Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Poweliks has invaded my laptop, need help right away.


  • This topic is locked This topic is locked
17 replies to this topic

#1 hannahthedog

hannahthedog

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 31 October 2014 - 12:08 AM

I am having a major issue, In my adobe folder their are folders with random letters. Inside is google chrome .exe and rundll 32, I do not use google chrome. I am able to open my personal documents fine, This virus keeps asking for permission to go into my command processor pretending to be Microsoft. I reject it then redirected back to it asking for permission. I have got rid of this virus before for the time being a few days ago then it came right back. Its not as bad this time, before their were multiple processes running of google chrome, if you end the process it comes right back. Their are no processes running that's out of the ordinary on my laptop this time. But the file has reappeared and its asking for permission again. I have runned malwarebytes, AVG, Tdss Killer, RKill, but nothing. I am not able to delete the folder in windows, but I can in safe mode. It doesn't reappear when I delete it but after a few days it has. I have dealt with many viruses on other computers but this one greatly confuses me. It shows it has a certification and that its from Microsoft. But I doubt it, Please help me get rid of this virus..:)



BC AdBot (Login to Remove)

 


#2 hannahthedog

hannahthedog
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 31 October 2014 - 12:24 AM

I have also found .dll files that have mysteriously installed themselves right in my adobe files around the same time the virus appeared hmm... one is called Vuimrhr.dll and says its from Borland.



#3 hannahthedog

hannahthedog
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 04 November 2014 - 10:32 AM

Hello, Before I had a issue with the google chrome virus. Where multiple processes of google chrome formed on my task manager and ate up my cpu. I rejected the virus and managed to find the source. I deleted all the files I could find and ran multiple scans. Today Symantec found a .dll file in my recycle bin that was from the google chrome virus. I deleted it, when I was cleaning the files before, this one hid itself in my recycle bin. I could not find it then Symantec was the only software that did. But yesterday I was on my favorite art website just looking at stuff to get inspired. Then all of a sudden my malwarebytes starts going crazy. Going blocked this and blocked that from sites I never heard of. And it was coming from my .dllhost, powershell then came up and kept crashing on my screen,dllhost.exe*32's Started multiplying fast in my processes, Confused as I was and scared I immediately turned off my computer and went into safe mode. I took immediate action, I used rogue killer, Spybot search and destroy, malwarebytes, Symantec, Rkill, Tdsskiller, Rogue killer found stuff in my registry and cleaned it up, I immediately rebooted after into safe mode. The same registry issue didn't come up. When I logged back onto my windows, Another virus or Trojan installed itself onto my pc without permission! In the corner of my eye I saw a program say installed correctly. I did not give any permission to a program. I went back into safe mode and did more scans and cleaning. Went back into windows and I only see one .dllhost.exe but sometimes another one pops up when I go into documents or online. One of them has no info on it, all it says is N/A the other has info on it. I do not trust my laptop at the moment, I believe its still there but hiding. Please I need help as soon as someone can, This is getting worse every week that passes...



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,625 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 AM

Posted 05 November 2014 - 08:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554083 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 hannahthedog

hannahthedog
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 05 November 2014 - 07:27 PM

My computer's operating system is windows 7 home premium, my system is x64, and here are the logs for DDS.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.71.2
Run by Hannah's Gamer at 17:18:52 on 2014-11-06
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1033.18.8169.5066 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Symantec Endpoint Protection *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: AVG Internet Security 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Symantec Endpoint Protection *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: AVG Internet Security 2015 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: Symantec Endpoint Protection *Disabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
C:\Program Files (x86)\Garena Plus\ggdllhost.exe
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\SymCorpUI.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\SmcGui.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\IPS\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [GarenaPlus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [USBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\HANNAH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMVU.lnk - C:\Users\Hannah's Gamer\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
StartupFolder: C:\Users\HANNAH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{26F68AA6-EE3D-4B0F-81DC-8BFC7993C549} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{26F68AA6-EE3D-4B0F-81DC-8BFC7993C549}\26F6275616C69637 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{26F68AA6-EE3D-4B0F-81DC-8BFC7993C549}\44F6E6723702E4564777F627B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{26F68AA6-EE3D-4B0F-81DC-8BFC7993C549}\84F4D454D253032383 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{DAC3627D-86AB-4132-AD54-E9DD97AEB25F} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-18 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 SymEFASI;Symantec Extended File Attributes (SI);C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys [2014-11-4 1611992]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-24 247576]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-8-20 243480]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-7-2 270616]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys [2014-9-12 1586904]
R1 ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279};Symantec Endpoint Protection 12.1.5337.5000.105 Settings Manager;C:\Windows\System32\drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys [2014-9-12 162392]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-9-10 283064]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20141104.011\IDSviA64.sys [2014-11-6 525016]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C0114D9\1388.105\x64\Ironx64.sys [2014-9-12 266968]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C0114D9\1388.105\x64\symnets.sys [2014-9-12 593112]
R2 AMPPALR3;IntelR CentrinoR Wireless BluetoothR + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2014-2-5 772064]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-9-5 293448]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 DAZContentManagementService;DAZ Content Management Service;C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [2014-9-23 22528]
R2 DMAgent;IntelR PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-7 499200]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-26 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-26 968504]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 125584]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-6-15 1617696]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-6-15 21007192]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [2014-9-12 144496]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-6-15 413128]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-5-16 2655768]
R2 WiMAXAppSrv;IntelR PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-7 869376]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2014-7-16 656664]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2014-1-8 3674864]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2014-5-16 16768]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2013-7-29 164832]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2010-10-25 75264]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-10-25 173568]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2010-10-25 81408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-11-5 142640]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-11-8 249584]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-11-8 77040]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-26 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-26 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-26 63704]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2014-5-16 32344]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-15 18776]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-15 40392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-5-16 412776]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [2014-9-5 1459872]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-9-5 3364368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2013-7-29 164832]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-11 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2014-7-16 14136]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-17 111616]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2014-1-8 284912]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-6-16 19456]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2014-5-16 290920]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2014-8-13 13480]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys [2014-9-12 36952]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-16 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-6-16 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2014-7-16 102200]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2014-7-16 15160]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-16 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-11-06 15:26:49 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A03B7C27-E9C3-4FBF-B3C2-500524473E87}\gapaengine.dll
2014-11-06 15:26:24 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E44540E2-3A4D-4694-986C-1BEB8583EB13}\mpengine.dll
2014-11-05 13:47:48 -------- d-----w- C:\FRST
2014-11-05 01:10:37 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2014-11-05 00:45:13 -------- d-----w- C:\Users\Hannah's Gamer\AppData\Local\Symantec
2014-11-05 00:44:31 -------- d-----w- C:\Users\Hannah's Gamer\AppData\Local\CrashDumps
2014-11-05 00:36:37 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-11-05 00:36:37 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2014-11-05 00:36:35 1611992 ----a-w- C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys
2014-11-05 00:36:35 -------- d-----w- C:\Windows\System32\drivers\symefasi\data
2014-11-05 00:36:35 -------- d-----w- C:\Windows\System32\drivers\symefasi\0500010.01F
2014-11-05 00:36:35 -------- d-----w- C:\Windows\System32\drivers\symefasi
2014-11-05 00:36:35 -------- d-----w- C:\ProgramData\SymEFASI
2014-11-05 00:34:16 58720 ----a-w- C:\Windows\System32\snacnp.dll
2014-11-05 00:34:16 579936 ----a-w- C:\Windows\System32\SymVPN.dll
2014-11-05 00:34:16 51552 ----a-w- C:\Windows\SysWow64\snacnp.dll
2014-11-05 00:34:16 424288 ----a-w- C:\Windows\SysWow64\SymVPN.dll
2014-11-05 00:34:16 39384 ----a-w- C:\Windows\System32\drivers\WGX64.SYS
2014-11-05 00:34:16 159552 ----a-w- C:\Windows\System32\drivers\SysPlant.sys
2014-11-05 00:34:16 159072 ----a-w- C:\Windows\System32\FwsVpn.dll
2014-11-05 00:34:16 139104 ----a-w- C:\Windows\SysWow64\FwsVpn.dll
2014-11-05 00:34:15 462688 ----a-w- C:\Windows\System32\sysfer.dll
2014-11-05 00:34:15 363872 ----a-w- C:\Windows\SysWow64\sysfer.dll
2014-11-05 00:33:55 -------- d-----w- C:\ProgramData\regid.1992-12.com.symantec
2014-11-05 00:33:38 -------- d-----w- C:\Windows\System32\drivers\SEP\0C0114D9\1388.105\x64
2014-11-05 00:33:38 -------- d-----w- C:\Windows\System32\drivers\SEP\0C0114D9\1388.105
2014-11-05 00:33:38 -------- d-----w- C:\Windows\System32\drivers\SEP\0C0114D9
2014-11-05 00:33:38 -------- d-----w- C:\Windows\System32\drivers\SEP
2014-11-05 00:33:30 -------- d-----w- C:\ProgramData\Symantec
2014-11-05 00:33:30 -------- d-----w- C:\Program Files (x86)\Symantec
2014-11-05 00:22:56 -------- d-----w- C:\sep win64
2014-11-04 23:03:37 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0F1E876E-87AD-4B21-9287-7B533BA92D1A}\gapaengine.dll
2014-11-04 23:03:23 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-04 18:54:47 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-11-04 18:54:45 -------- d-----w- C:\ProgramData\RogueKiller
2014-11-04 18:42:19 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-11-04 18:42:19 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2014-11-03 15:06:50 -------- d-----w- C:\Users\Hannah's Gamer\AppData\Roaming\TeamViewer
2014-11-01 12:38:01 -------- d-----w- C:\AdwCleaner
2014-11-01 12:28:23 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-01 03:39:03 -------- d-----w- C:\Users\Hannah's Gamer\AppData\Roaming\Process Hacker 2
2014-11-01 03:34:31 -------- d-----w- C:\Program Files\Process Hacker 2
2014-10-30 19:27:12 -------- d-----w- C:\Users\Hannah's Gamer\AppData\Local\Origin
2014-10-27 00:57:06 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-27 00:56:38 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-27 00:56:38 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-27 00:56:38 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-27 00:56:38 -------- d-----w- C:\ProgramData\Malwarebytes
2014-10-27 00:56:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-21 19:09:55 -------- d-----w- C:\Users\Hannah's Gamer\AppData\Local\{B6E64F8B-FD5B-4701-BFA3-41AE2E1423B7}
2014-10-17 16:27:52 -------- d-----w- C:\Program Files\Firestorm-Releasex64
2014-10-17 14:06:12 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-17 14:06:10 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-17 14:06:10 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-17 14:06:10 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-17 14:06:09 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-17 14:06:09 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-17 14:06:09 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-17 14:06:00 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-17 14:06:00 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-17 14:04:58 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-10-16 22:43:31 -------- d-----w- C:\Users\Hannah's Gamer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-10-11 21:27:09 -------- d-----w- C:\Program Files (x86)\SecondLifeViewer
.
==================== Find3M  ====================
.
2014-11-04 22:49:12 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 15:15:17 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-25 15:15:16 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-13 04:14:59 107504 ----a-w- C:\Windows\System32\drivers\Teefer.sys
2014-09-13 04:14:57 593112 ----a-w- C:\Windows\System32\drivers\SEP\0C0114D9\1388.105\x64\symnets.sys
2014-09-13 04:14:45 266968 ----a-w- C:\Windows\System32\drivers\SEP\0C0114D9\1388.105\x64\Ironx64.sys
2014-09-13 04:14:39 162392 ----a-w- C:\Windows\System32\drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys
2014-09-13 04:14:31 880856 ----a-w- C:\Windows\System32\drivers\SEP\0C0114D9\1388.105\x64\srtsp64.sys
2014-09-13 04:14:31 37592 ----a-w- C:\Windows\System32\drivers\SEP\0C0114D9\1388.105\x64\srtspx64.sys
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-11 00:55:28 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-05 02:11:09 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-09-05 01:52:41 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-21 01:45:10 243480 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-08-19 19:12:18 2006808 ----a-w- C:\Windows\System32\WacomMT.dll
2014-08-19 19:12:18 1991448 ----a-w- C:\Windows\System32\Pen_Tablet.dll
2014-08-19 19:12:18 1984792 ----a-w- C:\Windows\System32\Pen_Touch_Tablet.dll
2014-08-19 19:12:18 1858328 ----a-w- C:\Windows\System32\Wintab32.dll
2014-08-19 19:12:16 1614104 ----a-w- C:\Windows\SysWow64\Pen_Tablet.dll
2014-08-19 19:12:16 1610008 ----a-w- C:\Windows\SysWow64\WacomMT.dll
2014-08-19 19:12:16 1607448 ----a-w- C:\Windows\SysWow64\Pen_Touch_Tablet.dll
2014-08-19 19:12:16 1493784 ----a-w- C:\Windows\SysWow64\Wintab32.dll
.
============= FINISH: 17:20:36.49 ===============
 

Attached Files



#6 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:05:16 AM

Posted 06 November 2014 - 08:55 AM

:welcome:

 

Sorry for the delay but we get extremely busy around here

 

You have 3 Antivirus programs running, with AV software more is not better, it will actually hinder system performance, Microsoft recommends just one, keep it updated and run regular scans

 

This is what you have, you need to uninstall two

 

Microsoft Security Essentials 
AVG Internet Security 2015
Symantec Endpoint Protection 
 
 
You can use this app to uninstall the two you dont want
 

Run AppRemover
 
Vista , Win 7 users, right click on the icon and select "run as administrator"
 
Please download AppRemover and save it to your desktop.
  •  
  • Double click on AppRemover.exe to run it.
  • Uncheck "Enable anonymous usage statistics. No personal data will be recorded."
  • Click on the Next button.
  • Click on "Remove Security Application" or "Clean Up a Failed Uninstall" depending on what you want to do. 
  • Click on the Next button.
  • A scan begins, please wait. Once done, click on the Next button.
  • Now you should have a list of your installed security programs, choose the one  you want to uninstall and click on the Next button.
  • Follow the last step and reboot if asked to do so.
 
 
 
 
 
========================================================================
 
 
 
 

1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
 
I just want to see the report....Please Do Not Fix Anything
 
 
 
============================================================================
 
 
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Do not check
*List BCD
*Drivers MD5
*Shortcut txt
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 
 
 

 


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:16 AM

Posted 06 November 2014 - 11:59 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Step 2

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

Edited by deeprybka, 06 November 2014 - 01:57 PM.
merged topics

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 hannahthedog

hannahthedog
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 06 November 2014 - 01:06 PM

Heres the scan from AswMBR

aswMBR version 1.0.1.2201 Copyright© 2014 AVAST Software
Run date: 2014-11-07 10:59:46
-----------------------------
10:59:46.834    OS Version: Windows x64 6.1.7601 Service Pack 1
10:59:46.834    Number of processors: 8 586 0x2A07
10:59:46.835    ComputerName: HANNAHSGAMER-PC  UserName: Hannah's Gamer
10:59:49.743    Initialize success
10:59:51.231    VM: initialized successfully
10:59:51.232    VM: Intel CPU supported
11:00:04.578    VM: supported disk I/O iaStor.sys
11:00:45.937    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:00:45.945    Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
11:00:45.951    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
11:00:45.955    Disk 1 Vendor: ST950042 0002 Size: 476940MB BusType: 3
11:00:46.109    VM: Disk 0 MBR read successfully
11:00:46.111    Disk 0 MBR scan
11:00:46.112    Disk 0 Windows 7 default MBR code
11:00:46.116    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    25600 MB offset 2048
11:00:46.129    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       451338 MB offset 52430848
11:00:46.138    Disk 0 default boot code
11:00:46.168    Disk 0 scanning C:\Windows\system32\drivers
11:00:55.563    Service scanning
11:00:57.853    Service BHDrvx64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys **LOCKED** 5
11:00:58.606    Service ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279} C:\Windows\system32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys **LOCKED** 5
11:01:00.032    Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
11:01:00.336    Service EraserUtilDrv11410 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys **LOCKED** 5
11:01:02.123    Service IDSVia64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20141104.011\IDSvia64.sys **LOCKED** 5
11:01:04.786    Service NAVENG C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20141105.003\ENG64.SYS **LOCKED** 5
11:01:04.884    Service NAVEX15 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20141105.003\EX64.SYS **LOCKED** 5
11:01:09.253    Disk 0 statistics 111013/0/18 @ 7.32 MB/s
11:01:09.266    Scan stopped
11:01:36.023    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:01:36.032    Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
11:01:36.041    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
11:01:36.049    Disk 1 Vendor: ST950042 0002 Size: 476940MB BusType: 3
11:01:36.198    VM: Disk 0 MBR read successfully
11:01:36.207    Disk 0 MBR scan
11:01:36.215    Disk 0 Windows 7 default MBR code
11:01:36.224    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    25600 MB offset 2048
11:01:36.242    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       451338 MB offset 52430848
11:01:36.251    Disk 0 default boot code
11:01:36.281    Disk 0 scanning C:\Windows\system32\drivers
11:01:44.623    Service scanning
11:01:46.677    Service BHDrvx64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys **LOCKED** 5
11:01:47.399    Service ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279} C:\Windows\system32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys **LOCKED** 5
11:01:48.591    Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
11:01:48.854    Service EraserUtilDrv11410 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys **LOCKED** 5
11:01:50.514    Service IDSVia64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20141104.011\IDSvia64.sys **LOCKED** 5
11:01:52.802    Service NAVENG C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20141105.003\ENG64.SYS **LOCKED** 5
11:01:52.863    Service NAVEX15 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20141105.003\EX64.SYS **LOCKED** 5
11:01:57.303    Service SRTSPX C:\Windows\system32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSPX64.SYS **LOCKED** 5
11:01:58.031    Service SyDvCtrl C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys **LOCKED** 5
11:01:58.366    Service SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS **LOCKED** 5
11:01:58.455    Service SymIRON C:\Windows\system32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS **LOCKED** 5
11:01:58.527    Service SYMNETS C:\Windows\system32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS **LOCKED** 5
11:01:58.686    Service SysPlant C:\Windows\system32\Drivers\SysPlant.sys **LOCKED** 5
11:01:59.045    Service Teefer2 C:\Windows\system32\DRIVERS\Teefer.sys **LOCKED** 5
11:02:02.758    Modules scanning
11:02:02.774    Disk 0 trace - called modules:
11:02:02.855    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
11:02:02.865    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007806790]
11:02:02.874    3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa800722a630]
11:02:02.882    5 ACPI.sys[fffff88000fa47a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007231050]
11:02:02.889    Disk 0 statistics 222018/0/36 @ 6.91 MB/s
11:02:02.896    Scan finished successfully
11:02:11.406    Disk 0 MBR has been saved successfully to "C:\Users\Hannah's Gamer\Desktop\MBR.dat"
11:02:11.436    The log file has been saved successfully to "C:\Users\Hannah's Gamer\Desktop\aswMBR.txt"

 



#9 hannahthedog

hannahthedog
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 06 November 2014 - 01:09 PM

Scan from FRST.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Hannah's Gamer (administrator) on HANNAHSGAMER-PC on 07-11-2014 11:05:12
Running from C:\Users\Hannah's Gamer\Pictures
Loaded Profile: Hannah's Gamer (Available profiles: Hannah's Gamer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Windows\AsScrPro.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\DoScan.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\SymCorpUI.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\SmcGui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
(AVAST Software) C:\Users\Hannah's Gamer\Desktop\aswMBR.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11788392 2011-04-07] (Realtek Semiconductor)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1605632 2010-11-14] (Intel® Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-03] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-03-03] (Synaptics Incorporated)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-11] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [43008 2011-04-08] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [USBChargerPlusTray] => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [496560 2011-04-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2014-05-16] (ASUS)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1535427691-3306136858-2124148999-1000\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9940272 2014-07-24] ()
HKU\S-1-5-21-1535427691-3306136858-2124148999-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1535427691-3306136858-2124148999-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1535427691-3306136858-2124148999-1000\...\MountPoints2: {6487b066-3948-11e4-81c1-14dae91a017f} - G:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\Users\Hannah's Gamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Users\Hannah's Gamer\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
Startup: C:\Users\Hannah's Gamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.us.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hannah's Gamer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\IPSFF [2014-11-04]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2010-11-07] (Red Bend Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5317936 2014-01-13] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [144496 2014-09-12] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe [394592 2014-09-12] (Symantec Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [869376 2010-11-07] (Intel® Corporation) [File not signed]
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R1 ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys [162392 2014-09-12] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-10] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-22] (Symantec Corporation)
U3 EraserUtilDrv11410; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [142640 2014-10-22] (Symantec Corporation)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77040 2012-11-08] (Fresco Logic)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20141104.011\IDSvia64.sys [525016 2014-11-03] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-07] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20141105.003\ENG64.SYS [129752 2014-10-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20141105.003\EX64.SYS [2137304 2014-10-22] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2014-08-13] ()
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSP64.SYS [880856 2014-09-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSPX64.SYS [37592 2014-09-12] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys [36952 2014-09-12] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys [1611992 2014-11-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-11-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS [266968 2014-09-12] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS [593112 2014-09-12] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159552 2014-11-04] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [107504 2014-09-12] (Symantec Corporation)
U3 aswMBR; \??\C:\Users\HANNAH~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\HANNAH~1\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 11:02 - 2014-11-07 11:02 - 00005819 _____ () C:\Users\Hannah's Gamer\Desktop\aswMBR.txt
2014-11-07 11:02 - 2014-11-07 11:02 - 00000512 _____ () C:\Users\Hannah's Gamer\Desktop\MBR.dat
2014-11-07 10:59 - 2014-11-07 10:59 - 05194752 _____ (AVAST Software) C:\Users\Hannah's Gamer\Desktop\aswMBR.exe
2014-11-07 10:44 - 2014-11-07 10:44 - 00003480 ____N () C:\bootsqm.dat
2014-11-07 10:40 - 2014-11-07 10:40 - 00000000 __SHD () C:\found.000
2014-11-06 17:21 - 2014-11-06 17:21 - 00004812 _____ () C:\Users\Hannah's Gamer\Desktop\attach.zip
2014-11-06 17:20 - 2014-11-06 17:20 - 00032210 _____ () C:\Users\Hannah's Gamer\Desktop\dds.txt
2014-11-06 17:20 - 2014-11-06 17:20 - 00019068 _____ () C:\Users\Hannah's Gamer\Desktop\attach.txt
2014-11-06 17:17 - 2014-11-06 17:17 - 00688992 ____R (Swearware) C:\Users\Hannah's Gamer\Desktop\dds.com
2014-11-05 08:47 - 2014-11-07 11:05 - 00000000 ____D () C:\FRST
2014-11-05 08:47 - 2014-11-05 08:47 - 02114560 _____ (Farbar) C:\Users\Hannah's Gamer\Downloads\frst64.exe
2014-11-04 19:45 - 2014-11-04 19:45 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\Symantec
2014-11-04 19:44 - 2014-11-04 19:44 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\CrashDumps
2014-11-04 19:36 - 2014-11-04 19:36 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-11-04 19:36 - 2014-11-04 19:36 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-11-04 19:36 - 2014-11-04 19:36 - 00000000 ____D () C:\Windows\system32\Drivers\symefasi
2014-11-04 19:36 - 2014-11-04 19:36 - 00000000 ____D () C:\ProgramData\SymEFASI
2014-11-04 19:36 - 2014-11-04 19:36 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-11-04 19:34 - 2014-11-04 19:34 - 00579936 _____ (Symantec Corporation) C:\Windows\system32\SymVPN.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00462688 _____ (Symantec Corporation) C:\Windows\system32\sysfer.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00424288 _____ (Symantec Corporation) C:\Windows\SysWOW64\SymVPN.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00363872 _____ (Symantec Corporation) C:\Windows\SysWOW64\sysfer.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00159552 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SysPlant.sys
2014-11-04 19:34 - 2014-11-04 19:34 - 00159072 _____ (Symantec Corporation) C:\Windows\system32\FwsVpn.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00139104 _____ (Symantec Corporation) C:\Windows\SysWOW64\FwsVpn.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00058720 _____ (Symantec Corporation) C:\Windows\system32\snacnp.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00051552 _____ (Symantec Corporation) C:\Windows\SysWOW64\snacnp.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00039384 _____ (Symantec Corporation) C:\Windows\system32\Drivers\WGX64.SYS
2014-11-04 19:33 - 2014-11-05 08:47 - 00000000 ____D () C:\ProgramData\Symantec
2014-11-04 19:33 - 2014-11-04 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
2014-11-04 19:33 - 2014-11-04 19:33 - 00000000 ____D () C:\Windows\system32\Drivers\SEP
2014-11-04 19:33 - 2014-11-04 19:33 - 00000000 ____D () C:\ProgramData\regid.1992-12.com.symantec
2014-11-04 19:33 - 2014-11-04 19:33 - 00000000 ____D () C:\Program Files (x86)\Symantec
2014-11-04 19:22 - 2014-11-04 19:24 - 00000000 ____D () C:\sep win64
2014-11-04 17:54 - 2014-11-04 17:54 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Hannah's Gamer\Documents\rkill64.com
2014-11-04 13:54 - 2014-11-05 07:02 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-04 13:54 - 2014-11-04 13:54 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-04 13:42 - 2014-11-04 16:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-04 13:42 - 2014-11-04 13:42 - 00001264 _____ () C:\Users\Hannah's Gamer\Desktop\Spybot - Search & Destroy.lnk
2014-11-04 13:42 - 2014-11-04 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-11-04 13:42 - 2014-11-04 13:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-11-04 13:21 - 2014-11-06 10:23 - 00002130 _____ () C:\Users\Hannah's Gamer\Desktop\Rkill.txt
2014-11-03 10:06 - 2014-11-03 11:28 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\TeamViewer
2014-11-01 07:49 - 2014-11-01 07:49 - 01375089 _____ () C:\Users\Hannah's Gamer\Documents\AdwCleaner.exe
2014-11-01 07:38 - 2014-11-05 07:55 - 00000000 ____D () C:\AdwCleaner
2014-11-01 07:28 - 2014-11-01 07:28 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-01 07:28 - 2014-11-01 07:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-01 07:28 - 2014-11-01 07:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-01 07:28 - 2014-11-01 07:28 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-01 07:28 - 2014-11-01 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-01 07:28 - 2014-11-01 07:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-31 22:39 - 2014-10-31 22:39 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\Process Hacker 2
2014-10-31 22:34 - 2014-10-31 22:34 - 00001843 _____ () C:\Users\Hannah's Gamer\Desktop\Process Hacker 2.lnk
2014-10-31 22:34 - 2014-10-31 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2014-10-31 22:34 - 2014-10-31 22:34 - 00000000 ____D () C:\Program Files\Process Hacker 2
2014-10-30 15:03 - 2014-10-30 15:39 - 00001344 _____ () C:\Users\Public\Desktop\The Sims 4.lnk
2014-10-30 15:03 - 2014-10-30 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
2014-10-30 14:27 - 2014-10-30 14:28 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\Origin
2014-10-30 14:14 - 2014-10-30 14:14 - 00000985 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-10-30 14:14 - 2014-10-30 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-10-26 19:57 - 2014-11-07 10:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 19:56 - 2014-10-26 19:56 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-26 19:56 - 2014-10-26 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-26 19:56 - 2014-10-26 19:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-26 19:56 - 2014-10-26 19:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-26 19:56 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-26 19:56 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-26 19:56 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-26 09:47 - 2014-10-26 09:47 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Hannah's Gamer\Documents\rkill.com
2014-10-21 14:10 - 2014-10-21 14:10 - 00000000 ____D () C:\Users\Hannah's Gamer\Documents\torleys-windlight-settings-3
2014-10-21 14:10 - 2014-10-21 14:10 - 00000000 ____D () C:\Users\Hannah's Gamer\Documents\JUICYBOMB.COM - Studio Windlight Settings
2014-10-21 14:09 - 2014-10-21 14:10 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\{B6E64F8B-FD5B-4701-BFA3-41AE2E1423B7}
2014-10-21 14:08 - 2014-10-21 14:08 - 00275888 _____ () C:\Users\Hannah's Gamer\Documents\torleys-windlight-settings-3.zip
2014-10-21 14:01 - 2014-10-21 14:01 - 00000000 ____D () C:\Users\Hannah's Gamer\Documents\Xanthes Windlights
2014-10-21 14:00 - 2014-10-21 14:00 - 00004164 _____ () C:\Users\Hannah's Gamer\Documents\StrawberrySinghHeadshots.xml
2014-10-21 13:54 - 2014-10-21 13:54 - 00006434 _____ () C:\Users\Hannah's Gamer\Documents\Xanthes Windlights.zip
2014-10-21 13:54 - 2014-10-21 13:54 - 00005256 _____ () C:\Users\Hannah's Gamer\Documents\JUICYBOMB.COM - Studio Windlight Settings.zip
2014-10-18 09:01 - 2014-11-07 10:51 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Hannah's Gamer
2014-10-17 11:28 - 2014-10-26 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm
2014-10-17 11:28 - 2014-10-17 11:28 - 00001006 _____ () C:\Users\Public\Desktop\Firestorm-Releasex64.lnk
2014-10-17 11:27 - 2014-10-17 11:28 - 00000000 ____D () C:\Program Files\Firestorm-Releasex64
2014-10-17 09:06 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-17 09:06 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-17 09:06 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 09:06 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 09:06 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 09:06 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 09:06 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 09:06 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 09:06 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 09:05 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-17 09:05 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 09:05 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 09:05 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 09:05 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 09:05 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 09:05 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 09:05 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 09:05 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 09:05 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 09:05 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 09:05 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 09:05 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-17 09:05 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 09:05 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 09:05 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-17 09:05 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 09:05 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-17 09:05 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-17 09:05 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 09:05 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 09:05 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 09:05 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-17 09:05 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-17 09:05 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 09:05 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-17 09:05 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-17 09:05 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-17 09:05 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 09:05 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 09:05 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-17 09:05 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-17 09:05 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 09:05 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 09:05 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-17 09:05 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 09:05 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-17 09:05 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 09:05 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 09:05 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 09:05 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 09:05 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-17 09:05 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-17 09:05 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-17 09:05 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 09:05 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 09:05 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-17 09:05 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-17 09:05 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 09:05 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 09:05 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 09:05 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-17 09:05 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 09:05 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 09:05 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-17 09:05 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 09:05 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-17 09:05 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 09:05 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 09:04 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 09:04 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 09:04 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 09:04 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-17 09:04 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 09:04 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 09:04 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-17 09:04 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 09:04 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-17 09:04 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 09:04 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-17 09:04 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-17 09:04 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-17 09:04 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 09:04 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-17 09:04 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-17 09:04 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-17 09:04 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 17:43 - 2014-10-16 17:43 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-10-11 16:27 - 2014-10-26 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
2014-10-11 16:27 - 2014-10-11 16:27 - 00001159 _____ () C:\Users\Public\Desktop\Second Life Viewer.lnk
2014-10-11 16:27 - 2014-10-11 16:27 - 00000000 ____D () C:\Program Files (x86)\SecondLifeViewer

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 11:00 - 2014-05-16 18:13 - 01320070 _____ () C:\Windows\WindowsUpdate.log
2014-11-07 10:59 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 10:59 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-07 10:53 - 2014-06-11 17:16 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\GarenaPlus
2014-11-07 10:53 - 2014-06-11 13:32 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-11-07 10:53 - 2009-07-14 00:13 - 00796678 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-07 10:52 - 2014-08-04 07:57 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\IMVU
2014-11-07 10:52 - 2014-06-09 21:13 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\Skype
2014-11-07 10:47 - 2009-07-13 23:51 - 00098145 _____ () C:\Windows\setupact.log
2014-11-07 10:46 - 2014-05-16 18:22 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-07 10:46 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-07 10:44 - 2014-09-24 14:10 - 00000000 ____D () C:\ProgramData\AVG2015
2014-11-07 10:44 - 2014-09-24 14:05 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-07 10:44 - 2011-04-11 17:49 - 00346712 _____ () C:\Windows\PFRO.log
2014-11-07 10:15 - 2014-06-09 22:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-06 17:12 - 2014-09-10 19:34 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\BitTorrent
2014-11-06 17:10 - 2014-09-05 17:50 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\FirestormOS_x64
2014-11-04 19:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-04 17:49 - 2014-05-16 18:35 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-11-03 21:13 - 2014-06-09 08:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-03 15:51 - 2014-06-25 10:10 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\SecondLife
2014-11-03 15:28 - 2014-07-14 16:18 - 00000000 ____D () C:\Users\Hannah's Gamer\Documents\skse_1_07_01
2014-11-03 14:39 - 2014-09-05 17:50 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\Firestorm_x64
2014-11-02 20:03 - 2014-08-04 07:15 - 00000000 ____D () C:\ProgramData\Origin
2014-11-02 13:16 - 2014-08-19 13:53 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-01 07:28 - 2014-08-12 11:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-30 16:42 - 2014-08-19 14:17 - 00000000 ____D () C:\Users\Hannah's Gamer\Documents\Electronic Arts
2014-10-30 15:03 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-30 14:37 - 2014-08-19 13:54 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-10-30 14:14 - 2014-08-19 13:53 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-10-30 06:25 - 2014-05-16 16:26 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 13:40 - 2014-09-24 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-26 13:40 - 2014-09-23 18:57 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2014-10-26 13:40 - 2014-09-23 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2014-10-26 13:40 - 2014-09-18 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-26 13:40 - 2014-06-15 12:08 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\NVIDIA
2014-10-26 13:40 - 2014-06-14 17:02 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\Garena
2014-10-26 13:40 - 2014-06-11 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2014-10-26 13:40 - 2014-06-11 14:53 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2014-10-26 13:40 - 2014-05-16 18:33 - 00000000 ____D () C:\ProgramData\P4G
2014-10-26 13:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-10-26 09:42 - 2014-05-16 16:01 - 00000000 ____D () C:\Users\Hannah's Gamer
2014-10-26 08:52 - 2014-09-24 14:05 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\Avg2015
2014-10-18 15:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-18 08:56 - 2009-07-13 23:45 - 04826240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-18 08:53 - 2014-05-16 18:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 21:33 - 2014-05-16 17:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 21:31 - 2014-05-16 17:33 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-17 11:27 - 2014-06-19 15:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-15 09:04 - 2014-06-09 21:13 - 00000000 ____D () C:\ProgramData\Skype
2014-10-12 20:22 - 2014-09-30 13:40 - 00000000 ____D () C:\Users\Public\Documents\My DAZ 3D Library

Some content of TEMP:
====================
C:\Users\Hannah's Gamer\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Hannah's Gamer\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 02:34

==================== End Of Log ============================



#10 hannahthedog

hannahthedog
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 06 November 2014 - 01:13 PM

Additional scan from FRST.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Hannah's Gamer at 2014-11-07 11:09:08
Running from C:\Users\Hannah's Gamer\Pictures
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Design Premium (HKLM-x32\...\{60E59A6C-7399-495A-B85C-C829F4E59602}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{AECA3622-E634-4A55-A696-70A511CBE06E}) (Version: 2.0.0 - AsusTek Computer Inc.)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
AsusScr_G74 Series_ENG (HKLM-x32\...\AsusScr_G74 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.27) (Version: 1.1.0.27 - DAZ 3D)
Firestorm SecondLife and OpenSim viewer (Version: 4.6.42398 - Phoenix Viewer Project) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{5b0b9787-398d-46f9-ab2c-4f0ad6671f84}) (Version: 4.6.42398 - Phoenix Firestorm Project Inc)
Fresco Logic USB3.0 Host Controller (HKLM\...\{B1E301A1-C2B4-4B0B-AF31-C71F8A53DCDA}) (Version: 3.0.119.1 - Fresco Logic Inc.)
Garena - Mstar (HKLM-x32\...\Mstar) (Version:  - Garena Online Pte Ltd.)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
IMVU Avatar Chat Software (HKCU\...\IMVU Avatar chat client software BETA) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}) (Version: 6.01.0000 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live2D Cubism 1.1.06 (HKLM-x32\...\Live2D Cubism) (Version: 1.1.06 - Cybernoids Co.,Ltd.)
LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Manga Studio EX 4.0 (HKLM-x32\...\Manga Studio EX 4.0) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
MSI Afterburner 4.0.0 Beta 9 (HKLM-x32\...\Afterburner) (Version: 4.0.0 Beta 9 - MSI Co., LTD)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.1 - Black Tree Gaming)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6348 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.1.3 (HKLM-x32\...\RTSS) (Version: 6.1.3 - Unwinder)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Sculptris Alpha 6 (HKLM-x32\...\InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}) (Version: 0.6 - Pixologic)
Sculptris Alpha 6 (x32 Version: 0.6 - Pixologic) Hidden
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Symantec Endpoint Protection (HKLM\...\{A5DCF955-5D4A-471D-8CB3-DCFDF5C5DEE7}) (Version: 12.1.5337.5000 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.16.1 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.797.20 - Electronic Arts Inc.)
The Sims™ 4 Create A Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
Watch_Dogs (HKLM-x32\...\Steam App 243470) (Version:  - Ubisoft)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
WinRAR 5.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
WTF (HKLM-x32\...\WTF_is1) (Version: WTF - OnNet)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

05-11-2014 00:30:56 Installed Symantec Endpoint Protection.
06-11-2014 15:26:00 Windows Update
06-11-2014 22:11:24 3D少女カスタムエボリューション を削除しました
07-11-2014 15:16:08 Removed AVG 2015
07-11-2014 15:21:14 Removed AVG 2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12FCD983-A1F1-4B85-AD28-E2FFF007AD92} - System32\Tasks\AdobeAAMUpdater-1.0-HannahsGamer-PC-Hannah's Gamer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {2DA05C46-453D-4A5F-9FF0-89E15D18E625} - System32\Tasks\gg_uac_daemon_Hannah's Gamer => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2013-08-23] ()
Task: {35439C1B-74EE-4228-8B2C-DC45BDC6440B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {3BF61DF5-AACA-46D4-B01B-5D8C50B3A87E} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-01] (ASUS)
Task: {48FF70D5-7153-4131-952C-BD3C80EE4834} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2010-12-17] (ASUSTek Computer Inc.)
Task: {646EAD4E-FB05-4ABC-84A1-90B90677EEAC} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {9C6086C8-763B-4778-A863-11ABED005CE1} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {C2F31587-1C2E-49DA-A30B-3F6BF71E92C9} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-06-09 21:32 - 2014-05-19 20:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-23 18:57 - 2011-05-05 15:36 - 00022528 _____ () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
2014-09-23 18:57 - 2011-05-05 15:36 - 01479680 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_x64.dll
2014-09-23 18:57 - 2011-05-05 15:36 - 00977408 _____ () C:\Program Files\DAZ 3D\Content Management Service\VServer_x64.dll
2014-09-23 18:57 - 2011-05-05 15:36 - 01053696 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_ssl_x64.dll
2014-09-23 18:57 - 2011-05-05 15:36 - 00155136 _____ () C:\Program Files\DAZ 3D\Content Management Service\asnmp_x64.dll
2011-05-05 22:26 - 2011-03-03 22:40 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2014-07-16 07:33 - 2014-08-19 14:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2010-09-23 18:53 - 2010-09-23 18:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-08-11 21:52 - 2010-08-11 21:52 - 00060928 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
2010-07-14 18:11 - 2010-07-14 18:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2013-08-23 04:10 - 2013-08-23 04:10 - 00049456 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2010-04-02 21:21 - 2008-10-01 01:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-23 04:10 - 2013-08-23 04:10 - 00553776 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2014-01-03 01:59 - 2014-02-10 12:04 - 00430080 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1535427691-3306136858-2124148999-500 - Administrator - Disabled)
Guest (S-1-5-21-1535427691-3306136858-2124148999-501 - Limited - Enabled)
Hannah's Gamer (S-1-5-21-1535427691-3306136858-2124148999-1000 - Administrator - Enabled) => C:\Users\Hannah's Gamer
HomeGroupUser$ (S-1-5-21-1535427691-3306136858-2124148999-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/07/2014 10:30:19 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (11/07/2014 10:30:19 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (11/07/2014 10:09:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 57130640

Error: (11/07/2014 10:09:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 57130640

Error: (11/07/2014 10:09:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2014 06:17:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5897

Error: (11/06/2014 06:17:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5897

Error: (11/06/2014 06:17:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2014 06:17:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3744

Error: (11/06/2014 06:17:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3744

System errors:
=============
Error: (11/07/2014 10:50:43 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{DAC3627D-86AB-4132-AD54-E9DD97AEB25F}.
The backup browser is stopping.

Error: (11/07/2014 10:49:41 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.11 did not allow the name to be claimed by
this computer.

Error: (11/07/2014 10:49:33 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (11/07/2014 10:49:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1053

Error: (11/07/2014 10:49:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (11/06/2014 10:19:03 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{26F68AA6-EE3D-4B0F-81DC-8BFC7993C549}.
The backup browser is stopping.

Error: (11/06/2014 10:14:55 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.

Error: (11/04/2014 08:27:03 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{26F68AA6-EE3D-4B0F-81DC-8BFC7993C549}.
The backup browser is stopping.

Error: (11/04/2014 08:10:14 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/04/2014 08:06:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (11/07/2014 10:30:19 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\NVIDIA Corporation\Update Core\NvBackendAPI64.dllC:\Program Files\NVIDIA Corporation\Update Core\NvBackendAPI64.dll0

Error: (11/07/2014 10:30:19 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (11/07/2014 10:09:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 57130640

Error: (11/07/2014 10:09:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 57130640

Error: (11/07/2014 10:09:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2014 06:17:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5897

Error: (11/06/2014 06:17:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5897

Error: (11/06/2014 06:17:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2014 06:17:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3744

Error: (11/06/2014 06:17:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3744

==================== Memory info ===========================

Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 34%
Total physical RAM: 8169.16 MB
Available physical RAM: 5382.66 MB
Total Pagefile: 28334.51 MB
Available Pagefile: 25358.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:440.76 GB) (Free:221.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (SDATA1) (Fixed) (Total:232.87 GB) (Free:182.97 GB) NTFS
Drive e: (SDATA2) (Fixed) (Total:232.89 GB) (Free:226.93 GB) NTFS
Drive g: (3DGE) (CDROM) (Total:1.74 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 38601C96)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=440.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: BBC58B91)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#11 hannahthedog

hannahthedog
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 06 November 2014 - 01:40 PM

Scan from Eset

 

[2014.11.07 11:34:34.713] - Begin
[2014.11.07 11:34:34.713] -
[2014.11.07 11:34:34.714] -     ....................................
[2014.11.07 11:34:34.714] -   ..::::::::::::::::::....................
[2014.11.07 11:34:34.715] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Poweliks
[2014.11.07 11:34:34.716] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.0.0.1
[2014.11.07 11:34:34.717] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Oct 15 2014
[2014.11.07 11:34:34.718] -  .::EE:::::::::::::SS:.EE..........TT......
[2014.11.07 11:34:34.719] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2014.11.07 11:34:34.719] -   ..::::::::::::::::::....................    1992-2013. All rights reserved.
[2014.11.07 11:34:34.719] -     ....................................
[2014.11.07 11:34:34.720] -
[2014.11.07 11:34:34.720] - --------------------------------------------------------------------------------
[2014.11.07 11:34:34.720] -
[2014.11.07 11:34:34.720] - INFO: OS: 6.1.7601 SP1
[2014.11.07 11:34:34.720] - INFO: Product Type: Workstation
[2014.11.07 11:34:34.721] - INFO: WoW64: True
[2014.11.07 11:34:34.721] - INFO: Machine guid: B7E626CC-E916-438F-AF25-846BBA39FB8C
[2014.11.07 11:34:34.721] -
[2014.11.07 11:34:46.694] - INFO: Scanning for system infection...
[2014.11.07 11:34:46.695] - --------------------------------------------------------------------------------
[2014.11.07 11:34:46.695] -
[2014.11.07 11:34:46.695] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.07 11:34:46.697] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.07 11:34:46.699] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.07 11:34:46.699] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.07 11:34:46.700] - INFO: Processing classes...
[2014.11.07 11:34:46.706] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}]
[2014.11.07 11:34:46.706] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.707] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.707] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.707] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.707] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.707] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.708] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.708] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.708] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.708] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.708] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.708] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.708] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.708] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.708] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.709] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.709] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.709] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.709] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.709] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.709] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.709] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.709] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.709] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.709] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.710] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.710] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.710] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.710] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.710] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.710] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.710] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.710] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.710] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.711] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.711] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.711] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.711] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.711] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.711] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.711] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.711] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.711] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.712] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.712] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.712] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.712] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.712] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.712] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.712] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.712] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.712] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.713] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.713] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.713] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.713] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.713] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.713] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.713] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.713] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.713] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.713] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.714] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.714] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.714] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.714] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.714] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.714] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.714] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.714] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.714] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.714] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.715] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.715] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.715] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.715] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.715] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.715] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.715] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.715] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.715] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.716] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.716] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.716] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.716] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.716] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.716] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.716] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.716] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.716] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.717] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.717] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.717] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.717] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.717] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.717] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.717] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.717] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.717] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.717] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.718] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.718] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.718] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.718] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.718] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.718] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.718] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.718] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.718] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.718] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.719] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.719] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.719] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.719] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.719] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.719] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.719] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.719] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.719] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.719] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.720] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.720] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.720] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.720] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.720] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.720] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.720] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.720] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.720] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.721] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.721] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.721] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.721] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.721] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.721] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.721] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.721] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.721] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.721] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.722] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.722] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.722] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.722] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.722] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.722] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.722] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.722] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.722] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.722] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.723] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.723] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.723] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.723] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.723] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.723] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.723] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.723] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.723] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.723] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.724] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.724] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.724] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.724] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.724] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.724] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.724] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.724] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.724] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.725] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.725] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.725] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.725] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.725] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.725] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.725] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.725] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.725] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.725] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.726] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.726] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.726] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.726] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.726] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.726] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.726] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.726] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.726] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.727] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.727] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.727] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.727] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.727] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.727] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.727] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.727] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.727] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.727] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.728] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.729] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.729] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.729] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.729] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.729] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.729] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.729] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.729] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.729] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.729] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.730] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.730] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.730] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.730] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.730] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.730] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.730] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.730] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.730] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.731] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.731] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.731] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.731] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.731] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.731] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.731] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.731] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.731] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.731] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.732] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.732] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.732] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.732] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.732] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.732] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.732] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.732] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.732] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.732] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.733] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.733] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.733] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.733] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.733] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.733] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.733] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.733] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.733] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.733] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.734] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.734] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.734] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.734] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.734] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.734] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.734] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.734] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.734] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.735] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.735] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.735] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.735] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.735] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.735] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.735] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.735] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.735] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.735] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.736] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.736] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.736] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.736] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.736] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.736] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.736] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.736] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.736] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.736] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.737] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.737] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.737] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.737] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.737] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.737] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.737] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.737] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.737] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.737] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.738] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.738] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.738] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.738] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.738] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.738] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.738] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.738] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.738] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.738] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.738] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.738] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.738] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.738] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.738] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.738] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.739] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.740] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.740] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.740] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.740] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.740] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.740] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.740] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.740] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.740] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.740] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.740] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.740] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.740] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0060-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.740] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0060-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.740] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0060-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.740] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.740] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.740] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.741] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.741] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.741] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.741] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0063-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.741] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0063-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.741] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0063-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.741] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.741] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.741] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.741] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.741] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.741] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.741] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.741] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.741] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.741] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.741] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.741] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.742] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.742] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.742] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.742] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.742] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.742] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.742] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.742] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.742] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.742] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.742] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.742] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.742] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.742] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.742] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.742] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.742] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.742] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.742] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.743] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.744] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.744] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.744] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.744] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.744] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.744] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.744] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.744] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.744] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.744] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.744] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.744] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.744] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.744] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.744] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.744] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.744] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.744] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.744] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.745] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.745] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.745] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.745] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.745] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.745] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.745] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.745] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.745] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.745] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.745] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.745] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.745] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.745] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.745] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.745] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.745] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.745] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.745] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.746] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.746] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.746] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.746] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.746] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.746] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.746] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.746] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.746] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.746] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.746] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.746] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.746] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.746] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.746] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.746] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.746] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.746] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.746] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.746] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.747] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.747] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.747] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.747] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.747] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.747] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.747] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.747] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.747] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.747] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.747] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.747] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.747] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.747] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.747] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.747] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.747] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.747] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.747] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.748] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.748] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.748] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.748] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.748] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.748] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.748] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.748] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.748] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.748] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.748] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.748] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.748] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.748] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.748] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.748] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.748] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.748] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.748] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.749] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.749] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.749] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.749] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.749] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.749] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.749] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.749] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.749] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.749] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.749] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.749] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.749] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.749] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.749] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.749] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.749] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.749] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.749] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.750] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.750] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.750] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.750] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.750] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.750] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.750] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.750] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.750] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.750] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.750] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.750] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.750] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.750] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.750] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.750] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.750] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.750] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.750] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.751] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.751] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.751] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.751] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.751] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.751] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.751] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.751] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.751] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.751] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.751] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.751] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.751] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.751] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.751] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.751] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.751] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.751] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.752] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.752] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.752] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.752] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.752] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.752] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.752] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.752] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.752] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.752] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.752] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.752] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.752] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.752] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.752] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.752] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.752] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.752] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.753] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.753] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.753] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.753] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.753] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.753] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.753] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.753] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.753] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.753] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.753] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.753] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.753] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.753] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.753] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.753] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.753] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.753] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.754] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.754] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.754] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.754] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.754] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.754] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.754] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.754] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.754] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.754] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.754] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.754] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.754] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.754] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.754] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.754] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.754] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.754] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.755] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.756] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.756] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.756] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.756] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.756] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.756] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.756] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.756] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.756] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.756] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.756] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.756] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.756] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.756] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.756] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.756] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.756] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.756] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.756] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.757] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.757] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.757] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.757] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.757] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.757] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.757] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.757] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.757] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.757] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.757] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.757] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.757] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.757] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.757] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.757] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.757] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.757] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.757] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.758] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.758] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.758] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.758] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.758] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.758] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.758] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.758] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.758] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.758] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.758] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.758] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.758] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.758] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.758] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.758] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.758] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.758] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.758] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.758] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.759] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.760] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.760] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.760] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.760] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.760] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.760] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.760] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.760] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.760] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.760] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.760] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.760] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.760] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.760] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.760] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.760] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.760] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.760] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.760] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.761] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.761] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.761] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.761] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.761] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.761] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.761] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.761] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.761] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.761] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.761] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.761] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.761] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.761] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.761] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.761] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.761] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.761] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.762] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.762] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.762] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.762] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.762] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.762] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.762] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.762] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.762] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.762] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.762] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.762] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.762] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.762] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.762] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.762] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.762] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.763] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.763] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.763] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.763] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.763] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.763] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.763] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.763] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.763] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.763] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.763] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.763] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.763] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.763] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.763] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.763] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.763] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.763] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.764] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.764] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.764] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.764] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.764] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.764] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.764] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.764] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.764] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.764] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.764] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.764] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.764] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.764] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.764] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.764] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.764] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.764] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.765] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.765] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.765] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.765] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.765] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.765] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.765] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.765] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.765] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.765] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.765] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.765] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.765] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.765] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.765] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.765] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.765] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.765] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.765] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.766] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.766] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.766] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.766] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.766] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.766] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.766] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.766] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.766] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.766] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.766] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0058-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.766] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0058-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.766] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0058-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.766] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.766] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.766] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.766] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.767] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.767] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.767] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.767] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.767] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.767] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.767] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.767] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.767] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.767] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.767] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.767] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.767] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.767] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.767] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.767] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.767] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.767] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.767] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.768] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.768] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.768] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.768] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.768] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.768] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.768] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.768] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.768] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.768] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.768] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.768] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.768] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.768] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.768] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBB}]
[2014.11.07 11:34:46.768] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBC}]
[2014.11.07 11:34:46.768] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}]
[2014.11.07 11:34:46.768] - INFO: Processing clsid [\Registry\User\S-1-5-21-1535427691-3306136858-2124148999-1000\SOFTWARE\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
[2014.11.07 11:34:46.769] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.07 11:34:46.771] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.07 11:34:46.771] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.07 11:34:46.771] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.07 11:34:46.771] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.07 11:34:46.771] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.07 11:34:46.771] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.07 11:34:46.771] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.07 11:34:46.771] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.07 11:34:46.772] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.07 11:34:46.773] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.07 11:34:46.774] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.07 11:34:46.774] - INFO: Win32/Poweliks not found
[2014.11.07 11:35:25.484] - End
 



#12 hannahthedog

hannahthedog
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 06 November 2014 - 01:42 PM

Scan from FRST.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Hannah's Gamer (administrator) on HANNAHSGAMER-PC on 07-11-2014 11:08:41
Running from C:\Users\Hannah's Gamer\Pictures
Loaded Profile: Hannah's Gamer (Available profiles: Hannah's Gamer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Windows\AsScrPro.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\DoScan.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\SymCorpUI.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\SmcGui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
(AVAST Software) C:\Users\Hannah's Gamer\Desktop\aswMBR.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11788392 2011-04-07] (Realtek Semiconductor)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1605632 2010-11-14] (Intel® Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-03] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-03-03] (Synaptics Incorporated)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-11] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [43008 2011-04-08] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [USBChargerPlusTray] => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [496560 2011-04-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2014-05-16] (ASUS)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1535427691-3306136858-2124148999-1000\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9940272 2014-07-24] ()
HKU\S-1-5-21-1535427691-3306136858-2124148999-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1535427691-3306136858-2124148999-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1535427691-3306136858-2124148999-1000\...\MountPoints2: {6487b066-3948-11e4-81c1-14dae91a017f} - G:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\Users\Hannah's Gamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Users\Hannah's Gamer\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
Startup: C:\Users\Hannah's Gamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.us.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hannah's Gamer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\IPSFF [2014-11-04]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2010-11-07] (Red Bend Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5317936 2014-01-13] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [144496 2014-09-12] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe [394592 2014-09-12] (Symantec Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [869376 2010-11-07] (Intel® Corporation) [File not signed]
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R1 ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys [162392 2014-09-12] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-10] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-22] (Symantec Corporation)
U3 EraserUtilDrv11410; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [142640 2014-10-22] (Symantec Corporation)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77040 2012-11-08] (Fresco Logic)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20141104.011\IDSvia64.sys [525016 2014-11-03] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-07] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20141105.003\ENG64.SYS [129752 2014-10-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20141105.003\EX64.SYS [2137304 2014-10-22] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2014-08-13] ()
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSP64.SYS [880856 2014-09-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSPX64.SYS [37592 2014-09-12] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys [36952 2014-09-12] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys [1611992 2014-11-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-11-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS [266968 2014-09-12] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS [593112 2014-09-12] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159552 2014-11-04] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [107504 2014-09-12] (Symantec Corporation)
U3 aswMBR; \??\C:\Users\HANNAH~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\HANNAH~1\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 11:02 - 2014-11-07 11:02 - 00005819 _____ () C:\Users\Hannah's Gamer\Desktop\aswMBR.txt
2014-11-07 11:02 - 2014-11-07 11:02 - 00000512 _____ () C:\Users\Hannah's Gamer\Desktop\MBR.dat
2014-11-07 10:59 - 2014-11-07 10:59 - 05194752 _____ (AVAST Software) C:\Users\Hannah's Gamer\Desktop\aswMBR.exe
2014-11-07 10:44 - 2014-11-07 10:44 - 00003480 ____N () C:\bootsqm.dat
2014-11-07 10:40 - 2014-11-07 10:40 - 00000000 __SHD () C:\found.000
2014-11-06 17:21 - 2014-11-06 17:21 - 00004812 _____ () C:\Users\Hannah's Gamer\Desktop\attach.zip
2014-11-06 17:20 - 2014-11-06 17:20 - 00032210 _____ () C:\Users\Hannah's Gamer\Desktop\dds.txt
2014-11-06 17:20 - 2014-11-06 17:20 - 00019068 _____ () C:\Users\Hannah's Gamer\Desktop\attach.txt
2014-11-06 17:17 - 2014-11-06 17:17 - 00688992 ____R (Swearware) C:\Users\Hannah's Gamer\Desktop\dds.com
2014-11-05 08:47 - 2014-11-07 11:08 - 00000000 ____D () C:\FRST
2014-11-05 08:47 - 2014-11-05 08:47 - 02114560 _____ (Farbar) C:\Users\Hannah's Gamer\Downloads\frst64.exe
2014-11-04 19:45 - 2014-11-04 19:45 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\Symantec
2014-11-04 19:44 - 2014-11-04 19:44 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\CrashDumps
2014-11-04 19:36 - 2014-11-04 19:36 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-11-04 19:36 - 2014-11-04 19:36 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-11-04 19:36 - 2014-11-04 19:36 - 00000000 ____D () C:\Windows\system32\Drivers\symefasi
2014-11-04 19:36 - 2014-11-04 19:36 - 00000000 ____D () C:\ProgramData\SymEFASI
2014-11-04 19:36 - 2014-11-04 19:36 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-11-04 19:34 - 2014-11-04 19:34 - 00579936 _____ (Symantec Corporation) C:\Windows\system32\SymVPN.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00462688 _____ (Symantec Corporation) C:\Windows\system32\sysfer.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00424288 _____ (Symantec Corporation) C:\Windows\SysWOW64\SymVPN.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00363872 _____ (Symantec Corporation) C:\Windows\SysWOW64\sysfer.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00159552 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SysPlant.sys
2014-11-04 19:34 - 2014-11-04 19:34 - 00159072 _____ (Symantec Corporation) C:\Windows\system32\FwsVpn.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00139104 _____ (Symantec Corporation) C:\Windows\SysWOW64\FwsVpn.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00058720 _____ (Symantec Corporation) C:\Windows\system32\snacnp.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00051552 _____ (Symantec Corporation) C:\Windows\SysWOW64\snacnp.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00039384 _____ (Symantec Corporation) C:\Windows\system32\Drivers\WGX64.SYS
2014-11-04 19:33 - 2014-11-05 08:47 - 00000000 ____D () C:\ProgramData\Symantec
2014-11-04 19:33 - 2014-11-04 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
2014-11-04 19:33 - 2014-11-04 19:33 - 00000000 ____D () C:\Windows\system32\Drivers\SEP
2014-11-04 19:33 - 2014-11-04 19:33 - 00000000 ____D () C:\ProgramData\regid.1992-12.com.symantec
2014-11-04 19:33 - 2014-11-04 19:33 - 00000000 ____D () C:\Program Files (x86)\Symantec
2014-11-04 19:22 - 2014-11-04 19:24 - 00000000 ____D () C:\sep win64
2014-11-04 17:54 - 2014-11-04 17:54 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Hannah's Gamer\Documents\rkill64.com
2014-11-04 13:54 - 2014-11-05 07:02 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-04 13:54 - 2014-11-04 13:54 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-04 13:42 - 2014-11-04 16:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-04 13:42 - 2014-11-04 13:42 - 00001264 _____ () C:\Users\Hannah's Gamer\Desktop\Spybot - Search & Destroy.lnk
2014-11-04 13:42 - 2014-11-04 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-11-04 13:42 - 2014-11-04 13:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-11-04 13:21 - 2014-11-06 10:23 - 00002130 _____ () C:\Users\Hannah's Gamer\Desktop\Rkill.txt
2014-11-03 10:06 - 2014-11-03 11:28 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\TeamViewer
2014-11-01 07:49 - 2014-11-01 07:49 - 01375089 _____ () C:\Users\Hannah's Gamer\Documents\AdwCleaner.exe
2014-11-01 07:38 - 2014-11-05 07:55 - 00000000 ____D () C:\AdwCleaner
2014-11-01 07:28 - 2014-11-01 07:28 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-01 07:28 - 2014-11-01 07:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-01 07:28 - 2014-11-01 07:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-01 07:28 - 2014-11-01 07:28 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-01 07:28 - 2014-11-01 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-01 07:28 - 2014-11-01 07:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-31 22:39 - 2014-10-31 22:39 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\Process Hacker 2
2014-10-31 22:34 - 2014-10-31 22:34 - 00001843 _____ () C:\Users\Hannah's Gamer\Desktop\Process Hacker 2.lnk
2014-10-31 22:34 - 2014-10-31 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2014-10-31 22:34 - 2014-10-31 22:34 - 00000000 ____D () C:\Program Files\Process Hacker 2
2014-10-30 15:03 - 2014-10-30 15:39 - 00001344 _____ () C:\Users\Public\Desktop\The Sims 4.lnk
2014-10-30 15:03 - 2014-10-30 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
2014-10-30 14:27 - 2014-10-30 14:28 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\Origin
2014-10-30 14:14 - 2014-10-30 14:14 - 00000985 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-10-30 14:14 - 2014-10-30 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-10-26 19:57 - 2014-11-07 10:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 19:56 - 2014-10-26 19:56 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-26 19:56 - 2014-10-26 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-26 19:56 - 2014-10-26 19:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-26 19:56 - 2014-10-26 19:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-26 19:56 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-26 19:56 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-26 19:56 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-26 09:47 - 2014-10-26 09:47 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Hannah's Gamer\Documents\rkill.com
2014-10-21 14:10 - 2014-10-21 14:10 - 00000000 ____D () C:\Users\Hannah's Gamer\Documents\torleys-windlight-settings-3
2014-10-21 14:10 - 2014-10-21 14:10 - 00000000 ____D () C:\Users\Hannah's Gamer\Documents\JUICYBOMB.COM - Studio Windlight Settings
2014-10-21 14:09 - 2014-10-21 14:10 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\{B6E64F8B-FD5B-4701-BFA3-41AE2E1423B7}
2014-10-21 14:08 - 2014-10-21 14:08 - 00275888 _____ () C:\Users\Hannah's Gamer\Documents\torleys-windlight-settings-3.zip
2014-10-21 14:01 - 2014-10-21 14:01 - 00000000 ____D () C:\Users\Hannah's Gamer\Documents\Xanthes Windlights
2014-10-21 14:00 - 2014-10-21 14:00 - 00004164 _____ () C:\Users\Hannah's Gamer\Documents\StrawberrySinghHeadshots.xml
2014-10-21 13:54 - 2014-10-21 13:54 - 00006434 _____ () C:\Users\Hannah's Gamer\Documents\Xanthes Windlights.zip
2014-10-21 13:54 - 2014-10-21 13:54 - 00005256 _____ () C:\Users\Hannah's Gamer\Documents\JUICYBOMB.COM - Studio Windlight Settings.zip
2014-10-18 09:01 - 2014-11-07 10:51 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Hannah's Gamer
2014-10-17 11:28 - 2014-10-26 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm
2014-10-17 11:28 - 2014-10-17 11:28 - 00001006 _____ () C:\Users\Public\Desktop\Firestorm-Releasex64.lnk
2014-10-17 11:27 - 2014-10-17 11:28 - 00000000 ____D () C:\Program Files\Firestorm-Releasex64
2014-10-17 09:06 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-17 09:06 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-17 09:06 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 09:06 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 09:06 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 09:06 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 09:06 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 09:06 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 09:06 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 09:05 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-17 09:05 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 09:05 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 09:05 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 09:05 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 09:05 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 09:05 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 09:05 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 09:05 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 09:05 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 09:05 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 09:05 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 09:05 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-17 09:05 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 09:05 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 09:05 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-17 09:05 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 09:05 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-17 09:05 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-17 09:05 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 09:05 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 09:05 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 09:05 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-17 09:05 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-17 09:05 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 09:05 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-17 09:05 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-17 09:05 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-17 09:05 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 09:05 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 09:05 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-17 09:05 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-17 09:05 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 09:05 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 09:05 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-17 09:05 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 09:05 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-17 09:05 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 09:05 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 09:05 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 09:05 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 09:05 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-17 09:05 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-17 09:05 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-17 09:05 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 09:05 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 09:05 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-17 09:05 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-17 09:05 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 09:05 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 09:05 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 09:05 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-17 09:05 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 09:05 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 09:05 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-17 09:05 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 09:05 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-17 09:05 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 09:05 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 09:04 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 09:04 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 09:04 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 09:04 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-17 09:04 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 09:04 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 09:04 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-17 09:04 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 09:04 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-17 09:04 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 09:04 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-17 09:04 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-17 09:04 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-17 09:04 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 09:04 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-17 09:04 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-17 09:04 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-17 09:04 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 17:43 - 2014-10-16 17:43 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-10-11 16:27 - 2014-10-26 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
2014-10-11 16:27 - 2014-10-11 16:27 - 00001159 _____ () C:\Users\Public\Desktop\Second Life Viewer.lnk
2014-10-11 16:27 - 2014-10-11 16:27 - 00000000 ____D () C:\Program Files (x86)\SecondLifeViewer

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 11:00 - 2014-05-16 18:13 - 01320070 _____ () C:\Windows\WindowsUpdate.log
2014-11-07 10:59 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 10:59 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-07 10:53 - 2014-06-11 17:16 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\GarenaPlus
2014-11-07 10:53 - 2014-06-11 13:32 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-11-07 10:53 - 2009-07-14 00:13 - 00796678 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-07 10:52 - 2014-08-04 07:57 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\IMVU
2014-11-07 10:52 - 2014-06-09 21:13 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\Skype
2014-11-07 10:47 - 2009-07-13 23:51 - 00098145 _____ () C:\Windows\setupact.log
2014-11-07 10:46 - 2014-05-16 18:22 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-07 10:46 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-07 10:44 - 2014-09-24 14:10 - 00000000 ____D () C:\ProgramData\AVG2015
2014-11-07 10:44 - 2014-09-24 14:05 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-07 10:44 - 2011-04-11 17:49 - 00346712 _____ () C:\Windows\PFRO.log
2014-11-07 10:15 - 2014-06-09 22:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-06 17:12 - 2014-09-10 19:34 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\BitTorrent
2014-11-06 17:10 - 2014-09-05 17:50 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\FirestormOS_x64
2014-11-04 19:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-04 17:49 - 2014-05-16 18:35 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-11-03 21:13 - 2014-06-09 08:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-03 15:51 - 2014-06-25 10:10 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\SecondLife
2014-11-03 15:28 - 2014-07-14 16:18 - 00000000 ____D () C:\Users\Hannah's Gamer\Documents\skse_1_07_01
2014-11-03 14:39 - 2014-09-05 17:50 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\Firestorm_x64
2014-11-02 20:03 - 2014-08-04 07:15 - 00000000 ____D () C:\ProgramData\Origin
2014-11-02 13:16 - 2014-08-19 13:53 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-01 07:28 - 2014-08-12 11:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-30 16:42 - 2014-08-19 14:17 - 00000000 ____D () C:\Users\Hannah's Gamer\Documents\Electronic Arts
2014-10-30 15:03 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-30 14:37 - 2014-08-19 13:54 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-10-30 14:14 - 2014-08-19 13:53 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-10-30 06:25 - 2014-05-16 16:26 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 13:40 - 2014-09-24 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-26 13:40 - 2014-09-23 18:57 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2014-10-26 13:40 - 2014-09-23 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2014-10-26 13:40 - 2014-09-18 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-26 13:40 - 2014-06-15 12:08 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\NVIDIA
2014-10-26 13:40 - 2014-06-14 17:02 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\Garena
2014-10-26 13:40 - 2014-06-11 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2014-10-26 13:40 - 2014-06-11 14:53 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2014-10-26 13:40 - 2014-05-16 18:33 - 00000000 ____D () C:\ProgramData\P4G
2014-10-26 13:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-10-26 09:42 - 2014-05-16 16:01 - 00000000 ____D () C:\Users\Hannah's Gamer
2014-10-26 08:52 - 2014-09-24 14:05 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\Avg2015
2014-10-18 15:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-18 08:56 - 2009-07-13 23:45 - 04826240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-18 08:53 - 2014-05-16 18:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 21:33 - 2014-05-16 17:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 21:31 - 2014-05-16 17:33 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-17 11:27 - 2014-06-19 15:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-15 09:04 - 2014-06-09 21:13 - 00000000 ____D () C:\ProgramData\Skype
2014-10-12 20:22 - 2014-09-30 13:40 - 00000000 ____D () C:\Users\Public\Documents\My DAZ 3D Library

Some content of TEMP:
====================
C:\Users\Hannah's Gamer\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Hannah's Gamer\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 02:34

==================== End Of Log ============================

 

Addition log from FRST.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Hannah's Gamer at 2014-11-07 11:09:08
Running from C:\Users\Hannah's Gamer\Pictures
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Design Premium (HKLM-x32\...\{60E59A6C-7399-495A-B85C-C829F4E59602}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{AECA3622-E634-4A55-A696-70A511CBE06E}) (Version: 2.0.0 - AsusTek Computer Inc.)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
AsusScr_G74 Series_ENG (HKLM-x32\...\AsusScr_G74 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.27) (Version: 1.1.0.27 - DAZ 3D)
Firestorm SecondLife and OpenSim viewer (Version: 4.6.42398 - Phoenix Viewer Project) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{5b0b9787-398d-46f9-ab2c-4f0ad6671f84}) (Version: 4.6.42398 - Phoenix Firestorm Project Inc)
Fresco Logic USB3.0 Host Controller (HKLM\...\{B1E301A1-C2B4-4B0B-AF31-C71F8A53DCDA}) (Version: 3.0.119.1 - Fresco Logic Inc.)
Garena - Mstar (HKLM-x32\...\Mstar) (Version:  - Garena Online Pte Ltd.)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
IMVU Avatar Chat Software (HKCU\...\IMVU Avatar chat client software BETA) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}) (Version: 6.01.0000 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live2D Cubism 1.1.06 (HKLM-x32\...\Live2D Cubism) (Version: 1.1.06 - Cybernoids Co.,Ltd.)
LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Manga Studio EX 4.0 (HKLM-x32\...\Manga Studio EX 4.0) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
MSI Afterburner 4.0.0 Beta 9 (HKLM-x32\...\Afterburner) (Version: 4.0.0 Beta 9 - MSI Co., LTD)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.1 - Black Tree Gaming)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6348 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.1.3 (HKLM-x32\...\RTSS) (Version: 6.1.3 - Unwinder)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Sculptris Alpha 6 (HKLM-x32\...\InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}) (Version: 0.6 - Pixologic)
Sculptris Alpha 6 (x32 Version: 0.6 - Pixologic) Hidden
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Symantec Endpoint Protection (HKLM\...\{A5DCF955-5D4A-471D-8CB3-DCFDF5C5DEE7}) (Version: 12.1.5337.5000 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.16.1 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.797.20 - Electronic Arts Inc.)
The Sims™ 4 Create A Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
Watch_Dogs (HKLM-x32\...\Steam App 243470) (Version:  - Ubisoft)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
WinRAR 5.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
WTF (HKLM-x32\...\WTF_is1) (Version: WTF - OnNet)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

05-11-2014 00:30:56 Installed Symantec Endpoint Protection.
06-11-2014 15:26:00 Windows Update
06-11-2014 22:11:24 3D少女カスタムエボリューション を削除しました
07-11-2014 15:16:08 Removed AVG 2015
07-11-2014 15:21:14 Removed AVG 2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12FCD983-A1F1-4B85-AD28-E2FFF007AD92} - System32\Tasks\AdobeAAMUpdater-1.0-HannahsGamer-PC-Hannah's Gamer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {2DA05C46-453D-4A5F-9FF0-89E15D18E625} - System32\Tasks\gg_uac_daemon_Hannah's Gamer => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2013-08-23] ()
Task: {35439C1B-74EE-4228-8B2C-DC45BDC6440B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {3BF61DF5-AACA-46D4-B01B-5D8C50B3A87E} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-01] (ASUS)
Task: {48FF70D5-7153-4131-952C-BD3C80EE4834} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2010-12-17] (ASUSTek Computer Inc.)
Task: {646EAD4E-FB05-4ABC-84A1-90B90677EEAC} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {9C6086C8-763B-4778-A863-11ABED005CE1} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {C2F31587-1C2E-49DA-A30B-3F6BF71E92C9} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-06-09 21:32 - 2014-05-19 20:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-23 18:57 - 2011-05-05 15:36 - 00022528 _____ () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
2014-09-23 18:57 - 2011-05-05 15:36 - 01479680 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_x64.dll
2014-09-23 18:57 - 2011-05-05 15:36 - 00977408 _____ () C:\Program Files\DAZ 3D\Content Management Service\VServer_x64.dll
2014-09-23 18:57 - 2011-05-05 15:36 - 01053696 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_ssl_x64.dll
2014-09-23 18:57 - 2011-05-05 15:36 - 00155136 _____ () C:\Program Files\DAZ 3D\Content Management Service\asnmp_x64.dll
2011-05-05 22:26 - 2011-03-03 22:40 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2014-07-16 07:33 - 2014-08-19 14:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2010-09-23 18:53 - 2010-09-23 18:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-08-11 21:52 - 2010-08-11 21:52 - 00060928 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
2010-07-14 18:11 - 2010-07-14 18:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2013-08-23 04:10 - 2013-08-23 04:10 - 00049456 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2010-04-02 21:21 - 2008-10-01 01:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-23 04:10 - 2013-08-23 04:10 - 00553776 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2014-01-03 01:59 - 2014-02-10 12:04 - 00430080 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1535427691-3306136858-2124148999-500 - Administrator - Disabled)
Guest (S-1-5-21-1535427691-3306136858-2124148999-501 - Limited - Enabled)
Hannah's Gamer (S-1-5-21-1535427691-3306136858-2124148999-1000 - Administrator - Enabled) => C:\Users\Hannah's Gamer
HomeGroupUser$ (S-1-5-21-1535427691-3306136858-2124148999-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/07/2014 10:30:19 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (11/07/2014 10:30:19 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (11/07/2014 10:09:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 57130640

Error: (11/07/2014 10:09:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 57130640

Error: (11/07/2014 10:09:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2014 06:17:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5897

Error: (11/06/2014 06:17:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5897

Error: (11/06/2014 06:17:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2014 06:17:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3744

Error: (11/06/2014 06:17:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3744

System errors:
=============
Error: (11/07/2014 10:50:43 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{DAC3627D-86AB-4132-AD54-E9DD97AEB25F}.
The backup browser is stopping.

Error: (11/07/2014 10:49:41 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.11 did not allow the name to be claimed by
this computer.

Error: (11/07/2014 10:49:33 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (11/07/2014 10:49:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1053

Error: (11/07/2014 10:49:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (11/06/2014 10:19:03 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{26F68AA6-EE3D-4B0F-81DC-8BFC7993C549}.
The backup browser is stopping.

Error: (11/06/2014 10:14:55 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.

Error: (11/04/2014 08:27:03 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{26F68AA6-EE3D-4B0F-81DC-8BFC7993C549}.
The backup browser is stopping.

Error: (11/04/2014 08:10:14 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/04/2014 08:06:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (11/07/2014 10:30:19 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\NVIDIA Corporation\Update Core\NvBackendAPI64.dllC:\Program Files\NVIDIA Corporation\Update Core\NvBackendAPI64.dll0

Error: (11/07/2014 10:30:19 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (11/07/2014 10:09:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 57130640

Error: (11/07/2014 10:09:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 57130640

Error: (11/07/2014 10:09:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2014 06:17:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5897

Error: (11/06/2014 06:17:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5897

Error: (11/06/2014 06:17:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2014 06:17:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3744

Error: (11/06/2014 06:17:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3744

==================== Memory info ===========================

Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 34%
Total physical RAM: 8169.16 MB
Available physical RAM: 5382.66 MB
Total Pagefile: 28334.51 MB
Available Pagefile: 25358.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:440.76 GB) (Free:221.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (SDATA1) (Fixed) (Total:232.87 GB) (Free:182.97 GB) NTFS
Drive e: (SDATA2) (Fixed) (Total:232.89 GB) (Free:226.93 GB) NTFS
Drive g: (3DGE) (CDROM) (Total:1.74 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 38601C96)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=440.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: BBC58B91)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#13 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:05:16 AM

Posted 06 November 2014 - 09:28 PM

Looks like you had two topics going and they where merged together so you had responses from two different helpers, let me see a new FRST log, checkmark additions and post both logs as it may have changed after running ESET


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#14 hannahthedog

hannahthedog
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 07 November 2014 - 09:59 AM

I apologize for that, was unsure where my last post was. Also thank you for helping me.

 

New FRST log.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Hannah's Gamer (administrator) on HANNAHSGAMER-PC on 08-11-2014 07:54:08
Running from C:\Users\Hannah's Gamer\Pictures
Loaded Profile: Hannah's Gamer (Available profiles: Hannah's Gamer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(ASUS) C:\Windows\AsScrPro.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11788392 2011-04-07] (Realtek Semiconductor)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1605632 2010-11-14] (Intel® Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-03] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-03-03] (Synaptics Incorporated)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-11] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [43008 2011-04-08] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [USBChargerPlusTray] => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [496560 2011-04-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2014-05-16] (ASUS)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1535427691-3306136858-2124148999-1000\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9940272 2014-07-24] ()
HKU\S-1-5-21-1535427691-3306136858-2124148999-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1535427691-3306136858-2124148999-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1535427691-3306136858-2124148999-1000\...\MountPoints2: {6487b066-3948-11e4-81c1-14dae91a017f} - G:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\Users\Hannah's Gamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Users\Hannah's Gamer\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
Startup: C:\Users\Hannah's Gamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.us.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hannah's Gamer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\IPSFF [2014-11-04]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2010-11-07] (Red Bend Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5317936 2014-01-13] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [144496 2014-09-12] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe [394592 2014-09-12] (Symantec Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [869376 2010-11-07] (Intel® Corporation) [File not signed]
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R1 ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys [162392 2014-09-12] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-10] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-10-22] (Symantec Corporation)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77040 2012-11-08] (Fresco Logic)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20141106.011\IDSvia64.sys [525016 2014-11-03] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20141106.020\ENG64.SYS [129752 2014-10-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20141106.020\EX64.SYS [2137304 2014-10-22] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2014-08-13] ()
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSP64.SYS [880856 2014-09-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSPX64.SYS [37592 2014-09-12] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys [36952 2014-09-12] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys [1611992 2014-11-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-11-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS [266968 2014-09-12] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS [593112 2014-09-12] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159552 2014-11-04] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [107504 2014-09-12] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 07:53 - 2014-11-08 07:53 - 00316444 _____ () C:\Users\Hannah's Gamer\Desktop\ESETPoweliksCleaner.exe_20141108.075321.3884.log
2014-11-07 19:34 - 2014-11-07 19:34 - 00000000 ____D () C:\Users\Hannah's Gamer\.thumbnails
2014-11-07 19:34 - 2014-11-07 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
2014-11-07 19:33 - 2014-11-07 19:33 - 00000000 ____D () C:\Program Files\Blender Foundation
2014-11-07 11:34 - 2014-11-07 11:35 - 00316088 _____ () C:\Users\Hannah's Gamer\Desktop\ESETPoweliksCleaner.exe_20141107.113434.8540.log
2014-11-07 11:34 - 2014-11-07 11:34 - 00186568 _____ (ESET) C:\Users\Hannah's Gamer\Desktop\ESETPoweliksCleaner.exe
2014-11-07 11:02 - 2014-11-07 11:02 - 00005819 _____ () C:\Users\Hannah's Gamer\Desktop\aswMBR.txt
2014-11-07 11:02 - 2014-11-07 11:02 - 00000512 _____ () C:\Users\Hannah's Gamer\Desktop\MBR.dat
2014-11-07 10:59 - 2014-11-07 10:59 - 05194752 _____ (AVAST Software) C:\Users\Hannah's Gamer\Desktop\aswMBR.exe
2014-11-07 10:44 - 2014-11-07 10:44 - 00003480 ____N () C:\bootsqm.dat
2014-11-07 10:40 - 2014-11-07 10:40 - 00000000 __SHD () C:\found.000
2014-11-06 17:21 - 2014-11-06 17:21 - 00004812 _____ () C:\Users\Hannah's Gamer\Desktop\attach.zip
2014-11-06 17:20 - 2014-11-06 17:20 - 00032210 _____ () C:\Users\Hannah's Gamer\Desktop\dds.txt
2014-11-06 17:20 - 2014-11-06 17:20 - 00019068 _____ () C:\Users\Hannah's Gamer\Desktop\attach.txt
2014-11-06 17:17 - 2014-11-06 17:17 - 00688992 ____R (Swearware) C:\Users\Hannah's Gamer\Desktop\dds.com
2014-11-05 08:47 - 2014-11-08 07:54 - 00000000 ____D () C:\FRST
2014-11-05 08:47 - 2014-11-05 08:47 - 02114560 _____ (Farbar) C:\Users\Hannah's Gamer\Downloads\frst64.exe
2014-11-04 19:45 - 2014-11-04 19:45 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\Symantec
2014-11-04 19:44 - 2014-11-04 19:44 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\CrashDumps
2014-11-04 19:36 - 2014-11-04 19:36 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-11-04 19:36 - 2014-11-04 19:36 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-11-04 19:36 - 2014-11-04 19:36 - 00000000 ____D () C:\Windows\system32\Drivers\symefasi
2014-11-04 19:36 - 2014-11-04 19:36 - 00000000 ____D () C:\ProgramData\SymEFASI
2014-11-04 19:36 - 2014-11-04 19:36 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-11-04 19:34 - 2014-11-04 19:34 - 00579936 _____ (Symantec Corporation) C:\Windows\system32\SymVPN.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00462688 _____ (Symantec Corporation) C:\Windows\system32\sysfer.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00424288 _____ (Symantec Corporation) C:\Windows\SysWOW64\SymVPN.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00363872 _____ (Symantec Corporation) C:\Windows\SysWOW64\sysfer.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00159552 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SysPlant.sys
2014-11-04 19:34 - 2014-11-04 19:34 - 00159072 _____ (Symantec Corporation) C:\Windows\system32\FwsVpn.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00139104 _____ (Symantec Corporation) C:\Windows\SysWOW64\FwsVpn.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00058720 _____ (Symantec Corporation) C:\Windows\system32\snacnp.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00051552 _____ (Symantec Corporation) C:\Windows\SysWOW64\snacnp.dll
2014-11-04 19:34 - 2014-11-04 19:34 - 00039384 _____ (Symantec Corporation) C:\Windows\system32\Drivers\WGX64.SYS
2014-11-04 19:33 - 2014-11-05 08:47 - 00000000 ____D () C:\ProgramData\Symantec
2014-11-04 19:33 - 2014-11-04 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
2014-11-04 19:33 - 2014-11-04 19:33 - 00000000 ____D () C:\Windows\system32\Drivers\SEP
2014-11-04 19:33 - 2014-11-04 19:33 - 00000000 ____D () C:\ProgramData\regid.1992-12.com.symantec
2014-11-04 19:33 - 2014-11-04 19:33 - 00000000 ____D () C:\Program Files (x86)\Symantec
2014-11-04 19:22 - 2014-11-04 19:24 - 00000000 ____D () C:\sep win64
2014-11-04 17:54 - 2014-11-04 17:54 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Hannah's Gamer\Documents\rkill64.com
2014-11-04 13:54 - 2014-11-05 07:02 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-04 13:54 - 2014-11-04 13:54 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-04 13:42 - 2014-11-04 16:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-04 13:42 - 2014-11-04 13:42 - 00001264 _____ () C:\Users\Hannah's Gamer\Desktop\Spybot - Search & Destroy.lnk
2014-11-04 13:42 - 2014-11-04 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-11-04 13:42 - 2014-11-04 13:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-11-04 13:21 - 2014-11-06 10:23 - 00002130 _____ () C:\Users\Hannah's Gamer\Desktop\Rkill.txt
2014-11-03 10:06 - 2014-11-03 11:28 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\TeamViewer
2014-11-01 07:49 - 2014-11-01 07:49 - 01375089 _____ () C:\Users\Hannah's Gamer\Documents\AdwCleaner.exe
2014-11-01 07:38 - 2014-11-05 07:55 - 00000000 ____D () C:\AdwCleaner
2014-11-01 07:28 - 2014-11-01 07:28 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-01 07:28 - 2014-11-01 07:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-01 07:28 - 2014-11-01 07:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-01 07:28 - 2014-11-01 07:28 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-01 07:28 - 2014-11-01 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-01 07:28 - 2014-11-01 07:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-31 22:39 - 2014-10-31 22:39 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\Process Hacker 2
2014-10-31 22:34 - 2014-10-31 22:34 - 00001843 _____ () C:\Users\Hannah's Gamer\Desktop\Process Hacker 2.lnk
2014-10-31 22:34 - 2014-10-31 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2014-10-31 22:34 - 2014-10-31 22:34 - 00000000 ____D () C:\Program Files\Process Hacker 2
2014-10-30 15:03 - 2014-10-30 15:39 - 00001344 _____ () C:\Users\Public\Desktop\The Sims 4.lnk
2014-10-30 15:03 - 2014-10-30 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
2014-10-30 14:27 - 2014-10-30 14:28 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\Origin
2014-10-30 14:14 - 2014-10-30 14:14 - 00000985 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-10-30 14:14 - 2014-10-30 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-10-26 19:57 - 2014-11-08 07:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 19:56 - 2014-10-26 19:56 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-26 19:56 - 2014-10-26 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-26 19:56 - 2014-10-26 19:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-26 19:56 - 2014-10-26 19:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-26 19:56 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-26 19:56 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-26 19:56 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-26 09:47 - 2014-10-26 09:47 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Hannah's Gamer\Documents\rkill.com
2014-10-21 14:10 - 2014-10-21 14:10 - 00000000 ____D () C:\Users\Hannah's Gamer\Documents\torleys-windlight-settings-3
2014-10-21 14:10 - 2014-10-21 14:10 - 00000000 ____D () C:\Users\Hannah's Gamer\Documents\JUICYBOMB.COM - Studio Windlight Settings
2014-10-21 14:09 - 2014-10-21 14:10 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\{B6E64F8B-FD5B-4701-BFA3-41AE2E1423B7}
2014-10-21 14:08 - 2014-10-21 14:08 - 00275888 _____ () C:\Users\Hannah's Gamer\Documents\torleys-windlight-settings-3.zip
2014-10-21 14:01 - 2014-10-21 14:01 - 00000000 ____D () C:\Users\Hannah's Gamer\Documents\Xanthes Windlights
2014-10-21 14:00 - 2014-10-21 14:00 - 00004164 _____ () C:\Users\Hannah's Gamer\Documents\StrawberrySinghHeadshots.xml
2014-10-21 13:54 - 2014-10-21 13:54 - 00006434 _____ () C:\Users\Hannah's Gamer\Documents\Xanthes Windlights.zip
2014-10-21 13:54 - 2014-10-21 13:54 - 00005256 _____ () C:\Users\Hannah's Gamer\Documents\JUICYBOMB.COM - Studio Windlight Settings.zip
2014-10-18 09:01 - 2014-11-08 07:45 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Hannah's Gamer
2014-10-17 11:28 - 2014-10-26 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm
2014-10-17 11:28 - 2014-10-17 11:28 - 00001006 _____ () C:\Users\Public\Desktop\Firestorm-Releasex64.lnk
2014-10-17 11:27 - 2014-10-17 11:28 - 00000000 ____D () C:\Program Files\Firestorm-Releasex64
2014-10-17 09:06 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-17 09:06 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-17 09:06 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 09:06 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 09:06 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 09:06 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 09:06 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 09:06 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 09:06 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 09:05 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-17 09:05 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 09:05 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 09:05 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 09:05 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 09:05 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 09:05 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 09:05 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 09:05 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 09:05 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 09:05 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 09:05 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 09:05 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-17 09:05 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 09:05 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 09:05 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-17 09:05 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 09:05 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-17 09:05 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-17 09:05 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 09:05 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 09:05 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 09:05 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-17 09:05 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-17 09:05 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 09:05 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-17 09:05 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-17 09:05 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-17 09:05 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 09:05 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 09:05 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-17 09:05 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-17 09:05 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 09:05 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 09:05 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-17 09:05 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 09:05 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-17 09:05 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 09:05 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 09:05 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 09:05 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 09:05 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-17 09:05 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-17 09:05 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-17 09:05 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 09:05 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 09:05 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-17 09:05 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-17 09:05 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 09:05 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 09:05 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 09:05 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-17 09:05 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 09:05 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 09:05 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-17 09:05 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 09:05 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-17 09:05 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 09:05 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 09:04 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 09:04 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 09:04 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 09:04 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-17 09:04 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 09:04 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 09:04 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-17 09:04 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 09:04 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-17 09:04 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 09:04 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-17 09:04 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-17 09:04 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-17 09:04 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 09:04 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-17 09:04 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-17 09:04 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-17 09:04 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 17:43 - 2014-10-16 17:43 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-10-11 16:27 - 2014-10-26 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
2014-10-11 16:27 - 2014-10-11 16:27 - 00001159 _____ () C:\Users\Public\Desktop\Second Life Viewer.lnk
2014-10-11 16:27 - 2014-10-11 16:27 - 00000000 ____D () C:\Program Files (x86)\SecondLifeViewer

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 07:55 - 2014-05-16 18:13 - 01337048 _____ () C:\Windows\WindowsUpdate.log
2014-11-08 07:52 - 2009-07-14 00:13 - 00796678 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-08 07:51 - 2014-06-09 21:13 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\Skype
2014-11-08 07:50 - 2014-06-11 17:16 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\GarenaPlus
2014-11-08 07:50 - 2014-06-11 13:32 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-11-08 07:48 - 2014-08-04 07:57 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\IMVU
2014-11-08 07:46 - 2009-07-13 23:51 - 00098313 _____ () C:\Windows\setupact.log
2014-11-08 07:45 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-08 07:44 - 2014-05-16 18:22 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-07 21:17 - 2014-09-05 17:50 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\FirestormOS_x64
2014-11-07 21:15 - 2014-06-09 22:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-07 19:34 - 2014-05-16 16:01 - 00000000 ____D () C:\Users\Hannah's Gamer
2014-11-07 10:59 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 10:59 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-07 10:44 - 2014-09-24 14:10 - 00000000 ____D () C:\ProgramData\AVG2015
2014-11-07 10:44 - 2014-09-24 14:05 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-07 10:44 - 2011-04-11 17:49 - 00346712 _____ () C:\Windows\PFRO.log
2014-11-06 17:12 - 2014-09-10 19:34 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\BitTorrent
2014-11-04 19:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-04 17:49 - 2014-05-16 18:35 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-11-03 21:13 - 2014-06-09 08:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-03 15:51 - 2014-06-25 10:10 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\SecondLife
2014-11-03 15:28 - 2014-07-14 16:18 - 00000000 ____D () C:\Users\Hannah's Gamer\Documents\skse_1_07_01
2014-11-03 14:39 - 2014-09-05 17:50 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\Firestorm_x64
2014-11-02 20:03 - 2014-08-04 07:15 - 00000000 ____D () C:\ProgramData\Origin
2014-11-02 13:16 - 2014-08-19 13:53 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-01 07:28 - 2014-08-12 11:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-30 16:42 - 2014-08-19 14:17 - 00000000 ____D () C:\Users\Hannah's Gamer\Documents\Electronic Arts
2014-10-30 15:03 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-30 14:37 - 2014-08-19 13:54 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-10-30 14:14 - 2014-08-19 13:53 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-10-30 06:25 - 2014-05-16 16:26 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 13:40 - 2014-09-24 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-26 13:40 - 2014-09-23 18:57 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2014-10-26 13:40 - 2014-09-23 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2014-10-26 13:40 - 2014-09-18 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-26 13:40 - 2014-06-15 12:08 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\NVIDIA
2014-10-26 13:40 - 2014-06-14 17:02 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Roaming\Garena
2014-10-26 13:40 - 2014-06-11 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2014-10-26 13:40 - 2014-06-11 14:53 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2014-10-26 13:40 - 2014-05-16 18:33 - 00000000 ____D () C:\ProgramData\P4G
2014-10-26 13:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-10-26 08:52 - 2014-09-24 14:05 - 00000000 ____D () C:\Users\Hannah's Gamer\AppData\Local\Avg2015
2014-10-18 15:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-18 08:56 - 2009-07-13 23:45 - 04826240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-18 08:53 - 2014-05-16 18:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 21:33 - 2014-05-16 17:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 21:31 - 2014-05-16 17:33 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-17 11:27 - 2014-06-19 15:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-15 09:04 - 2014-06-09 21:13 - 00000000 ____D () C:\ProgramData\Skype
2014-10-12 20:22 - 2014-09-30 13:40 - 00000000 ____D () C:\Users\Public\Documents\My DAZ 3D Library

Some content of TEMP:
====================
C:\Users\Hannah's Gamer\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Hannah's Gamer\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 02:34

==================== End Of Log ============================

 

 

Addition FRST Log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Hannah's Gamer at 2014-11-08 07:55:47
Running from C:\Users\Hannah's Gamer\Pictures
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Design Premium (HKLM-x32\...\{60E59A6C-7399-495A-B85C-C829F4E59602}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{AECA3622-E634-4A55-A696-70A511CBE06E}) (Version: 2.0.0 - AsusTek Computer Inc.)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
AsusScr_G74 Series_ENG (HKLM-x32\...\AsusScr_G74 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Blender (HKLM\...\Blender) (Version: 2.72b - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.27) (Version: 1.1.0.27 - DAZ 3D)
Firestorm SecondLife and OpenSim viewer (Version: 4.6.42398 - Phoenix Viewer Project) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{5b0b9787-398d-46f9-ab2c-4f0ad6671f84}) (Version: 4.6.42398 - Phoenix Firestorm Project Inc)
Fresco Logic USB3.0 Host Controller (HKLM\...\{B1E301A1-C2B4-4B0B-AF31-C71F8A53DCDA}) (Version: 3.0.119.1 - Fresco Logic Inc.)
Garena - Mstar (HKLM-x32\...\Mstar) (Version:  - Garena Online Pte Ltd.)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
IMVU Avatar Chat Software (HKCU\...\IMVU Avatar chat client software BETA) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}) (Version: 6.01.0000 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live2D Cubism 1.1.06 (HKLM-x32\...\Live2D Cubism) (Version: 1.1.06 - Cybernoids Co.,Ltd.)
LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Manga Studio EX 4.0 (HKLM-x32\...\Manga Studio EX 4.0) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
MSI Afterburner 4.0.0 Beta 9 (HKLM-x32\...\Afterburner) (Version: 4.0.0 Beta 9 - MSI Co., LTD)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.1 - Black Tree Gaming)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6348 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.1.3 (HKLM-x32\...\RTSS) (Version: 6.1.3 - Unwinder)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Sculptris Alpha 6 (HKLM-x32\...\InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}) (Version: 0.6 - Pixologic)
Sculptris Alpha 6 (x32 Version: 0.6 - Pixologic) Hidden
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Symantec Endpoint Protection (HKLM\...\{A5DCF955-5D4A-471D-8CB3-DCFDF5C5DEE7}) (Version: 12.1.5337.5000 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.16.1 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.797.20 - Electronic Arts Inc.)
The Sims™ 4 Create A Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
Watch_Dogs (HKLM-x32\...\Steam App 243470) (Version:  - Ubisoft)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
WinRAR 5.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
WTF (HKLM-x32\...\WTF_is1) (Version: WTF - OnNet)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1535427691-3306136858-2124148999-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()

==================== Restore Points  =========================

05-11-2014 00:30:56 Installed Symantec Endpoint Protection.
06-11-2014 15:26:00 Windows Update
06-11-2014 22:11:24 3D少女カスタムエボリューション を削除しました
07-11-2014 15:16:08 Removed AVG 2015
07-11-2014 15:21:14 Removed AVG 2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03F01846-8641-4F01-882B-FBE2F36E9D67} - System32\Tasks\gg_uac_daemon_Hannah's Gamer => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2013-08-23] ()
Task: {12FCD983-A1F1-4B85-AD28-E2FFF007AD92} - System32\Tasks\AdobeAAMUpdater-1.0-HannahsGamer-PC-Hannah's Gamer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {35439C1B-74EE-4228-8B2C-DC45BDC6440B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {3BF61DF5-AACA-46D4-B01B-5D8C50B3A87E} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-01] (ASUS)
Task: {48FF70D5-7153-4131-952C-BD3C80EE4834} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2010-12-17] (ASUSTek Computer Inc.)
Task: {646EAD4E-FB05-4ABC-84A1-90B90677EEAC} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {9C6086C8-763B-4778-A863-11ABED005CE1} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {C2F31587-1C2E-49DA-A30B-3F6BF71E92C9} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-06-09 21:32 - 2014-05-19 20:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-23 04:10 - 2013-08-23 04:10 - 00049456 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2010-07-14 18:11 - 2010-07-14 18:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2010-04-02 21:21 - 2008-10-01 01:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2011-05-05 22:26 - 2011-03-03 22:40 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2014-09-23 18:57 - 2011-05-05 15:36 - 00022528 _____ () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
2014-09-23 18:57 - 2011-05-05 15:36 - 01479680 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_x64.dll
2014-09-23 18:57 - 2011-05-05 15:36 - 00977408 _____ () C:\Program Files\DAZ 3D\Content Management Service\VServer_x64.dll
2014-09-23 18:57 - 2011-05-05 15:36 - 01053696 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_ssl_x64.dll
2014-09-23 18:57 - 2011-05-05 15:36 - 00155136 _____ () C:\Program Files\DAZ 3D\Content Management Service\asnmp_x64.dll
2010-09-23 18:53 - 2010-09-23 18:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2014-07-16 07:33 - 2014-08-19 14:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-08-23 04:10 - 2013-08-23 04:10 - 00553776 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-17 19:54 - 2010-12-17 19:54 - 00049792 _____ () C:\Program Files (x86)\ASUS\AI Recovery\RecoveryDVDLang.dll
2014-01-03 01:59 - 2014-02-10 12:04 - 00430080 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1535427691-3306136858-2124148999-500 - Administrator - Disabled)
Guest (S-1-5-21-1535427691-3306136858-2124148999-501 - Limited - Enabled)
Hannah's Gamer (S-1-5-21-1535427691-3306136858-2124148999-1000 - Administrator - Enabled) => C:\Users\Hannah's Gamer
HomeGroupUser$ (S-1-5-21-1535427691-3306136858-2124148999-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/08/2014 07:48:22 AM) (Source: WTabletServiceCon) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (11/07/2014 11:19:17 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:hannah's gamer@questionmarket.com/ by: Startup scan.  Action: Delete succeeded.  Action Description: The file was deleted successfully.

Error: (11/07/2014 10:30:19 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (11/07/2014 10:30:19 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (11/07/2014 10:09:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 57130640

Error: (11/07/2014 10:09:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 57130640

Error: (11/07/2014 10:09:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2014 06:17:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5897

Error: (11/06/2014 06:17:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5897

Error: (11/06/2014 06:17:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (11/07/2014 10:50:43 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{DAC3627D-86AB-4132-AD54-E9DD97AEB25F}.
The backup browser is stopping.

Error: (11/07/2014 10:49:41 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.11 did not allow the name to be claimed by
this computer.

Error: (11/07/2014 10:49:33 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (11/07/2014 10:49:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1053

Error: (11/07/2014 10:49:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (11/06/2014 10:19:03 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{26F68AA6-EE3D-4B0F-81DC-8BFC7993C549}.
The backup browser is stopping.

Error: (11/06/2014 10:14:55 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.

Error: (11/04/2014 08:27:03 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{26F68AA6-EE3D-4B0F-81DC-8BFC7993C549}.
The backup browser is stopping.

Error: (11/04/2014 08:10:14 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/04/2014 08:06:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (11/08/2014 07:48:22 AM) (Source: WTabletServiceCon) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (11/07/2014 11:19:17 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:hannah's gamer@questionmarket.com/ by: Startup scan.  Action: Delete succeeded.  Action Description: The file was deleted successfully.

Error: (11/07/2014 10:30:19 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\NVIDIA Corporation\Update Core\NvBackendAPI64.dllC:\Program Files\NVIDIA Corporation\Update Core\NvBackendAPI64.dll0

Error: (11/07/2014 10:30:19 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (11/07/2014 10:09:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 57130640

Error: (11/07/2014 10:09:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 57130640

Error: (11/07/2014 10:09:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2014 06:17:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5897

Error: (11/06/2014 06:17:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5897

Error: (11/06/2014 06:17:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 43%
Total physical RAM: 8169.16 MB
Available physical RAM: 4621.66 MB
Total Pagefile: 28334.51 MB
Available Pagefile: 24527.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:440.76 GB) (Free:218.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (SDATA1) (Fixed) (Total:232.87 GB) (Free:182.97 GB) NTFS
Drive e: (SDATA2) (Fixed) (Total:232.89 GB) (Free:226.93 GB) NTFS
Drive g: (3DGE) (CDROM) (Total:1.74 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 38601C96)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=440.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: BBC58B91)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#15 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:05:16 AM

Posted 07 November 2014 - 11:11 AM

Your new logs look fine, is Poweliks gone ??

 

Run this quick fix to delete temp files and reset your hosts file

 

Open notepad (Start --> All Programs --> Accessories --> Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.
 
Start
CloseProcesses:
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Then open FRST or FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users