disk  \Device\Harddisk0\DR0  unknown MBR code
 
---- EOF - GMER 2.1 ----
 
Scan with TDSS-Killer log file was too large to attach or include within post.  I will look at how to attach it separately or send a link for dropbox.
 
Please let me know if you need anything else. Again, thank you.
 


#4 jdesunshine

jdesunshine
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:44 PM

Posted 25 September 2014 - 07:51 PM

Scan with TDSS-Killer log file:
 
20:28:19.0790 0x1944  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
20:28:24.0828 0x1944  ============================================================
20:28:24.0828 0x1944  Current date / time: 2014/09/25 20:28:24.0828
20:28:24.0828 0x1944  SystemInfo:
20:28:24.0828 0x1944  
20:28:24.0828 0x1944  OS Version: 6.1.7601 ServicePack: 1.0
20:28:24.0828 0x1944  Product type: Workstation
20:28:24.0828 0x1944  ComputerName: OWNER-HP
20:28:24.0829 0x1944  UserName: Owner
20:28:24.0829 0x1944  Windows directory: C:\Windows
20:28:24.0829 0x1944  System windows directory: C:\Windows
20:28:24.0829 0x1944  Running under WOW64
20:28:24.0829 0x1944  Processor architecture: Intel x64
20:28:24.0829 0x1944  Number of processors: 4
20:28:24.0829 0x1944  Page size: 0x1000
20:28:24.0829 0x1944  Boot type: Normal boot
20:28:24.0829 0x1944  ============================================================
20:28:25.0141 0x1944  KLMD registered as C:\Windows\system32\drivers\82355736.sys
20:28:25.0706 0x1944  System UUID: {59328D74-38BD-F40B-B799-C30BE490EA28}
20:28:26.0620 0x1944  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:28:26.0628 0x1944  ============================================================
20:28:26.0628 0x1944  \Device\Harddisk0\DR0:
20:28:26.0650 0x1944  MBR partitions:
20:28:26.0650 0x1944  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:28:26.0650 0x1944  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37CBE800
20:28:26.0650 0x1944  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37D22800, BlocksNum 0x262F800
20:28:26.0650 0x1944  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
20:28:26.0650 0x1944  ============================================================
20:28:26.0714 0x1944  C: <-> \Device\Harddisk0\DR0\Partition2
20:28:26.0762 0x1944  D: <-> \Device\Harddisk0\DR0\Partition3
20:28:26.0762 0x1944  ============================================================
20:28:26.0763 0x1944  Initialize success
20:28:26.0763 0x1944  ============================================================
20:28:38.0334 0x0db8  ============================================================
20:28:38.0335 0x0db8  Scan started
20:28:38.0335 0x0db8  Mode: Manual; 
20:28:38.0335 0x0db8  ============================================================
20:28:38.0335 0x0db8  KSN ping started
20:28:41.0780 0x0db8  KSN ping finished: true
20:28:43.0171 0x0db8  ================ Scan system memory ========================
20:28:43.0171 0x0db8  System memory - ok
20:28:43.0171 0x0db8  ================ Scan services =============================
20:28:43.0378 0x0db8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:28:43.0390 0x0db8  1394ohci - ok
20:28:43.0591 0x0db8  [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
20:28:43.0598 0x0db8  ACDaemon - ok
20:28:43.0648 0x0db8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:28:43.0660 0x0db8  ACPI - ok
20:28:43.0698 0x0db8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:28:43.0700 0x0db8  AcpiPmi - ok
20:28:43.0883 0x0db8  [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:28:43.0904 0x0db8  AdobeFlashPlayerUpdateSvc - ok
20:28:43.0988 0x0db8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:28:44.0020 0x0db8  adp94xx - ok
20:28:44.0070 0x0db8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:28:44.0081 0x0db8  adpahci - ok
20:28:44.0138 0x0db8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:28:44.0144 0x0db8  adpu320 - ok
20:28:44.0226 0x0db8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:28:44.0229 0x0db8  AeLookupSvc - ok
20:28:44.0315 0x0db8  [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
20:28:44.0321 0x0db8  AERTFilters - ok
20:28:44.0382 0x0db8  [ 0D0E5281784C2C526BA43C2ECD374288, BE4B16E08A96A24BEB904A2216A538340FD91A11E0CAB43BF8788C35DAD2D2B5 ] Afc             C:\Windows\syswow64\drivers\Afc.sys
20:28:44.0385 0x0db8  Afc - ok
20:28:44.0450 0x0db8  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
20:28:44.0468 0x0db8  AFD - ok
20:28:44.0529 0x0db8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:28:44.0534 0x0db8  agp440 - ok
20:28:44.0575 0x0db8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:28:44.0579 0x0db8  ALG - ok
20:28:44.0638 0x0db8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:28:44.0640 0x0db8  aliide - ok
20:28:44.0666 0x0db8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:28:44.0668 0x0db8  amdide - ok
20:28:44.0706 0x0db8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:28:44.0709 0x0db8  AmdK8 - ok
20:28:44.0731 0x0db8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:28:44.0735 0x0db8  AmdPPM - ok
20:28:44.0770 0x0db8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:28:44.0776 0x0db8  amdsata - ok
20:28:44.0808 0x0db8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:28:44.0817 0x0db8  amdsbs - ok
20:28:44.0832 0x0db8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:28:44.0834 0x0db8  amdxata - ok
20:28:44.0886 0x0db8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
20:28:44.0888 0x0db8  AppID - ok
20:28:44.0919 0x0db8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:28:44.0922 0x0db8  AppIDSvc - ok
20:28:44.0960 0x0db8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
20:28:44.0964 0x0db8  Appinfo - ok
20:28:45.0012 0x0db8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:28:45.0017 0x0db8  arc - ok
20:28:45.0040 0x0db8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:28:45.0045 0x0db8  arcsas - ok
20:28:45.0177 0x0db8  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:28:45.0181 0x0db8  aspnet_state - ok
20:28:45.0217 0x0db8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:28:45.0219 0x0db8  AsyncMac - ok
20:28:45.0255 0x0db8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:28:45.0257 0x0db8  atapi - ok
20:28:45.0346 0x0db8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:28:45.0367 0x0db8  AudioEndpointBuilder - ok
20:28:45.0434 0x0db8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:28:45.0450 0x0db8  AudioSrv - ok
20:28:45.0523 0x0db8  [ 17C34C4B42C8B2EFCF2C065178BF4806, CB28BEE44B7A821EE728EFFD1B1882B57E417292A3A5377F3A98F16B0AF14DC7 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
20:28:45.0528 0x0db8  AVGIDSHA - ok
20:28:45.0614 0x0db8  [ 734DCC05A7F327FDCE43A18BA011FD4E, E5245314E60D86911A6A9FC1FE4A0C0D0284D972CE642C28B9B1A43D1553AFA5 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
20:28:45.0622 0x0db8  Avgloga - ok
20:28:45.0703 0x0db8  [ 74D2F0CCDB47D99AF624DD6355AD698C, DDB89041351DBCD26DE1402CE3AF34EEE464CE17F69A7E472B8C6ECCE9970873 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
20:28:45.0717 0x0db8  Avgtdia - ok
20:28:45.0800 0x0db8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:28:45.0807 0x0db8  AxInstSV - ok
20:28:45.0875 0x0db8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:28:45.0909 0x0db8  b06bdrv - ok
20:28:45.0977 0x0db8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:28:45.0989 0x0db8  b57nd60a - ok
20:28:46.0042 0x0db8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:28:46.0045 0x0db8  BDESVC - ok
20:28:46.0085 0x0db8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:28:46.0086 0x0db8  Beep - ok
20:28:46.0165 0x0db8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:28:46.0183 0x0db8  BFE - ok
20:28:46.0614 0x0db8  [ B20C7345F7EAD6C5E3EFA52E044411B6, 63DC57908D77B77907A278AD219240AEDD502272D5D3D35D5339172CDE36DA86 ] BHDrvx64        C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140912.003\BHDrvx64.sys
20:28:46.0682 0x0db8  BHDrvx64 - ok
20:28:46.0793 0x0db8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
20:28:46.0817 0x0db8  BITS - ok
20:28:46.0865 0x0db8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:28:46.0868 0x0db8  blbdrive - ok
20:28:46.0922 0x0db8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:28:46.0928 0x0db8  bowser - ok
20:28:46.0960 0x0db8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:28:46.0963 0x0db8  BrFiltLo - ok
20:28:46.0977 0x0db8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:28:46.0979 0x0db8  BrFiltUp - ok
20:28:47.0017 0x0db8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:28:47.0022 0x0db8  Browser - ok
20:28:47.0062 0x0db8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:28:47.0074 0x0db8  Brserid - ok
20:28:47.0143 0x0db8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:28:47.0147 0x0db8  BrSerWdm - ok
20:28:47.0177 0x0db8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:28:47.0179 0x0db8  BrUsbMdm - ok
20:28:47.0202 0x0db8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:28:47.0204 0x0db8  BrUsbSer - ok
20:28:47.0223 0x0db8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:28:47.0227 0x0db8  BTHMODEM - ok
20:28:47.0259 0x0db8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:28:47.0262 0x0db8  bthserv - ok
20:28:47.0340 0x0db8  [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys
20:28:47.0352 0x0db8  ccSet_NIS - ok
20:28:47.0394 0x0db8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:28:47.0398 0x0db8  cdfs - ok
20:28:47.0450 0x0db8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:28:47.0460 0x0db8  cdrom - ok
20:28:47.0499 0x0db8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:28:47.0502 0x0db8  CertPropSvc - ok
20:28:47.0524 0x0db8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:28:47.0527 0x0db8  circlass - ok
20:28:47.0568 0x0db8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
20:28:47.0578 0x0db8  CLFS - ok
20:28:47.0671 0x0db8  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:28:47.0675 0x0db8  clr_optimization_v2.0.50727_32 - ok
20:28:47.0733 0x0db8  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:28:47.0739 0x0db8  clr_optimization_v2.0.50727_64 - ok
20:28:47.0828 0x0db8  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:28:47.0834 0x0db8  clr_optimization_v4.0.30319_32 - ok
20:28:47.0884 0x0db8  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:28:47.0890 0x0db8  clr_optimization_v4.0.30319_64 - ok
20:28:47.0909 0x0db8  [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
20:28:47.0912 0x0db8  clwvd - ok
20:28:47.0933 0x0db8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:28:47.0935 0x0db8  CmBatt - ok
20:28:47.0971 0x0db8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:28:47.0973 0x0db8  cmdide - ok
20:28:48.0038 0x0db8  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
20:28:48.0081 0x0db8  CNG - ok
20:28:48.0140 0x0db8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:28:48.0142 0x0db8  Compbatt - ok
20:28:48.0193 0x0db8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:28:48.0195 0x0db8  CompositeBus - ok
20:28:48.0204 0x0db8  COMSysApp - ok
20:28:48.0236 0x0db8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:28:48.0238 0x0db8  crcdisk - ok
20:28:48.0288 0x0db8  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:28:48.0293 0x0db8  CryptSvc - ok
20:28:48.0401 0x0db8  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:28:48.0465 0x0db8  cvhsvc - ok
20:28:48.0514 0x0db8  [ 23D4B856725F5FC3C4F410C150AB107B, 6F2D24E9A113670A71B1E6C51DA08FEDCEEA66898D14052921DA6B4C1CD81EE9 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
20:28:48.0517 0x0db8  dc3d - ok
20:28:48.0596 0x0db8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:28:48.0615 0x0db8  DcomLaunch - ok
20:28:48.0656 0x0db8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:28:48.0665 0x0db8  defragsvc - ok
20:28:48.0696 0x0db8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:28:48.0700 0x0db8  DfsC - ok
20:28:48.0747 0x0db8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:28:48.0755 0x0db8  Dhcp - ok
20:28:48.0779 0x0db8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:28:48.0781 0x0db8  discache - ok
20:28:48.0827 0x0db8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:28:48.0833 0x0db8  Disk - ok
20:28:48.0886 0x0db8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:28:48.0896 0x0db8  Dnscache - ok
20:28:48.0957 0x0db8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:28:48.0966 0x0db8  dot3svc - ok
20:28:49.0031 0x0db8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:28:49.0036 0x0db8  DPS - ok
20:28:49.0086 0x0db8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:28:49.0087 0x0db8  drmkaud - ok
20:28:49.0155 0x0db8  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:28:49.0222 0x0db8  DXGKrnl - ok
20:28:49.0272 0x0db8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:28:49.0275 0x0db8  EapHost - ok
20:28:49.0438 0x0db8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:28:49.0575 0x0db8  ebdrv - ok
20:28:49.0704 0x0db8  [ 03E1B8BA59327D186C7C533A6998FEF9, 224937A697B55BD9CCD790771DBE9D135021AD1DC3E6D6AC7C431C56F0FFBBB5 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:28:49.0730 0x0db8  eeCtrl - ok
20:28:49.0771 0x0db8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
20:28:49.0773 0x0db8  EFS - ok
20:28:49.0890 0x0db8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:28:49.0922 0x0db8  ehRecvr - ok
20:28:49.0944 0x0db8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
20:28:49.0948 0x0db8  ehSched - ok
20:28:49.0996 0x0db8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:28:50.0018 0x0db8  elxstor - ok
20:28:50.0103 0x0db8  [ 142EA7DF1851C563571F2DCFC7AFBB40, 14DE008B68D127F246A64290DFCBD7ECDE8FF7932B3BAE660EB131860E826EAD ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:28:50.0111 0x0db8  EraserUtilRebootDrv - ok
20:28:50.0135 0x0db8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:28:50.0137 0x0db8  ErrDev - ok
20:28:50.0184 0x0db8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:28:50.0198 0x0db8  EventSystem - ok
20:28:50.0243 0x0db8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:28:50.0256 0x0db8  exfat - ok
20:28:50.0277 0x0db8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:28:50.0283 0x0db8  fastfat - ok
20:28:50.0367 0x0db8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
20:28:50.0389 0x0db8  Fax - ok
20:28:50.0431 0x0db8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:28:50.0433 0x0db8  fdc - ok
20:28:50.0471 0x0db8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:28:50.0473 0x0db8  fdPHost - ok
20:28:50.0494 0x0db8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:28:50.0498 0x0db8  FDResPub - ok
20:28:50.0522 0x0db8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:28:50.0526 0x0db8  FileInfo - ok
20:28:50.0541 0x0db8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:28:50.0543 0x0db8  Filetrace - ok
20:28:50.0558 0x0db8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:28:50.0560 0x0db8  flpydisk - ok
20:28:50.0622 0x0db8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:28:50.0641 0x0db8  FltMgr - ok
20:28:50.0745 0x0db8  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
20:28:50.0815 0x0db8  FontCache - ok
20:28:50.0885 0x0db8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:28:50.0887 0x0db8  FontCache3.0.0.0 - ok
20:28:50.0914 0x0db8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:28:50.0919 0x0db8  FsDepends - ok
20:28:50.0974 0x0db8  [ 8DE1B4F579F8F8897409856F3BB7A7D2, F6F6B2450951E875C3C236F7798F960FD4433EE6B0C57132CB3D32126BEE34E0 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
20:28:50.0977 0x0db8  fssfltr - ok
20:28:51.0119 0x0db8  [ 7B4C82899A967A7EB22DAB502770AE8E, 209FB59669070FCAAACB24B0CE81C375362BF1C519B15FDB5AA3EC2C87E2069B ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:28:51.0182 0x0db8  fsssvc - ok
20:28:51.0211 0x0db8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:28:51.0213 0x0db8  Fs_Rec - ok
20:28:51.0262 0x0db8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:28:51.0274 0x0db8  fvevol - ok
20:28:51.0305 0x0db8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:28:51.0307 0x0db8  gagp30kx - ok
20:28:51.0364 0x0db8  globalUpdate - ok
20:28:51.0387 0x0db8  globalUpdatem - ok
20:28:51.0479 0x0db8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:28:51.0519 0x0db8  gpsvc - ok
20:28:51.0589 0x0db8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:28:51.0596 0x0db8  gupdate - ok
20:28:51.0608 0x0db8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:28:51.0613 0x0db8  gupdatem - ok
20:28:51.0638 0x0db8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:28:51.0641 0x0db8  hcw85cir - ok
20:28:51.0708 0x0db8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:28:51.0729 0x0db8  HdAudAddService - ok
20:28:51.0759 0x0db8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:28:51.0764 0x0db8  HDAudBus - ok
20:28:51.0806 0x0db8  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
20:28:51.0809 0x0db8  HECIx64 - ok
20:28:51.0834 0x0db8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:28:51.0836 0x0db8  HidBatt - ok
20:28:51.0854 0x0db8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:28:51.0859 0x0db8  HidBth - ok
20:28:51.0888 0x0db8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:28:51.0891 0x0db8  HidIr - ok
20:28:51.0916 0x0db8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
20:28:51.0919 0x0db8  hidserv - ok
20:28:51.0972 0x0db8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:28:51.0974 0x0db8  HidUsb - ok
20:28:52.0019 0x0db8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:28:52.0025 0x0db8  hkmsvc - ok
20:28:52.0093 0x0db8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:28:52.0106 0x0db8  HomeGroupListener - ok
20:28:52.0156 0x0db8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:28:52.0168 0x0db8  HomeGroupProvider - ok
20:28:52.0265 0x0db8  [ 37965381364B2E106E1DD7D74CDCAA43, 94C30FA88140E802A549549856145824122F138C2697301CDCAAEEEEA3858E12 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
20:28:52.0272 0x0db8  HP Health Check Service - ok
20:28:52.0344 0x0db8  [ C930128C8F8FF03D8F8C42B570920D56, 6D44373F466A580EFB9866FA4FACB4951C522893C2A1877ED0E462460B90E241 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
20:28:52.0350 0x0db8  HP Wireless Assistant Service - ok
20:28:52.0393 0x0db8  [ 3DC11A802353401332D49C3CBFBBE5FC, E812E8A4ED64FEC346BE6B175CE651CFC553A23F31B0ABC5D50E6995A7F130DF ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
20:28:52.0405 0x0db8  HPClientSvc - ok
20:28:52.0456 0x0db8  [ F323230C391771611BBE9363B88C3E3E, 28850F30E2A70AE5A3A880302A8307D8B30A7F5E25041A1DD88E9707D74AEC47 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:28:52.0461 0x0db8  HPDrvMntSvc.exe - ok
20:28:52.0515 0x0db8  [ 5311386F0EC157D155BB07A1D420FB4D, CEBDC022DE0444F30A6C706AA038BECA148A2EA59C2E4FBE6E3A7F7F2A58915D ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
20:28:52.0547 0x0db8  hpqwmiex - ok
20:28:52.0610 0x0db8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:28:52.0616 0x0db8  HpSAMD - ok
20:28:52.0651 0x0db8  [ 854197D1270D20193FE2D4B14784AADE, 85BEE45DD605DD00A25322CE545544D5732F6FE5571EFCCDC309630091331ECD ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
20:28:52.0653 0x0db8  HPWMISVC - ok
20:28:52.0742 0x0db8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:28:52.0763 0x0db8  HTTP - ok
20:28:52.0806 0x0db8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:28:52.0806 0x0db8  hwpolicy - ok
20:28:52.0856 0x0db8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:28:52.0863 0x0db8  i8042prt - ok
20:28:52.0926 0x0db8  [ 1384872112E8E7FD5786ECEB8BDDF4C9, DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:28:52.0940 0x0db8  iaStor - ok
20:28:52.0983 0x0db8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:28:52.0995 0x0db8  iaStorV - ok
20:28:53.0096 0x0db8  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:28:53.0100 0x0db8  IDriverT - ok
20:28:53.0198 0x0db8  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:28:53.0234 0x0db8  idsvc - ok
20:28:53.0386 0x0db8  [ 77AC93E28B5F4DCE317EFA695E3F59E3, 57D510CEE1B777CFB52CECBAB43B0698A53B048B7E0C622473DEA9E03E2D9BEF ] IDSVia64        C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140925.001\IDSvia64.sys
20:28:53.0420 0x0db8  IDSVia64 - ok
20:28:53.0442 0x0db8  IEEtwCollectorService - ok
20:28:53.0844 0x0db8  [ 677AA5991026A65ADA128C4B59CF2BAD, 013F9D7362960EEE1DB70EE8B90A896EACA0B752924717FD019A6DD3BFF50C00 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:28:54.0226 0x0db8  igfx - ok
20:28:54.0274 0x0db8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:28:54.0277 0x0db8  iirsp - ok
20:28:54.0365 0x0db8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
20:28:54.0387 0x0db8  IKEEXT - ok
20:28:54.0420 0x0db8  [ 4B6363CD4610BB848531BB260B15DFCC, 13A8AA9571497086341AC00797EFF212FF76EE62F9CFF758D3C08B377EC7BF04 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
20:28:54.0425 0x0db8  Impcd - ok
20:28:54.0553 0x0db8  [ D311E2DD59A34079D89C249B2A4D9FDB, F2DB1DBD5619A48545434983DDB5260A610F22B37E1D81720B688FEF95C9AD07 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:28:54.0658 0x0db8  IntcAzAudAddService - ok
20:28:54.0743 0x0db8  [ 58CF58DEE26C909BD6F977B61D246295, 0CE27B81C091961A22B75478449D654F9C1A68E43DF80C699DB8DD3D1B288461 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
20:28:54.0760 0x0db8  IntcDAud - ok
20:28:54.0804 0x0db8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:28:54.0806 0x0db8  intelide - ok
20:28:54.0838 0x0db8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:28:54.0840 0x0db8  intelppm - ok
20:28:54.0865 0x0db8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:28:54.0869 0x0db8  IPBusEnum - ok
20:28:54.0907 0x0db8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:28:54.0911 0x0db8  IpFilterDriver - ok
20:28:55.0010 0x0db8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:28:55.0041 0x0db8  iphlpsvc - ok
20:28:55.0069 0x0db8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:28:55.0072 0x0db8  IPMIDRV - ok
20:28:55.0089 0x0db8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:28:55.0093 0x0db8  IPNAT - ok
20:28:55.0123 0x0db8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:28:55.0124 0x0db8  IRENUM - ok
20:28:55.0156 0x0db8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:28:55.0158 0x0db8  isapnp - ok
20:28:55.0201 0x0db8  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:28:55.0211 0x0db8  iScsiPrt - ok
20:28:55.0242 0x0db8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:28:55.0245 0x0db8  kbdclass - ok
20:28:55.0268 0x0db8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:28:55.0271 0x0db8  kbdhid - ok
20:28:55.0303 0x0db8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
20:28:55.0306 0x0db8  KeyIso - ok
20:28:55.0342 0x0db8  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:28:55.0346 0x0db8  KSecDD - ok
20:28:55.0397 0x0db8  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:28:55.0407 0x0db8  KSecPkg - ok
20:28:55.0441 0x0db8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:28:55.0443 0x0db8  ksthunk - ok
20:28:55.0484 0x0db8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:28:55.0497 0x0db8  KtmRm - ok
20:28:55.0565 0x0db8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:28:55.0577 0x0db8  LanmanServer - ok
20:28:55.0618 0x0db8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:28:55.0622 0x0db8  LanmanWorkstation - ok
20:28:55.0665 0x0db8  [ FCBDCC6F1801E32244235608E1277752, 8CC8E22E412645F4A534C51FB550AB22410AE90FA266D75498827EB922E8191E ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:28:55.0670 0x0db8  LightScribeService - ok
20:28:55.0700 0x0db8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:28:55.0704 0x0db8  lltdio - ok
20:28:55.0751 0x0db8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:28:55.0771 0x0db8  lltdsvc - ok
20:28:55.0800 0x0db8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:28:55.0804 0x0db8  lmhosts - ok
20:28:55.0889 0x0db8  [ 7485FBCEF9136F530953575E2977859D, 5A6A67EE407C6ECE637C2B2AC21259BB86D032E47CE59F77AAF48D687B74CFCB ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:28:55.0909 0x0db8  LMS - ok
20:28:55.0944 0x0db8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:28:55.0951 0x0db8  LSI_FC - ok
20:28:55.0986 0x0db8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:28:55.0991 0x0db8  LSI_SAS - ok
20:28:56.0011 0x0db8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:28:56.0014 0x0db8  LSI_SAS2 - ok
20:28:56.0026 0x0db8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:28:56.0031 0x0db8  LSI_SCSI - ok
20:28:56.0063 0x0db8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:28:56.0069 0x0db8  luafv - ok
20:28:56.0131 0x0db8  [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
20:28:56.0133 0x0db8  MBAMProtector - ok
20:28:56.0266 0x0db8  [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
20:28:56.0355 0x0db8  MBAMScheduler - ok
20:28:56.0442 0x0db8  [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
20:28:56.0483 0x0db8  MBAMService - ok
20:28:56.0565 0x0db8  [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
20:28:56.0570 0x0db8  MBAMSwissArmy - ok
20:28:56.0613 0x0db8  [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
20:28:56.0617 0x0db8  MBAMWebAccessControl - ok
20:28:56.0654 0x0db8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:28:56.0662 0x0db8  Mcx2Svc - ok
20:28:56.0689 0x0db8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:28:56.0692 0x0db8  megasas - ok
20:28:56.0738 0x0db8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:28:56.0750 0x0db8  MegaSR - ok
20:28:56.0804 0x0db8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:28:56.0808 0x0db8  MMCSS - ok
20:28:56.0836 0x0db8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:28:56.0839 0x0db8  Modem - ok
20:28:56.0864 0x0db8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:28:56.0865 0x0db8  monitor - ok
20:28:56.0908 0x0db8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:28:56.0911 0x0db8  mouclass - ok
20:28:56.0930 0x0db8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:28:56.0933 0x0db8  mouhid - ok
20:28:56.0986 0x0db8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:28:56.0992 0x0db8  mountmgr - ok
20:28:57.0034 0x0db8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:28:57.0042 0x0db8  mpio - ok
20:28:57.0086 0x0db8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:28:57.0090 0x0db8  mpsdrv - ok
20:28:57.0181 0x0db8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:28:57.0204 0x0db8  MpsSvc - ok
20:28:57.0258 0x0db8  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:28:57.0267 0x0db8  MRxDAV - ok
20:28:57.0300 0x0db8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:28:57.0309 0x0db8  mrxsmb - ok
20:28:57.0362 0x0db8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:28:57.0374 0x0db8  mrxsmb10 - ok
20:28:57.0397 0x0db8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:28:57.0403 0x0db8  mrxsmb20 - ok
20:28:57.0438 0x0db8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:28:57.0440 0x0db8  msahci - ok
20:28:57.0464 0x0db8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:28:57.0471 0x0db8  msdsm - ok
20:28:57.0497 0x0db8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:28:57.0504 0x0db8  MSDTC - ok
20:28:57.0540 0x0db8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:28:57.0542 0x0db8  Msfs - ok
20:28:57.0557 0x0db8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:28:57.0558 0x0db8  mshidkmdf - ok
20:28:57.0585 0x0db8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:28:57.0587 0x0db8  msisadrv - ok
20:28:57.0622 0x0db8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:28:57.0628 0x0db8  MSiSCSI - ok
20:28:57.0632 0x0db8  msiserver - ok
20:28:57.0669 0x0db8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:28:57.0670 0x0db8  MSKSSRV - ok
20:28:57.0705 0x0db8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:28:57.0707 0x0db8  MSPCLOCK - ok
20:28:57.0719 0x0db8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:28:57.0721 0x0db8  MSPQM - ok
20:28:57.0778 0x0db8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:28:57.0805 0x0db8  MsRPC - ok
20:28:57.0836 0x0db8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:28:57.0838 0x0db8  mssmbios - ok
20:28:57.0868 0x0db8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:28:57.0869 0x0db8  MSTEE - ok
20:28:57.0885 0x0db8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:28:57.0887 0x0db8  MTConfig - ok
20:28:57.0903 0x0db8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:28:57.0906 0x0db8  Mup - ok
20:28:57.0961 0x0db8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:28:57.0975 0x0db8  napagent - ok
20:28:58.0020 0x0db8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:28:58.0029 0x0db8  NativeWifiP - ok
20:28:58.0110 0x0db8  [ C180A82874D3CDC390A27F2F1E1AF025, 9F473661524D645D5C1D616BF2BEC2996DFAE9268B7CF280FCCBD19AA072E567 ] NAVENG          C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140924.019\ENG64.SYS
20:28:58.0118 0x0db8  NAVENG - ok
20:28:58.0275 0x0db8  [ E66CA6C321614D7BC0AFC9C8436131B9, BF732419D56E1B8AB3B11B19403087D4EDBF9108F0252ACBB561235040AB4436 ] NAVEX15         C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140924.019\EX64.SYS
20:28:58.0335 0x0db8  NAVEX15 - ok
20:28:58.0434 0x0db8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:28:58.0480 0x0db8  NDIS - ok
20:28:58.0497 0x0db8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:28:58.0500 0x0db8  NdisCap - ok
20:28:58.0537 0x0db8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:28:58.0539 0x0db8  NdisTapi - ok
20:28:58.0585 0x0db8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:28:58.0588 0x0db8  Ndisuio - ok
20:28:58.0630 0x0db8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:28:58.0636 0x0db8  NdisWan - ok
20:28:58.0665 0x0db8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:28:58.0668 0x0db8  NDProxy - ok
20:28:58.0691 0x0db8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:28:58.0693 0x0db8  NetBIOS - ok
20:28:58.0733 0x0db8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:28:58.0740 0x0db8  NetBT - ok
20:28:58.0759 0x0db8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
20:28:58.0761 0x0db8  Netlogon - ok
20:28:58.0802 0x0db8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:28:58.0812 0x0db8  Netman - ok
20:28:58.0862 0x0db8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:28:58.0867 0x0db8  NetMsmqActivator - ok
20:28:58.0889 0x0db8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:28:58.0894 0x0db8  NetPipeActivator - ok
20:28:58.0954 0x0db8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:28:58.0969 0x0db8  netprofm - ok
20:28:59.0037 0x0db8  [ AA1D8F9DE032BE4E8303AF33368FDFC8, D5D24EDA2D572A8A078C23BA19FEDCB648674A91D3DEDA2B6023B0C720B7397B ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
20:28:59.0082 0x0db8  netr28x - ok
20:28:59.0117 0x0db8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:28:59.0121 0x0db8  NetTcpActivator - ok
20:28:59.0129 0x0db8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:28:59.0133 0x0db8  NetTcpPortSharing - ok
20:28:59.0378 0x0db8  [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
20:28:59.0593 0x0db8  netw5v64 - ok
20:28:59.0643 0x0db8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:28:59.0644 0x0db8  nfrd960 - ok
20:28:59.0812 0x0db8  [ DA97E7798C1B1B265436BF6B2026E74D, 0A9B176D46E53A5B28262C143410CFB3C4D7ABC12F9F0E0BCE6526E11C01FF4B ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe
20:28:59.0827 0x0db8  NIS - ok
20:28:59.0855 0x0db8  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:28:59.0862 0x0db8  NlaSvc - ok
20:28:59.0886 0x0db8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:28:59.0888 0x0db8  Npfs - ok
20:28:59.0910 0x0db8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:28:59.0912 0x0db8  nsi - ok
20:28:59.0919 0x0db8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:28:59.0920 0x0db8  nsiproxy - ok
20:29:00.0011 0x0db8  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:29:00.0086 0x0db8  Ntfs - ok
20:29:00.0212 0x0db8  [ 51443126E4A458964E918CE78FC04427, C9C92F33A97F2AAE63F5AD4BE915BA91738CFFC142B6D02BF15898D615287DDC ] NTI BackupNowEZSvr C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
20:29:00.0214 0x0db8  NTI BackupNowEZSvr - ok
20:29:00.0231 0x0db8  [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
20:29:00.0232 0x0db8  NTIDrvr - ok
20:29:00.0252 0x0db8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:29:00.0253 0x0db8  Null - ok
20:29:00.0280 0x0db8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:29:00.0284 0x0db8  nvraid - ok
20:29:00.0319 0x0db8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:29:00.0325 0x0db8  nvstor - ok
20:29:00.0349 0x0db8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:29:00.0354 0x0db8  nv_agp - ok
20:29:00.0374 0x0db8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:29:00.0377 0x0db8  ohci1394 - ok
20:29:00.0435 0x0db8  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:29:00.0443 0x0db8  ose - ok
20:29:00.0675 0x0db8  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:29:00.0876 0x0db8  osppsvc - ok
20:29:00.0915 0x0db8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:29:00.0924 0x0db8  p2pimsvc - ok
20:29:00.0945 0x0db8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:29:00.0956 0x0db8  p2psvc - ok
20:29:00.0979 0x0db8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:29:00.0983 0x0db8  Parport - ok
20:29:01.0020 0x0db8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:29:01.0022 0x0db8  partmgr - ok
20:29:01.0038 0x0db8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:29:01.0043 0x0db8  PcaSvc - ok
20:29:01.0078 0x0db8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
20:29:01.0084 0x0db8  pci - ok
20:29:01.0124 0x0db8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:29:01.0125 0x0db8  pciide - ok
20:29:01.0160 0x0db8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:29:01.0172 0x0db8  pcmcia - ok
20:29:01.0194 0x0db8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:29:01.0197 0x0db8  pcw - ok
20:29:01.0229 0x0db8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:29:01.0263 0x0db8  PEAUTH - ok
20:29:01.0405 0x0db8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:29:01.0408 0x0db8  PerfHost - ok
20:29:01.0517 0x0db8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
20:29:01.0572 0x0db8  pla - ok
20:29:01.0632 0x0db8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:29:01.0643 0x0db8  PlugPlay - ok
20:29:01.0682 0x0db8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:29:01.0684 0x0db8  PNRPAutoReg - ok
20:29:01.0704 0x0db8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:29:01.0712 0x0db8  PNRPsvc - ok
20:29:01.0738 0x0db8  [ 9ABFF71FF6F3B9492686D3403FA5DCDB, 8742C43492A285CDF87C11AFD138BAB245149DAE0CD3354FC5719CA32834A801 ] Point64         C:\Windows\system32\DRIVERS\point64k.sys
20:29:01.0740 0x0db8  Point64 - ok
20:29:01.0810 0x0db8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:29:01.0843 0x0db8  PolicyAgent - ok
20:29:01.0870 0x0db8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:29:01.0875 0x0db8  Power - ok
20:29:01.0915 0x0db8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:29:01.0919 0x0db8  PptpMiniport - ok
20:29:01.0957 0x0db8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:29:01.0960 0x0db8  Processor - ok
20:29:02.0012 0x0db8  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:29:02.0024 0x0db8  ProfSvc - ok
20:29:02.0036 0x0db8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:29:02.0039 0x0db8  ProtectedStorage - ok
20:29:02.0100 0x0db8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:29:02.0107 0x0db8  Psched - ok
20:29:02.0219 0x0db8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:29:02.0283 0x0db8  ql2300 - ok
20:29:02.0310 0x0db8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:29:02.0314 0x0db8  ql40xx - ok
20:29:02.0347 0x0db8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:29:02.0356 0x0db8  QWAVE - ok
20:29:02.0371 0x0db8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:29:02.0374 0x0db8  QWAVEdrv - ok
20:29:02.0384 0x0db8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:29:02.0386 0x0db8  RasAcd - ok
20:29:02.0401 0x0db8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:29:02.0403 0x0db8  RasAgileVpn - ok
20:29:02.0419 0x0db8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:29:02.0423 0x0db8  RasAuto - ok
20:29:02.0466 0x0db8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:29:02.0470 0x0db8  Rasl2tp - ok
20:29:02.0550 0x0db8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:29:02.0567 0x0db8  RasMan - ok
20:29:02.0618 0x0db8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:29:02.0623 0x0db8  RasPppoe - ok
20:29:02.0633 0x0db8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:29:02.0637 0x0db8  RasSstp - ok
20:29:02.0679 0x0db8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:29:02.0690 0x0db8  rdbss - ok
20:29:02.0736 0x0db8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:29:02.0737 0x0db8  rdpbus - ok
20:29:02.0775 0x0db8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:29:02.0776 0x0db8  RDPCDD - ok
20:29:02.0791 0x0db8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:29:02.0792 0x0db8  RDPENCDD - ok
20:29:02.0803 0x0db8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:29:02.0804 0x0db8  RDPREFMP - ok
20:29:02.0840 0x0db8  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:29:02.0847 0x0db8  RDPWD - ok
20:29:02.0911 0x0db8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:29:02.0923 0x0db8  rdyboost - ok
20:29:02.0948 0x0db8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:29:02.0953 0x0db8  RemoteAccess - ok
20:29:02.0984 0x0db8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:29:02.0989 0x0db8  RemoteRegistry - ok
20:29:03.0046 0x0db8  [ 9C3AC71A9934B884FAC567A8807E9C4D, 0B6B2970098E3C21E1E54A25785544903E8CD415B527FCEF86ABC7B33BEC83E7 ] Revoflt         C:\Windows\system32\DRIVERS\revoflt.sys
20:29:03.0049 0x0db8  Revoflt - ok
20:29:03.0128 0x0db8  [ C1568E17039B2EC2B73A4F880DDD51E5, B193BA01D3EA9EF8052F2053CB70DC528232F21FECBE78C83E8048A7F90E8951 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
20:29:03.0153 0x0db8  RoxioNow Service - ok
20:29:03.0173 0x0db8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:29:03.0177 0x0db8  RpcEptMapper - ok
20:29:03.0195 0x0db8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:29:03.0196 0x0db8  RpcLocator - ok
20:29:03.0244 0x0db8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
20:29:03.0257 0x0db8  RpcSs - ok
20:29:03.0284 0x0db8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:29:03.0287 0x0db8  rspndr - ok
20:29:03.0335 0x0db8  [ 22D6B47D004A6568C500680BE2972854, 6FDDF4C0CE6211A49D0BE6529253754319D094AF3E306F87C3EE8986FB188671 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
20:29:03.0343 0x0db8  RSUSBSTOR - ok
20:29:03.0371 0x0db8  [ 4B42BC58294E83A6A92EC8B88C14C4A3, 80885CFF021F7BC85647224863A83D444EA7848CBB4F06DFDFADE58F47307D21 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:29:03.0381 0x0db8  RTL8167 - ok
20:29:03.0451 0x0db8  [ 4EA7E5DF0CB237156176FA0349E6E87F, 542C5291369009FD9B52B5939E3B55E4CC37056E03815986CA1C1EFCFB52F5D6 ] RtVOsdService   C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
20:29:03.0470 0x0db8  RtVOsdService - ok
20:29:03.0482 0x0db8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
20:29:03.0484 0x0db8  SamSs - ok
20:29:03.0519 0x0db8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:29:03.0523 0x0db8  sbp2port - ok
20:29:03.0566 0x0db8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:29:03.0580 0x0db8  SCardSvr - ok
20:29:03.0619 0x0db8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:29:03.0622 0x0db8  scfilter - ok
20:29:03.0695 0x0db8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
20:29:03.0746 0x0db8  Schedule - ok
20:29:03.0787 0x0db8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:29:03.0790 0x0db8  SCPolicySvc - ok
20:29:03.0831 0x0db8  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\drivers\sdbus.sys
20:29:03.0838 0x0db8  sdbus - ok
20:29:03.0896 0x0db8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:29:03.0909 0x0db8  SDRSVC - ok
20:29:04.0118 0x0db8  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
20:29:04.0182 0x0db8  SDScannerService - ok
20:29:04.0344 0x0db8  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:29:04.0461 0x0db8  SDUpdateService - ok
20:29:04.0497 0x0db8  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:29:04.0502 0x0db8  SDWSCService - ok
20:29:04.0538 0x0db8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:29:04.0540 0x0db8  secdrv - ok
20:29:04.0572 0x0db8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
20:29:04.0577 0x0db8  seclogon - ok
20:29:04.0607 0x0db8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
20:29:04.0613 0x0db8  SENS - ok
20:29:04.0640 0x0db8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:29:04.0644 0x0db8  SensrSvc - ok
20:29:04.0693 0x0db8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:29:04.0695 0x0db8  Serenum - ok
20:29:04.0708 0x0db8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:29:04.0713 0x0db8  Serial - ok
20:29:04.0761 0x0db8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:29:04.0763 0x0db8  sermouse - ok
20:29:04.0823 0x0db8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:29:04.0832 0x0db8  SessionEnv - ok
20:29:04.0852 0x0db8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:29:04.0853 0x0db8  sffdisk - ok
20:29:04.0866 0x0db8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:29:04.0868 0x0db8  sffp_mmc - ok
20:29:04.0873 0x0db8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:29:04.0875 0x0db8  sffp_sd - ok
20:29:04.0902 0x0db8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:29:04.0904 0x0db8  sfloppy - ok
20:29:04.0972 0x0db8  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
20:29:05.0003 0x0db8  Sftfs - ok
20:29:05.0093 0x0db8  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:29:05.0130 0x0db8  sftlist - ok
20:29:05.0192 0x0db8  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:29:05.0213 0x0db8  Sftplay - ok
20:29:05.0251 0x0db8  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:29:05.0253 0x0db8  Sftredir - ok
20:29:05.0283 0x0db8  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
20:29:05.0285 0x0db8  Sftvol - ok
20:29:05.0332 0x0db8  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:29:05.0344 0x0db8  sftvsa - ok
20:29:05.0429 0x0db8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:29:05.0447 0x0db8  SharedAccess - ok
20:29:05.0515 0x0db8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:29:05.0534 0x0db8  ShellHWDetection - ok
20:29:05.0567 0x0db8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:29:05.0570 0x0db8  SiSRaid2 - ok
20:29:05.0591 0x0db8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:29:05.0594 0x0db8  SiSRaid4 - ok
20:29:05.0633 0x0db8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:29:05.0637 0x0db8  Smb - ok
20:29:05.0694 0x0db8  [ 7FAFC1228C561C2FDF8A2576AD0B614D, 6F6F6357B277E5E1D1EB40E3A5AE232B2F0CCF16D21AC487CF63AA3CAF3E1AF6 ] SMR430          C:\Windows\System32\drivers\SMR430.SYS
20:29:05.0701 0x0db8  SMR430 - ok
20:29:05.0757 0x0db8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:29:05.0760 0x0db8  SNMPTRAP - ok
20:29:05.0789 0x0db8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:29:05.0791 0x0db8  spldr - ok
20:29:05.0865 0x0db8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
20:29:05.0901 0x0db8  Spooler - ok
20:29:06.0082 0x0db8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:29:06.0228 0x0db8  sppsvc - ok
20:29:06.0281 0x0db8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:29:06.0288 0x0db8  sppuinotify - ok
20:29:06.0426 0x0db8  [ F718A57D946EAC76EFCB351D74E269F4, 473AE48BACEE64A9582814951B731BDDDEB48D2E9D407ACEAA3F0850B536DABA ] SRTSP           C:\Windows\System32\Drivers\NISx64\1505000.013\SRTSP64.SYS
20:29:06.0463 0x0db8  SRTSP - ok
20:29:06.0479 0x0db8  [ B18CE01B9C09C59422BA7C7064248B35, B355EE2FBB37C4B0EFFE4DC5E0788A26579266828E7988EDC497B0AE7375F8AB ] SRTSPX          C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS
20:29:06.0482 0x0db8  SRTSPX - ok
20:29:06.0517 0x0db8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:29:06.0536 0x0db8  srv - ok
20:29:06.0579 0x0db8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:29:06.0591 0x0db8  srv2 - ok
20:29:06.0641 0x0db8  [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:29:06.0650 0x0db8  SrvHsfHDA - ok
20:29:06.0717 0x0db8  [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:29:06.0774 0x0db8  SrvHsfV92 - ok
20:29:06.0817 0x0db8  [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:29:06.0851 0x0db8  SrvHsfWinac - ok
20:29:06.0891 0x0db8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:29:06.0897 0x0db8  srvnet - ok
20:29:06.0928 0x0db8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:29:06.0936 0x0db8  SSDPSRV - ok
20:29:06.0949 0x0db8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:29:06.0953 0x0db8  SstpSvc - ok
20:29:06.0989 0x0db8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:29:06.0991 0x0db8  stexstor - ok
20:29:07.0078 0x0db8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:29:07.0113 0x0db8  stisvc - ok
20:29:07.0145 0x0db8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:29:07.0147 0x0db8  swenum - ok
20:29:07.0189 0x0db8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:29:07.0203 0x0db8  swprv - ok
20:29:07.0283 0x0db8  [ 5C9EE2303CA7F267665D75237862B39C, 5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D ] SymDS           C:\Windows\system32\drivers\NISx64\1505000.013\SYMDS64.SYS
20:29:07.0311 0x0db8  SymDS - ok
20:29:07.0425 0x0db8  [ 9F31630D7FC2DD9D5DA1CE359AAD1F46, 296D29EDF53956D1899DE4669AB429C280DF9F183F00AE1CE528E7C575802235 ] SymEFA          C:\Windows\system32\drivers\NISx64\1505000.013\SYMEFA64.SYS
20:29:07.0484 0x0db8  SymEFA - ok
20:29:07.0538 0x0db8  [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:29:07.0544 0x0db8  SymEvent - ok
20:29:07.0614 0x0db8  [ 6DE89F4CDF0B31A5BAF2855F9D80F8BA, 53064C246732594127E7D927C179FEB8134701D7D8C4A85CB1FE29B82F37A16A ] SymIM           C:\Windows\system32\DRIVERS\SymIMv.sys
20:29:07.0619 0x0db8  SymIM - ok
20:29:07.0673 0x0db8  [ 48C2934683CBD06F662B088EEF49EF6A, 2212A3588C28F33EFCB1D34618B3054EBBAC6731D177A581D21D1F969FE040C0 ] SymIRON         C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS
20:29:07.0684 0x0db8  SymIRON - ok
20:29:07.0757 0x0db8  [ 5570A74FF9B1EFBC5154DD1E2F05C517, 2C883A0334CBE4AE257028805C9BB1E529A80F56BA6D341E8EBB83CB3E46FEB7 ] SymNetS         C:\Windows\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS
20:29:07.0793 0x0db8  SymNetS - ok
20:29:07.0893 0x0db8  [ 961CFAC2A5318E212F459D651F28E0A4, 4FA1C9E3BD527E3B5AE9268955C48FDE8E75F33C333DC0AE768DAFE1F49D0B1B ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:29:07.0949 0x0db8  SynTP - ok
20:29:08.0069 0x0db8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
20:29:08.0141 0x0db8  SysMain - ok
20:29:08.0188 0x0db8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:29:08.0193 0x0db8  TabletInputService - ok
20:29:08.0232 0x0db8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:29:08.0242 0x0db8  TapiSrv - ok
20:29:08.0268 0x0db8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
20:29:08.0272 0x0db8  TBS - ok
20:29:08.0400 0x0db8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:29:08.0473 0x0db8  Tcpip - ok
20:29:08.0554 0x0db8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:29:08.0599 0x0db8  TCPIP6 - ok
20:29:08.0644 0x0db8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:29:08.0646 0x0db8  tcpipreg - ok
20:29:08.0672 0x0db8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:29:08.0674 0x0db8  TDPIPE - ok
20:29:08.0698 0x0db8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:29:08.0700 0x0db8  TDTCP - ok
20:29:08.0739 0x0db8  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:29:08.0745 0x0db8  tdx - ok
20:29:08.0783 0x0db8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:29:08.0785 0x0db8  TermDD - ok
20:29:08.0842 0x0db8  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
20:29:08.0861 0x0db8  TermService - ok
20:29:08.0887 0x0db8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:29:08.0890 0x0db8  Themes - ok
20:29:08.0914 0x0db8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:29:08.0918 0x0db8  THREADORDER - ok
20:29:08.0932 0x0db8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:29:08.0936 0x0db8  TrkWks - ok
20:29:09.0012 0x0db8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:29:09.0021 0x0db8  TrustedInstaller - ok
20:29:09.0086 0x0db8  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:29:09.0088 0x0db8  tssecsrv - ok
20:29:09.0129 0x0db8  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:29:09.0133 0x0db8  TsUsbFlt - ok
20:29:09.0202 0x0db8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:29:09.0208 0x0db8  tunnel - ok
20:29:09.0234 0x0db8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:29:09.0237 0x0db8  uagp35 - ok
20:29:09.0282 0x0db8  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
20:29:09.0284 0x0db8  UBHelper - ok
20:29:09.0333 0x0db8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:29:09.0347 0x0db8  udfs - ok
20:29:09.0378 0x0db8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:29:09.0381 0x0db8  UI0Detect - ok
20:29:09.0412 0x0db8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:29:09.0415 0x0db8  uliagpkx - ok
20:29:09.0438 0x0db8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
20:29:09.0441 0x0db8  umbus - ok
20:29:09.0478 0x0db8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:29:09.0479 0x0db8  UmPass - ok
20:29:09.0671 0x0db8  [ 765F2DD351BA064F657751D8D75E58C0, 954834FF6F05E065C2BE6CEC22136A0399026BFF9D91BE859E8E047C3ED8267F ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:29:09.0788 0x0db8  UNS - ok
20:29:09.0872 0x0db8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:29:09.0887 0x0db8  upnphost - ok
20:29:09.0930 0x0db8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:29:09.0934 0x0db8  usbccgp - ok
20:29:09.0981 0x0db8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:29:09.0987 0x0db8  usbcir - ok
20:29:10.0033 0x0db8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:29:10.0037 0x0db8  usbehci - ok
20:29:10.0077 0x0db8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:29:10.0096 0x0db8  usbhub - ok
20:29:10.0129 0x0db8  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:29:10.0131 0x0db8  usbohci - ok
20:29:10.0173 0x0db8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:29:10.0176 0x0db8  usbprint - ok
20:29:10.0219 0x0db8  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:29:10.0222 0x0db8  usbscan - ok
20:29:10.0252 0x0db8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:29:10.0257 0x0db8  USBSTOR - ok
20:29:10.0296 0x0db8  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:29:10.0299 0x0db8  usbuhci - ok
20:29:10.0354 0x0db8  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:29:10.0363 0x0db8  usbvideo - ok
20:29:10.0390 0x0db8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:29:10.0394 0x0db8  UxSms - ok
20:29:10.0403 0x0db8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
20:29:10.0406 0x0db8  VaultSvc - ok
20:29:10.0439 0x0db8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:29:10.0441 0x0db8  vdrvroot - ok
20:29:10.0509 0x0db8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
20:29:10.0559 0x0db8  vds - ok
20:29:10.0587 0x0db8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:29:10.0590 0x0db8  vga - ok
20:29:10.0601 0x0db8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:29:10.0602 0x0db8  VgaSave - ok
20:29:10.0633 0x0db8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:29:10.0640 0x0db8  vhdmp - ok
20:29:10.0683 0x0db8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:29:10.0685 0x0db8  viaide - ok
20:29:10.0706 0x0db8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:29:10.0710 0x0db8  volmgr - ok
20:29:10.0764 0x0db8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:29:10.0785 0x0db8  volmgrx - ok
20:29:10.0820 0x0db8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:29:10.0829 0x0db8  volsnap - ok
20:29:10.0877 0x0db8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:29:10.0886 0x0db8  vsmraid - ok
20:29:10.0982 0x0db8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
20:29:11.0015 0x0db8  VSS - ok
20:29:11.0037 0x0db8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:29:11.0039 0x0db8  vwifibus - ok
20:29:11.0068 0x0db8  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:29:11.0071 0x0db8  vwififlt - ok
20:29:11.0106 0x0db8  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:29:11.0108 0x0db8  vwifimp - ok
20:29:11.0145 0x0db8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:29:11.0156 0x0db8  W32Time - ok
20:29:11.0181 0x0db8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:29:11.0182 0x0db8  WacomPen - ok
20:29:11.0236 0x0db8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:29:11.0239 0x0db8  WANARP - ok
20:29:11.0245 0x0db8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:29:11.0247 0x0db8  Wanarpv6 - ok
20:29:11.0359 0x0db8  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:29:11.0418 0x0db8  WatAdminSvc - ok
20:29:11.0520 0x0db8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
20:29:11.0553 0x0db8  wbengine - ok
20:29:11.0589 0x0db8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:29:11.0597 0x0db8  WbioSrvc - ok
20:29:11.0642 0x0db8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:29:11.0652 0x0db8  wcncsvc - ok
20:29:11.0674 0x0db8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:29:11.0677 0x0db8  WcsPlugInService - ok
20:29:11.0714 0x0db8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:29:11.0716 0x0db8  Wd - ok
20:29:11.0804 0x0db8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:29:11.0841 0x0db8  Wdf01000 - ok
20:29:11.0860 0x0db8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:29:11.0864 0x0db8  WdiServiceHost - ok
20:29:11.0869 0x0db8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:29:11.0873 0x0db8  WdiSystemHost - ok
20:29:11.0916 0x0db8  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
20:29:11.0925 0x0db8  WebClient - ok
20:29:11.0958 0x0db8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:29:11.0966 0x0db8  Wecsvc - ok
20:29:11.0982 0x0db8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:29:11.0986 0x0db8  wercplsupport - ok
20:29:12.0010 0x0db8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:29:12.0014 0x0db8  WerSvc - ok
20:29:12.0036 0x0db8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:29:12.0038 0x0db8  WfpLwf - ok
20:29:12.0054 0x0db8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:29:12.0056 0x0db8  WIMMount - ok
20:29:12.0080 0x0db8  WinDefend - ok
20:29:12.0092 0x0db8  WinHttpAutoProxySvc - ok
20:29:12.0171 0x0db8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:29:12.0192 0x0db8  Winmgmt - ok
20:29:12.0331 0x0db8  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:29:12.0431 0x0db8  WinRM - ok
20:29:12.0518 0x0db8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:29:12.0521 0x0db8  WinUsb - ok
20:29:12.0593 0x0db8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:29:12.0679 0x0db8  Wlansvc - ok
20:29:12.0874 0x0db8  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:29:12.0976 0x0db8  wlidsvc - ok
20:29:13.0013 0x0db8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:29:13.0015 0x0db8  WmiAcpi - ok
20:29:13.0047 0x0db8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:29:13.0052 0x0db8  wmiApSrv - ok
20:29:13.0080 0x0db8  WMPNetworkSvc - ok
20:29:13.0101 0x0db8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:29:13.0104 0x0db8  WPCSvc - ok
20:29:13.0144 0x0db8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:29:13.0150 0x0db8  WPDBusEnum - ok
20:29:13.0180 0x0db8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:29:13.0182 0x0db8  ws2ifsl - ok
20:29:13.0203 0x0db8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
20:29:13.0209 0x0db8  wscsvc - ok
20:29:13.0214 0x0db8  WSearch - ok
20:29:13.0344 0x0db8  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:29:13.0431 0x0db8  wuauserv - ok
20:29:13.0476 0x0db8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:29:13.0479 0x0db8  WudfPf - ok
20:29:13.0506 0x0db8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:29:13.0512 0x0db8  WUDFRd - ok
20:29:13.0549 0x0db8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:29:13.0553 0x0db8  wudfsvc - ok
20:29:13.0592 0x0db8  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:29:13.0601 0x0db8  WwanSvc - ok
20:29:13.0659 0x0db8  [ B3EEACF62445E24FBB2CD4B0FB4DB026, 2E5B6220094C47754233EDA59E6514CE47AC6C6879F367C72B2C02330EABE8E0 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
20:29:13.0672 0x0db8  yukonw7 - ok
20:29:13.0721 0x0db8  {e6ca9971-30ed-444a-9489-82fca50b2062}Gw64 - ok
20:29:13.0722 0x0db8  ================ Scan global ===============================
20:29:13.0749 0x0db8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:29:13.0794 0x0db8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:29:13.0822 0x0db8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:29:13.0861 0x0db8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:29:13.0902 0x0db8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:29:13.0923 0x0db8  [ Global ] - ok
20:29:13.0924 0x0db8  ================ Scan MBR ==================================
20:29:13.0963 0x0db8  [ 6D02701AD43A772734CB339635962A61 ] \Device\Harddisk0\DR0
20:29:14.0470 0x0db8  \Device\Harddisk0\DR0 - ok
20:29:14.0471 0x0db8  ================ Scan VBR ==================================
20:29:14.0475 0x0db8  [ 96C2DCD1484F5EB099905E3DEE05803F ] \Device\Harddisk0\DR0\Partition1
20:29:14.0478 0x0db8  \Device\Harddisk0\DR0\Partition1 - ok
20:29:14.0484 0x0db8  [ 0EA9241740D13FC72D819123C06C7ABF ] \Device\Harddisk0\DR0\Partition2
20:29:14.0487 0x0db8  \Device\Harddisk0\DR0\Partition2 - ok
20:29:14.0492 0x0db8  [ 73BCFC338CE5874CEF550EEC524DB0BB ] \Device\Harddisk0\DR0\Partition3
20:29:14.0495 0x0db8  \Device\Harddisk0\DR0\Partition3 - ok
20:29:14.0500 0x0db8  [ 25A111A85232B6C162CCABDFD3E0FDB8 ] \Device\Harddisk0\DR0\Partition4
20:29:14.0501 0x0db8  \Device\Harddisk0\DR0\Partition4 - ok
20:29:14.0504 0x0db8  ================ Scan generic autorun ======================
20:29:14.0657 0x0db8  [ F85F45EF15D3BD602D276F18004A8A8A, 7A4351D09E99AA3F8B3F969435CF58FFAD361270B45BF1A36420D5D3E3AE2FCA ] C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
20:29:14.0712 0x0db8  BackupNowEZtray - ok
20:29:14.0895 0x0db8  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
20:29:15.0077 0x0db8  SDTray - ok
20:29:15.0196 0x0db8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:29:15.0239 0x0db8  Sidebar - ok
20:29:15.0268 0x0db8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:29:15.0273 0x0db8  mctadmin - ok
20:29:15.0310 0x0db8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:29:15.0334 0x0db8  Sidebar - ok
20:29:15.0341 0x0db8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:29:15.0345 0x0db8  mctadmin - ok
20:29:15.0487 0x0db8  [ 328EF5D436FADDED0D0D709A394A0C75, 91D1815DD2DED437F4A3D70721B420F013B3CDB8325758E2BB9967C65732B6C5 ] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
20:29:15.0606 0x0db8  LightScribe Control Panel - ok
20:29:15.0702 0x0db8  [ 328EF5D436FADDED0D0D709A394A0C75, 91D1815DD2DED437F4A3D70721B420F013B3CDB8325758E2BB9967C65732B6C5 ] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
20:29:15.0757 0x0db8  LightScribe Control Panel - ok
20:29:15.0761 0x0db8  Waiting for KSN requests completion. In queue: 95
20:29:16.0761 0x0db8  Waiting for KSN requests completion. In queue: 95
20:29:17.0761 0x0db8  Waiting for KSN requests completion. In queue: 95
20:29:18.0946 0x0db8  AV detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe ( 21.5.0.0 ), 0x51000 ( enabled : updated )
20:29:18.0947 0x0db8  FW detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe ( 21.5.0.0 ), 0x51010 ( enabled )
20:29:21.0783 0x0db8  ============================================================
20:29:21.0783 0x0db8  Scan finished
20:29:21.0783 0x0db8  ============================================================
20:29:21.0796 0x18a4  Detected object count: 0
20:29:21.0796 0x18a4  Actual detected object count: 0
20:30:58.0494 0x1308  Deinitialize success


#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 26 September 2014 - 06:17 AM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 jdesunshine

jdesunshine
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:44 PM

Posted 27 September 2014 - 12:31 PM

Crap, I hit a wrong button and my reply was wiped out.  Let's try this again...

 

Here's the scan results you requested.

 

Fix with FRST (normal mode) fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2014 01

Ran by Owner at 2014-09-26 16:44:31 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner & Administrator & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aeokgtgy.default\extensions\addon@defaulttab.com.xpi [Not Found]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aeokgtgy.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com [Not Found]
Task: {2570314D-1D30-4C51-BBBA-9AFEB94F7FB6} - System32\Tasks\DTReg => C:\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {E69FDACE-7864-47D3-A85E-1A55F5256BF5} - System32\Tasks\Test TimeTrigger => C:\Users\Owner\AppData\Local\Temp\Runner.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:D346F792
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
 
S1 {e6ca9971-30ed-444a-9489-82fca50b2062}Gw64; system32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys [X]
 
C:\PROGRA~2\SearchProtect
C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect
C:\Users\Owner\AppData\Roaming\DefaultTab
C:\Users\Owner\AppData\Local\Temp\Runner.exe
C:\Users\Owner\AppData\Local\TBHostSupport
C:\Users\Owner\AppData\Local\Conduit
C:\Users\Owner\HPACTIVECHECK.JS
2014-09-21 23:35 - 2014-09-07 13:27 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-11 05:12 - 2014-09-11 05:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Astromenda
2014-09-07 13:54 - 2014-09-07 13:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\AstromendaKMS
C:\windows\system32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys
 
EmptyTemp:
*****************
 
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aeokgtgy.default\extensions\addon@defaulttab.com.xpi not found.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aeokgtgy.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2570314D-1D30-4C51-BBBA-9AFEB94F7FB6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2570314D-1D30-4C51-BBBA-9AFEB94F7FB6}" => Key deleted successfully.
C:\Windows\System32\Tasks\DTReg => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E69FDACE-7864-47D3-A85E-1A55F5256BF5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E69FDACE-7864-47D3-A85E-1A55F5256BF5}" => Key deleted successfully.
C:\Windows\System32\Tasks\Test TimeTrigger => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger" => Key deleted successfully.
C:\ProgramData\Temp => ":D346F792" ADS removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" => Value not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.
{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64 => Service deleted successfully.
"C:\PROGRA~2\SearchProtect" => File/Directory not found.
"C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" => File/Directory not found.
"C:\Users\Owner\AppData\Roaming\DefaultTab" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\Runner.exe" => File/Directory not found.
"C:\Users\Owner\AppData\Local\TBHostSupport" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Conduit" => File/Directory not found.
C:\Users\Owner\HPACTIVECHECK.JS => Moved successfully.
C:\Program Files (x86)\globalUpdate => Moved successfully.
C:\Users\Owner\AppData\Local\Astromenda => Moved successfully.
C:\Users\Owner\AppData\Local\AstromendaKMS => Moved successfully.
"C:\windows\system32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys" => File/Directory not found.
EmptyTemp: => Removed 321.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
MBAM is installed on the laptop, so here's log from Full System Scan with Malwarebytes Antimalware:
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/26/2014
Scan Time: 10:15:59 PM
Logfile: mbam 2014-0926.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.27.01
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 406294
Time Elapsed: 24 min, 23 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
Also, could the issue with not being able to access folders be virus related or something else? The user is an administrator, but I had same issue when I activated main administrator to test it out (it's been changed back to inactive). Please let me know if you need any further information. Thanks again.


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 29 September 2014 - 04:40 AM

Some of the directories in your user account are no directories but shortcuts to other places inside the file system.

This is necessary to ensure older apllications are able to find their data stores.

 

You cannot access them because it is not necessary - you would simply access another folder when clicking on these.

 

 

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 jdesunshine

jdesunshine
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:44 PM

Posted 04 October 2014 - 07:37 PM

Here's the log from the ESET scan:

C:\AdwCleaner\Quarantine\C\Program Files (x86)\appmarket\appmarketToolbarHelper.exe.vir Win32/Toolbar.Conduit.V potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\appmarket\hk64tbappm.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\appmarket\hktbappm.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\appmarket\ldrtbappm.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\appmarket\prxtbappm.dll.vir Win32/Toolbar.Conduit.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\appmarket\tbappm.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DefaultTab\DefaultTabHost.exe.vir Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DefaultTab\DefaultTabSearch.exe.vir a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1389823833159.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\uninstall.exe.vir Win32/Conduit.SearchProtect.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\IE\priam_bho.dll.vir a variant of Win32/Wajam.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Updater\update.exe.vir a variant of Win32/Wajam.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Updater\WajamUpdater.exe.vir Win32/Wajam.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Conduit\Community Alerts\Alert.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Conduit\CT3295790\appmarketAutoUpdateHelper.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Conduit\CT3295790\appmarketToolbarHelper.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eomicmcfdeaijoflbogmckobfdkapbpj\10.29.0.520_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eomicmcfdeaijoflbogmckobfdkapbpj\10.29.0.520_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eomicmcfdeaijoflbogmckobfdkapbpj\10.29.0.520_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\NativeMessaging\CT3295790\1_0_0_10\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\NativeMessaging\CT3295790\1_0_0_2\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\NativeMessaging\CT3295790\1_0_0_4\TBMessagingHost.exe.vir Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\NativeMessaging\CT3295790\1_0_0_6\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\NativeMessaging\CT3295790\1_0_0_7\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\NativeMessaging\CT3295790\1_0_0_9\TBMessagingHost.exe.vir Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\TBHostSupport\TBHostSupport.dll.vir a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\TBHostSupport\TBHostSupport_0.dll.vir a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\appmarket\hk64tbapp0.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\appmarket\hk64tbapp2.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\appmarket\hk64tbappm.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\appmarket\hktbapp0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\appmarket\hktbapp2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\appmarket\hktbappm.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\appmarket\ldrtbapp2.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\appmarket\ldrtbappm.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\appmarket\prxtbapp2.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\appmarket\tbapp0.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\appmarket\tbapp1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\appmarket\tbapp2.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\appmarket\tbappm.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\appmarket\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe.vir Win64/Toolbar.DefaultTab.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe.vir Win32/Toolbar.DefaultTab.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll.vir Win64/Toolbar.DefaultTab.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir Win32/Toolbar.DefaultTab.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe.vir a variant of Win32/Toolbar.DefaultTab.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aeokgtgy.default\Extensions\{9d84f755-b891-4a4d-95c8-f6d01108a008}\Plugins\npConduitFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\bin\ChromeModule.dll.vir a variant of Win32/Conduit.SearchProtect.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\bin\FirefoxModule.dll.vir a variant of Win32/Conduit.SearchProtect.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\bin\InternetExplorerModule.dll.vir a variant of Win32/Conduit.SearchProtect.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\bin\SPRunner.exe.vir a variant of Win32/Conduit.SearchProtect.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\bin\uninstall.exe.vir Win32/Conduit.SearchProtect.S potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\ffprotect\nsprotector.js.vir Win32/Conduit.SearchProtect.A potentially unwanted application
C:\Users\Owner\Downloads\RealPlayer_RocketFuelInstaller (3).exe a variant of Win32/Verti.G potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.27_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.27_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
 
------------------
Because of the results of the log, should I delete the quarantine items in Adwcleaner?


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 07 October 2014 - 05:45 AM

No, not at this point! :)

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK Mirror (if the link is down)

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box!


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 13 October 2014 - 08:11 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 17 October 2014 - 08:11 AM

This topic has been re-opened at the request of the person who originally posted.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 jdesunshine

jdesunshine
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:44 PM

Posted 17 October 2014 - 07:41 PM

Here's the log files from the scans you requested. Thank you for your assistance.

 

 

Here's the Adwcleaner[S1].txt file:

 

# AdwCleaner v4.000 - Report created 13/10/2014 at 12:09:10
# DB v2014-10-12.3
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-HP
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Owner\AppData\Local\globalUpdate
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
[!] Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
[!] Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
 
***** [ Scheduled Tasks ] *****
 
***** [ Shortcuts ] *****
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe]
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
-\\ Mozilla Firefox v4.0.1 (en-US)
 
-\\ Google Chrome v37.0.2062.124
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [37468 octets] - [22/04/2014 09:50:17]
AdwCleaner[R1].txt - [7941 octets] - [13/10/2014 12:03:10]
AdwCleaner[S0].txt - [37493 octets] - [22/04/2014 09:51:28]
AdwCleaner[S1].txt - [7421 octets] - [13/10/2014 12:09:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7481 octets] ##########
 
Delete junk with JRT log file:
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Mon 10/13/2014 at 12:17:29.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
~~~ Services
 
~~~ Registry Values
 
~~~ Registry Keys
 
~~~ Files
 
~~~ Folders
 
~~~ Event Viewer Logs were cleared
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/13/2014 at 12:26:34.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

SecurityCheck log file:

 

 Results of screen317's Security Check version 0.99.88  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 7 Update 25  
 Java version out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (4.0.1) 
 Google Chrome 37.0.2062.120  
 Google Chrome 37.0.2062.124  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 

 



#13 jdesunshine

jdesunshine
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:44 PM

Posted 20 October 2014 - 05:24 PM

Today I updated Java and Adobe Reader from the list above.  Spybot Teatimer.exe isn't an option on the version that's installed.  Also, is it a problem to have UAC disabled? I can turn it back on if needed. It was just driving me crazy with the prior setting.



#14 jdesunshine

jdesunshine
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:44 PM

Posted 20 October 2014 - 05:31 PM

Also, when I went to Spybot's website to look at downloading a different version, I received an error message "error establishing database connection", so I'm not sure if it's virus related of if they're having issues.  I tried to go to their forum page and get a different page that had the following message:

Database error The database has encountered a problem.

#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 21 October 2014 - 08:07 AM

Keep your system clean with Malwarebytes. I won´t use Spybot anymore.

UAC will prevent your system from most changes being made without your decision.

If you turn it off, this protections is away.

 

Your system is clean! :)

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.




Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.




Temp File Cleaner

We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users