Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE: Zombie News


  • This topic is locked This topic is locked
31 replies to this topic

#1 otisman

otisman

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 27 November 2014 - 09:52 PM

This is the most annoying and aggressive problems I have ever had.  Little pop-up windows appear all over the screen so that I cannot even see the screen.  Searching on the internet this seems to be a new problem.  I did the normal - control panel - uninstall but it did not clean out all of the components.  Any help would be appreciated.

 

Thanks

 

I did do a search for this topic and saw a post with a Zombie Ad and am unsure if Zombie Ad is the same as Zombie News.



BC AdBot (Login to Remove)

 


#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 29 November 2014 - 10:29 AM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 otisman

otisman
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 30 November 2014 - 01:59 PM

Thank you for your assistance in resolving this. I have the first scan below and the additional scan in the next reply. Norton didremove Farbar Recovery stating it contained WS.Reputation 1.




Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2014
Ran by Maria (administrator) on MARIA-HP on 30-11-2014 13:52:56
Running from C:\Users\Maria\Desktop
Loaded Profile: Maria (Available profiles: Maria)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe
( ) C:\Windows\System32\dleacoms.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Time Lapse Solutions) C:\ProgramData\pIPlGT\AFAsdqUV.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
() C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(System Alerts LLC) C:\Users\Maria\AppData\Local\DesktopTemperature\DesktopTemperature.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [dleamon.exe] => C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe [765952 2010-04-01] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe [135168 2009-06-22] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2013-06-23] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-04-04] (PDF Complete Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704 2014-08-05] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKLM-x32\...\Run: [ospd_us_410] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [CAHeadless] => c:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-08] (Google Inc.)
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL File Not Found
AppInit_DLLs-x32: c:\progra~2\keycry~1\keycry~3.dll => c:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(3).dll [81160 2013-07-24] (Zemana Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnk
ShortcutTarget: Desktop Temperature Monitor.lnk -> C:\Users\Maria\AppData\Local\DesktopTemperature\DesktopTemperature.exe (System Alerts LLC)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?pc=COSP&ptag=D112514-A27A38FC8ABFD4679B2F&form=CONBDF&conlogo=CT3330952&q={searchTerms}
SearchScopes: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Dell Toolbar -> {09B71986-2AC5-482d-B6CB-42EA34F4F85B} -> C:\Program Files\Dell Printable Web\toolband.dll ()
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.922.1\NativeBHO.dll (WhiteSky)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://clkitchens.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-738952025-4262938640-2191891780-1000: hopster.com/CouponPrinterPlugin -> C:\Users\Maria\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll (Hopster)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-11-30]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-17]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com

Chrome:
=======
CHR DefaultSearchKeyword: Default -> conduit.search
CHR Profile: C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-13]
CHR Extension: (Norton Identity Safe) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-05]
CHR Extension: (Norton Security Toolbar) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-12-08]
CHR Extension: (Google Wallet) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]
CHR HKLM-x32\...\Chrome\Extension: [hgiifhjbblnglipdbpdgagphlcbililb] - C:\Users\Maria\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx [2014-10-15]
CHR HKLM-x32\...\Chrome\Extension: [iijmpjamifmplbakhgikofogdfackici] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com.crx [2014-10-15]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-15] (Adobe Systems Incorporated)
R2 AFAsdqUV; C:\ProgramData\pIPlGT\AFAsdqUV.exe [2726256 2014-11-27] (Time Lapse Solutions)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 cartmgr; C:\windows\System32\cartmgr.dll [1464320 2014-09-27] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)
R2 dleaCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
R2 dlea_device; C:\windows\system32\dleacoms.exe [1047552 2009-12-09] ( )
R2 dlea_device; C:\windows\SysWOW64\dleacoms.exe [593920 2009-12-09] ( )
S2 dpcEptMapper; C:\windows\System32\dpcEptMapper.dll [1464320 2014-08-01] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
S2 ncpipreg; C:\windows\System32\ncpipreg.dll [1464320 2014-11-29] () [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-04-04] (PDF Complete Inc)
S2 qupdate; C:\windows\System32\qupdate.dll [1464320 2014-10-12] () [File not signed]
R2 RalinkCountryRegion; C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe [42496 2012-07-27] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
S2 reLookupSvc; C:\windows\System32\reLookupSvc.dll [1464320 2014-11-15] () [File not signed]
S2 sertPropSvc; C:\windows\System32\sertPropSvc.dll [1464320 2014-10-26] () [File not signed]
S2 sontCache3.0.0.0; C:\windows\System32\sontCache3.0.0.0.dll [1464320 2014-08-13] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2014-11-27] (Enigma Software Group USA, LLC.)
S2 vENS; C:\windows\System32\vENS.dll [1464320 2014-10-05] () [File not signed]
S2 wolmgrx; C:\windows\System32\wolmgrx.dll [1464320 2014-09-20] () [File not signed]
S2 xDSVia64; C:\windows\System32\xDSVia64.dll [1464320 2014-10-04] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AntiLog32; C:\windows\system32\drivers\AntiLog64.sys [49752 2014-10-14] (Zemana Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141118.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 DbusAudio; C:\Windows\System32\drivers\DbusAudio.sys [34040 2011-09-01] (Windows ® Codename Longhorn DDK provider)
S3 DrmRAudio; C:\Windows\System32\drivers\DrmRAudio.sys [34504 2013-12-16] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2014-11-27] (Enigma Software Group USA, LLC.)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2014-04-06] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141128.001\IDSvia64.sys [637656 2014-11-18] (Symantec Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25056 2013-07-24] (Zemana Ltd.)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141129.002\ENG64.SYS [129752 2014-11-02] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141129.002\EX64.SYS [2137304 2014-11-02] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Maria\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: reLookupSvc -> C:\windows\System32\reLookupSvc.dll ()
NETSVC: ncpipreg -> C:\windows\System32\ncpipreg.dll ()
NETSVC: vENS -> C:\windows\System32\vENS.dll ()
NETSVC: sertPropSvc -> C:\windows\System32\sertPropSvc.dll ()
NETSVC: dpcEptMapper -> C:\windows\System32\dpcEptMapper.dll ()
NETSVC: wolmgrx -> C:\windows\System32\wolmgrx.dll ()
NETSVC: xDSVia64 -> C:\windows\System32\xDSVia64.dll ()
NETSVC: cartmgr -> C:\windows\System32\cartmgr.dll ()
NETSVC: qupdate -> C:\windows\System32\qupdate.dll ()
NETSVC: sontCache3.0.0.0 -> C:\windows\System32\sontCache3.0.0.0.dll ()

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 13:52 - 2014-11-30 13:53 - 00030919 _____ () C:\Users\Maria\Desktop\FRST.txt
2014-11-30 13:51 - 2014-11-30 13:51 - 02117120 _____ (Farbar) C:\Users\Maria\Desktop\frst64.exe
2014-11-30 13:41 - 2014-11-30 13:41 - 00000000 ____D () C:\ZombieNews
2014-11-29 21:40 - 2014-11-29 21:40 - 00000000 ____D () C:\Users\Maria\Downloads\2014 - Lucia de B.avi
2014-11-29 18:40 - 2014-11-29 18:40 - 01464320 _____ () C:\windows\system32\ncpipreg.dll
2014-11-29 18:40 - 2014-11-29 18:40 - 00000657 _____ () C:\windows\system32\ncpipreg.ocx
2014-11-29 10:49 - 2014-11-29 10:49 - 00000000 ____D () C:\Users\Maria\Downloads\The Hunger Games Mockingjay - Part 1 (2014) CAM x264 AC3-CPG
2014-11-29 10:39 - 2014-11-29 10:49 - 834969341 _____ () C:\Users\Maria\Downloads\t.2014.u352639.Rapidmoviez.com.rar
2014-11-28 16:24 - 2014-11-28 16:24 - 00002098 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-28 15:57 - 2014-11-28 15:57 - 00000000 ____D () C:\Users\Maria\AppData\Local\speed browser
2014-11-28 15:45 - 2014-11-28 15:45 - 00000000 ____D () C:\ProgramData\Browser
2014-11-27 20:31 - 2014-11-27 20:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Maria\Downloads\revosetup.exe
2014-11-27 20:31 - 2014-11-27 20:31 - 00001266 _____ () C:\Users\Maria\Desktop\Revo Uninstaller.lnk
2014-11-27 20:31 - 2014-11-27 20:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-27 20:16 - 2014-11-27 20:22 - 03060320 ____N (Symantec Corporation) C:\Users\Maria\Downloads\NPE.exe
2014-11-27 17:55 - 2014-11-27 18:30 - 00000000 ____D () C:\Users\Maria\Downloads\Dr.Who
2014-11-27 17:00 - 2014-11-29 09:30 - 00001133 _____ () C:\Users\Maria\Desktop\SpyHunter.lnk
2014-11-27 17:00 - 2014-11-27 17:00 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-11-27 17:00 - 2014-11-27 17:00 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Enigma Software Group
2014-11-27 17:00 - 2014-11-27 17:00 - 00000000 ____D () C:\sh4ldr
2014-11-27 17:00 - 2012-06-22 10:01 - 00022704 _____ () C:\windows\system32\Drivers\EsgScanner.sys
2014-11-27 16:37 - 2014-11-27 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-11-27 16:37 - 2014-11-27 16:52 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-11-27 16:27 - 2014-11-27 16:27 - 00003102 _____ () C:\windows\System32\Tasks\{8E001C5E-699F-4705-84E9-3AED489BCF3A}
2014-11-27 16:21 - 2014-11-27 16:21 - 00000000 ____D () C:\Program Files (x86)\predm
2014-11-27 14:53 - 2014-11-27 14:53 - 00000000 ____D () C:\Users\Maria\AppData\Local\ZombieNews
2014-11-27 14:38 - 2014-11-29 15:49 - 00000000 ____D () C:\ProgramData\pIPlGT
2014-11-27 14:32 - 2014-11-27 14:32 - 00000000 ____D () C:\Users\Maria\AppData\Local\Maxiget
2014-11-27 14:32 - 2014-11-27 14:32 - 00000000 ____D () C:\Program Files (x86)\Maxiget
2014-11-27 10:51 - 2014-11-27 10:51 - 00000000 ____D () C:\Users\Maria\Downloads\The.Thirteenth.Tale.2013.HDTV.XViD.AC3-H34LTH
2014-11-27 10:49 - 2014-11-15 09:00 - 412169731 _____ () C:\Users\Maria\Downloads\1938 - A Christmas Carol.mkv
2014-11-27 10:49 - 2013-09-17 23:53 - 839327995 _____ () C:\Users\Maria\Downloads\1948 - The Treasure of the Sierra Madre.mp4
2014-11-27 10:49 - 2013-09-17 23:37 - 00112524 _____ () C:\Users\Maria\Downloads\1948 - The Treasure of the Sierra Madre.srt
2014-11-27 10:48 - 2013-12-17 01:01 - 732590260 _____ () C:\Users\Maria\Downloads\2013 - A Snow Globe Christmas.avi
2014-11-27 10:35 - 2014-11-27 10:35 - 00000000 _____ () C:\windows\SysWOW64\shoA15E.tmp
2014-11-26 19:38 - 2014-11-27 16:24 - 00000000 ____D () C:\Program Files (x86)\RAR Password Unlocker
2014-11-26 09:35 - 2014-11-26 09:35 - 00000000 _____ () C:\windows\SysWOW64\sho2BBC.tmp
2014-11-25 01:28 - 2014-11-25 01:29 - 00000000 ____D () C:\NPE
2014-11-25 00:55 - 2014-11-25 00:55 - 00000000 ____D () C:\Users\Maria\AppData\Local\System_Alerts_LLC
2014-11-25 00:54 - 2014-11-30 12:59 - 00000000 ____D () C:\Users\Maria\AppData\Local\DesktopTemperature
2014-11-25 00:54 - 2014-11-25 01:08 - 00000000 ____D () C:\Program Files (x86)\Applian Technologies
2014-11-25 00:54 - 2014-11-25 01:03 - 00000000 ____D () C:\ProgramData\Fighters
2014-11-25 00:54 - 2014-11-25 01:02 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Fighters
2014-11-25 00:45 - 2014-11-25 00:45 - 00000264 _____ () C:\prefs.js
2014-11-25 00:45 - 2014-11-25 00:45 - 00000000 ____D () C:\searchplugins
2014-11-25 00:44 - 2014-11-25 00:44 - 00004688 _____ () C:\windows\SysWOW64\LavasoftTcpService.ini
2014-11-25 00:44 - 2014-11-25 00:44 - 00002520 _____ () C:\windows\SysWOW64\LavasoftTcpServiceOff.ini
2014-11-25 00:44 - 2014-11-25 00:44 - 00002520 _____ () C:\windows\system32\LavasoftTcpServiceOff.ini
2014-11-25 00:44 - 2014-11-13 18:42 - 00358736 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll
2014-11-25 00:44 - 2014-11-13 18:42 - 00312424 _____ (Lavasoft Limited) C:\windows\SysWOW64\LavasoftTcpService.dll
2014-11-25 00:39 - 2014-11-25 00:39 - 24743106 _____ () C:\Users\Maria\Downloads\vlc-2.1.5-win32.exe
2014-11-24 18:14 - 2014-11-24 18:15 - 20587295 _____ () C:\Users\Maria\Downloads\Making Metal Jewelry - How to stamp, forge, form and fold metal jewelry designs (gnv64).epub
2014-11-23 15:46 - 2014-11-23 15:46 - 06460992 _____ () C:\Users\Maria\Downloads\Dell_V310-V510_Series_B082511_00_FWUpdate.exe
2014-11-23 15:40 - 2014-11-25 01:06 - 00000000 ____D () C:\Program Files (x86)\Dell V310-V510 Series
2014-11-23 15:40 - 2014-11-24 20:29 - 00001748 _____ () C:\Users\Public\Desktop\Launch Dell Printer Home.LNK
2014-11-23 15:40 - 2014-11-23 15:40 - 00000000 ____D () C:\Program Files (x86)\Dell Toolbar
2014-11-23 15:40 - 2014-11-23 15:40 - 00000000 ____D () C:\Program Files (x86)\Dell PC Fax
2014-11-23 15:40 - 2011-01-23 19:38 - 00002064 _____ () C:\windows\SysWOW64\dlea.loc
2014-11-23 15:40 - 2011-01-23 19:38 - 00002064 _____ () C:\windows\system32\dlea.loc
2014-11-23 15:40 - 2010-03-09 03:58 - 00344064 _____ () C:\windows\SysWOW64\dleacomx.dll
2014-11-23 15:40 - 2010-02-22 05:11 - 00509952 _____ () C:\windows\system32\DLEAwupd.dll
2014-11-23 15:40 - 2010-02-22 05:10 - 00290304 _____ () C:\windows\system32\DLEAwupd.exe
2014-11-23 15:40 - 2009-12-09 15:32 - 00979968 _____ ( ) C:\windows\system32\dleapmui.dll
2014-11-23 15:40 - 2009-12-09 15:28 - 01631744 _____ ( ) C:\windows\system32\dleaserv.dll
2014-11-23 15:40 - 2009-12-09 15:27 - 01104384 _____ ( ) C:\windows\system32\dleahbn3.dll
2014-11-23 15:40 - 2009-12-09 15:26 - 01331712 _____ ( ) C:\windows\system32\dleausb1.dll
2014-11-23 15:40 - 2009-12-09 15:25 - 00607232 _____ ( ) C:\windows\system32\dleacfg.exe
2014-11-23 15:40 - 2009-12-09 15:25 - 00547840 _____ ( ) C:\windows\system32\DLEAhcp.dll
2014-11-23 15:40 - 2009-12-09 15:24 - 01371648 _____ ( ) C:\windows\system32\dleacomc.dll
2014-11-23 15:40 - 2009-12-09 15:24 - 01047552 _____ ( ) C:\windows\system32\dleacoms.exe
2014-11-23 15:40 - 2009-12-09 15:24 - 00892416 _____ ( ) C:\windows\system32\dlealmpm.dll
2014-11-23 15:40 - 2009-12-09 15:24 - 00579584 _____ ( ) C:\windows\system32\dleacomm.dll
2014-11-23 15:40 - 2009-12-09 15:23 - 00557568 _____ ( ) C:\windows\system32\dleainpa.dll
2014-11-23 15:40 - 2009-12-09 15:23 - 00516096 _____ ( ) C:\windows\system32\dleaih.exe
2014-11-23 15:40 - 2009-12-09 15:23 - 00515584 _____ ( ) C:\windows\system32\dleaiesc.dll
2014-11-23 15:40 - 2009-12-09 14:47 - 00643072 _____ ( ) C:\windows\SysWOW64\dleapmui.dll
2014-11-23 15:40 - 2009-12-09 14:43 - 01048576 _____ ( ) C:\windows\SysWOW64\dleaserv.dll
2014-11-23 15:40 - 2009-12-09 14:41 - 00688128 _____ ( ) C:\windows\SysWOW64\dleahbn3.dll
2014-11-23 15:40 - 2009-12-09 14:40 - 00847872 _____ ( ) C:\windows\SysWOW64\dleausb1.dll
2014-11-23 15:40 - 2009-12-09 14:36 - 00577536 _____ ( ) C:\windows\SysWOW64\dlealmpm.dll
2014-11-23 15:40 - 2009-12-09 14:36 - 00372736 _____ ( ) C:\windows\SysWOW64\dleacomm.dll
2014-11-23 15:40 - 2009-12-09 14:36 - 00368640 _____ ( ) C:\windows\SysWOW64\dleacfg.exe
2014-11-23 15:40 - 2009-12-09 14:35 - 00802816 _____ ( ) C:\windows\SysWOW64\dleacomc.dll
2014-11-23 15:40 - 2009-12-09 14:35 - 00593920 _____ ( ) C:\windows\SysWOW64\dleacoms.exe
2014-11-23 15:40 - 2009-12-09 14:35 - 00364544 _____ ( ) C:\windows\SysWOW64\dleainpa.dll
2014-11-23 15:40 - 2009-12-09 14:35 - 00344064 _____ ( ) C:\windows\SysWOW64\dleaiesc.dll
2014-11-23 15:40 - 2009-12-09 14:34 - 00319488 _____ ( ) C:\windows\SysWOW64\dleaih.exe
2014-11-23 15:40 - 2009-11-26 03:54 - 00075264 _____ () C:\windows\system32\DLEAcfg.dll
2014-11-23 15:40 - 2009-11-26 03:49 - 00086180 _____ () C:\windows\SysWOW64\DLEAcfg.dll
2014-11-23 15:40 - 2009-11-09 03:36 - 00245248 _____ () C:\windows\system32\dleainsb.dll
2014-11-23 15:40 - 2009-11-09 03:36 - 00090624 _____ () C:\windows\system32\dleainsr.dll
2014-11-23 15:40 - 2009-11-09 03:36 - 00073216 _____ () C:\windows\system32\dleacub.dll
2014-11-23 15:40 - 2009-11-09 03:36 - 00040448 _____ () C:\windows\system32\dleajswr.dll
2014-11-23 15:40 - 2009-11-09 03:36 - 00022016 _____ () C:\windows\system32\dleacur.dll
2014-11-23 15:40 - 2009-11-09 03:35 - 00450048 _____ () C:\windows\system32\dleains.dll
2014-11-23 15:40 - 2009-11-09 03:35 - 00378368 _____ () C:\windows\system32\dleacu.dll
2014-11-23 15:40 - 2009-11-09 03:35 - 00298496 _____ () C:\windows\system32\dleagrd.dll
2014-11-23 15:40 - 2009-11-09 03:06 - 00262144 _____ () C:\windows\SysWOW64\dleainsb.dll
2014-11-23 15:40 - 2009-11-09 03:06 - 00253952 _____ () C:\windows\SysWOW64\dleacu.dll
2014-11-23 15:40 - 2009-11-09 03:06 - 00106496 _____ () C:\windows\SysWOW64\dleainsr.dll
2014-11-23 15:40 - 2009-11-09 03:06 - 00090112 _____ () C:\windows\SysWOW64\dleacub.dll
2014-11-23 15:40 - 2009-11-09 03:06 - 00057344 _____ () C:\windows\SysWOW64\dleajswr.dll
2014-11-23 15:40 - 2009-11-09 03:06 - 00036864 _____ () C:\windows\SysWOW64\dleacur.dll
2014-11-23 15:40 - 2009-11-09 03:05 - 00323584 _____ () C:\windows\SysWOW64\dleains.dll
2014-11-23 15:40 - 2009-05-14 10:11 - 00585216 _____ () C:\windows\system32\DLEAinst.dll
2014-11-23 15:40 - 2009-05-14 09:14 - 00385024 _____ () C:\windows\SysWOW64\DLEAinst.dll
2014-11-23 15:39 - 2014-11-23 15:40 - 00000000 ____D () C:\Program Files\Dell
2014-11-23 15:37 - 2014-11-23 15:42 - 00000000 ____D () C:\Program Files\Dell V310-V510 Series
2014-11-23 15:12 - 2014-11-23 15:12 - 00368105 _____ () C:\ProgramData\SPLA0E.tmp
2014-11-23 13:44 - 2014-11-23 13:44 - 00000000 _____ () C:\Users\Maria\Documents\2014-11-23 - Unemployment
2014-11-22 12:07 - 2014-11-29 09:40 - 00000000 ____D () C:\Users\Maria\Desktop\IcySnowflake
2014-11-20 11:01 - 2014-11-20 11:01 - 00000000 _____ () C:\windows\SysWOW64\sho8DE0.tmp
2014-11-18 18:41 - 2014-11-18 18:41 - 00000000 ____D () C:\Users\Maria\Downloads\i.2014.u348051.Rapidmoviez.com
2014-11-17 12:05 - 2014-11-17 12:05 - 00000850 _____ () C:\Users\Maria\Documents\Home Decorators.txt
2014-11-16 17:20 - 2014-11-16 17:20 - 00000000 ____D () C:\Users\Maria\AppData\Local\{130E5838-0B35-4138-9671-21E7BC0CD7B2}
2014-11-16 17:07 - 2014-11-16 17:07 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Hopster
2014-11-15 14:25 - 2014-11-15 16:09 - 00000000 ____D () C:\Users\Maria\Downloads\Twelve.Men.Of.Christmas.2009.DVDRip.XviD-VoMiT [NO-RAR] - [ www.torrentday.com ]
2014-11-15 13:32 - 2014-11-15 13:33 - 00000000 ____D () C:\Users\Maria\Downloads\The.Thanksgiving.House.2013.HDTV.x264-W4F
2014-11-15 13:31 - 2014-11-09 15:14 - 591864244 _____ () C:\Users\Maria\Downloads\1935 - The Raven.mkv
2014-11-15 13:26 - 2014-11-15 13:26 - 00000000 ____D () C:\Users\Maria\Downloads\Nightmare (1964)
2014-11-15 13:26 - 2014-11-13 09:14 - 00098663 _____ () C:\Users\Maria\Downloads\2014 - Guardians of the Galaxy.srt
2014-11-15 13:25 - 2014-11-13 16:12 - 832713186 _____ () C:\Users\Maria\Downloads\2013 - What If.avi
2014-11-15 13:25 - 2014-11-13 09:14 - 1573088250 _____ () C:\Users\Maria\Downloads\2014 - Guardians of the Galaxy.avi
2014-11-15 12:32 - 2014-04-02 07:25 - 00070194 _____ () C:\Users\Maria\Downloads\2008 - Taken.srt
2014-11-15 12:05 - 2014-11-12 13:04 - 00058767 _____ () C:\Users\Maria\Downloads\2014 - Dracula Untold.srt
2014-11-15 12:00 - 2014-08-21 09:59 - 00071951 _____ () C:\Users\Maria\Downloads\2010 - Alice in Wonderland.srt
2014-11-15 11:56 - 2014-11-15 11:56 - 01464320 _____ () C:\windows\system32\reLookupSvc.dll
2014-11-15 11:56 - 2014-11-15 11:56 - 00000657 _____ () C:\windows\system32\reLookupSvc.ocx
2014-11-13 13:10 - 2014-11-13 13:10 - 00000000 _____ () C:\windows\SysWOW64\sho1143.tmp
2014-11-10 17:36 - 2014-11-10 17:36 - 00000000 _____ () C:\windows\SysWOW64\sho5E6C.tmp
2014-11-09 16:51 - 2014-11-09 16:59 - 720974396 _____ () C:\Users\Maria\Downloads\o.2014.u343425.Rapidmoviez.com.rar.dvxd4td.partial
2014-11-08 16:11 - 2014-11-07 17:04 - 00059185 _____ () C:\Users\Maria\Downloads\2014 - Jessabelle.srt
2014-11-08 16:08 - 2014-10-24 01:49 - 00179127 _____ () C:\Users\Maria\Downloads\2014 - Jersey Boys.srt
2014-11-08 16:05 - 2014-11-01 22:22 - 00115802 _____ () C:\Users\Maria\Downloads\2014 - Drumline - A New Beat.srt
2014-11-08 15:59 - 2014-10-27 04:25 - 00052392 _____ () C:\Users\Maria\Downloads\2014 - Dawn of the Planet of the Apes.srt
2014-11-08 15:51 - 2014-10-10 10:13 - 00104316 _____ () C:\Users\Maria\Downloads\2013 - Begin Again.srt
2014-11-08 15:37 - 2014-11-08 15:37 - 00000000 ____D () C:\Users\Maria\Downloads\YIFY.info_-_Taken.2.2012.1080p
2014-11-08 15:36 - 2014-11-08 16:17 - 00000000 ____D () C:\Users\Maria\Downloads\The.Giver.2014.480p.BluRay.x264-mSD
2014-11-08 15:36 - 2014-11-08 15:36 - 00000000 ____D () C:\Users\Maria\Downloads\Under.The.Rainbow.2013.DVDRip.x264-RedBlade
2014-11-08 15:36 - 2014-11-08 15:36 - 00000000 ____D () C:\Users\Maria\Downloads\Treevenge.2008.HDRip.x264
2014-11-08 15:36 - 2014-11-08 15:36 - 00000000 ____D () C:\Users\Maria\Downloads\The Good The Bad and The Ugly
2014-11-08 15:35 - 2014-11-08 15:35 - 00000000 ____D () C:\Users\Maria\Downloads\The.100-Year-Old.Man.Who.Climbed.Out.the.Window.and.Disappeared.2013.LIMITED.SUBBED.DVDRip.x264-RedBlade
2014-11-08 15:34 - 2014-06-30 03:40 - 732127533 _____ () C:\Users\Maria\Downloads\2008 - Taken.m4v
2014-11-08 15:33 - 2014-11-15 13:20 - 00000000 ____D () C:\Users\Maria\Downloads\The Bitter Tea of General Yen (1933) Xvid 1cd - Barbara Stanwyck, Nils Asther
2014-11-08 15:33 - 2014-11-08 15:33 - 00000000 ____D () C:\Users\Maria\Downloads\The Waiting Time 1999 DVDRip
2014-11-08 15:32 - 2014-11-08 15:32 - 00000000 ____D () C:\Users\Maria\Downloads\The Trouble With Angels (1966) Xvid 1cd - Rosalind Russell, Hayley Mills
2014-11-08 15:32 - 2014-11-08 15:32 - 00000000 ____D () C:\Users\Maria\Downloads\The Gathering (1977)
2014-11-08 15:30 - 2014-11-15 12:26 - 00000000 ____D () C:\Users\Maria\Downloads\Saving Lincoln 2013 720p WEB-DL x264 AAC - Ozlem
2014-11-08 15:30 - 2014-11-07 11:23 - 637495246 _____ () C:\Users\Maria\Downloads\1947 - Possessed.mkv
2014-11-08 15:29 - 2014-11-07 16:48 - 731765606 _____ () C:\Users\Maria\Downloads\2014 - Jessabelle.avi
2014-11-08 15:29 - 2014-11-07 00:29 - 706808821 _____ () C:\Users\Maria\Downloads\1934 - It Happened One Night.mkv
2014-11-07 14:26 - 2014-11-07 19:06 - 752110081 _____ () C:\Users\Maria\Downloads\2014 - Dracula Untold.mp4
2014-11-07 09:09 - 2014-11-07 09:09 - 00000000 _____ () C:\windows\SysWOW64\shoD097.tmp
2014-11-06 16:26 - 2014-11-06 16:26 - 00000000 ____D () C:\Users\Maria\AppData\Local\{8077E8BD-409A-4DB2-8CA7-2C85FA0FED63}
2014-11-04 12:32 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_43.dll
2014-11-04 12:32 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_43.dll
2014-11-04 12:32 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_43.dll
2014-11-04 12:32 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_43.dll
2014-11-04 12:32 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2014-11-04 12:32 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_43.dll
2014-11-04 10:43 - 2014-11-04 10:43 - 00000000 _____ () C:\windows\SysWOW64\shoFCD7.tmp
2014-11-03 14:09 - 2014-11-03 14:09 - 00000000 _____ () C:\windows\SysWOW64\shoE5BF.tmp
2014-11-03 11:03 - 2014-11-03 11:03 - 00000000 _____ () C:\windows\SysWOW64\shoDA45.tmp
2014-11-02 22:55 - 2014-11-02 22:55 - 00003126 _____ () C:\windows\System32\Tasks\{A58CFB80-23CC-4FF8-A5EF-42410066BEF0}
2014-11-01 17:54 - 2014-11-01 17:54 - 00000000 _____ () C:\windows\SysWOW64\shoA43.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 13:52 - 2013-06-14 22:47 - 00000000 ____D () C:\FRST
2014-11-30 13:50 - 2013-05-25 20:05 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{C71CF554-B784-48C5-B89F-CECCF82CBFB2}
2014-11-30 13:45 - 2013-12-08 15:25 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-30 13:27 - 2013-05-26 16:21 - 00000000 ____D () C:\Users\Maria\AppData\Local\CrashDumps
2014-11-30 13:14 - 2013-05-26 15:22 - 00037970 _____ () C:\ProgramData\dleaJSW.log
2014-11-30 13:14 - 2013-05-26 15:11 - 00000000 ____D () C:\ProgramData\Dl_cats
2014-11-30 13:08 - 2013-06-02 14:25 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\ID Vault
2014-11-30 13:05 - 2014-09-01 08:54 - 00000000 ____D () C:\Users\Maria\AppData\Local\Adobe
2014-11-30 13:04 - 2013-07-04 18:06 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 13:03 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-30 13:03 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 13:02 - 2013-05-25 20:01 - 01824564 _____ () C:\windows\WindowsUpdate.log
2014-11-30 12:59 - 2013-07-04 18:06 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 12:59 - 2013-05-26 14:43 - 00115955 _____ () C:\ProgramData\dleascan.log
2014-11-30 12:56 - 2013-05-17 13:34 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-30 12:55 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-30 12:55 - 2009-07-13 23:51 - 00110122 _____ () C:\windows\setupact.log
2014-11-30 12:54 - 2013-05-17 13:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-29 22:46 - 2013-07-18 18:18 - 00000000 ____D () C:\Users\Maria\Downloads\Movies
2014-11-29 22:45 - 2013-05-26 13:21 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\vlc
2014-11-29 22:36 - 2013-07-19 09:32 - 00000000 ____D () C:\Users\Maria\Documents\Calibre Library
2014-11-29 22:31 - 2014-05-05 17:32 - 00000000 ____D () C:\Users\Maria\Documents\My Kindle Content
2014-11-29 21:21 - 2013-12-01 13:46 - 01227264 ___SH () C:\Users\Maria\Downloads\Thumbs.db
2014-11-29 18:50 - 2013-07-12 18:03 - 00000000 ____D () C:\Users\Maria\Downloads\Books
2014-11-29 18:48 - 2013-08-04 10:02 - 00000000 ____D () C:\Users\Maria\Downloads\Applications
2014-11-29 18:34 - 2014-06-29 17:14 - 00002757 _____ () C:\Users\Public\Desktop\Xilisoft DVD Creator.lnk
2014-11-29 18:34 - 2014-06-29 13:01 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Xilisoft
2014-11-29 18:22 - 2014-07-24 15:55 - 00000000 ____D () C:\Users\Maria\AppData\Local\Nero
2014-11-29 18:22 - 2013-09-14 12:55 - 00000000 ____D () C:\Users\Maria\AppData\Local\Nero_AG
2014-11-29 16:08 - 2010-11-20 22:47 - 01972420 _____ () C:\windows\PFRO.log
2014-11-29 15:49 - 2013-06-02 14:24 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2014-11-29 12:58 - 2014-06-22 10:10 - 00000332 _____ () C:\windows\Tasks\HPCeeScheduleForMaria.job
2014-11-29 12:58 - 2013-05-27 18:26 - 00003186 _____ () C:\windows\System32\Tasks\HPCeeScheduleForMaria
2014-11-29 09:41 - 2014-08-31 17:45 - 00000000 ____D () C:\Users\Maria\Desktop\shall I play for you
2014-11-29 09:41 - 2014-08-30 17:14 - 00000000 ____D () C:\Users\Maria\Desktop\snowman_bookmark
2014-11-29 09:41 - 2014-08-30 17:14 - 00000000 ____D () C:\Users\Maria\Desktop\joy_card_shape
2014-11-29 09:41 - 2014-08-30 17:12 - 00000000 ____D () C:\Users\Maria\Desktop\santa_card
2014-11-29 09:38 - 2014-03-11 10:15 - 00030208 ___SH () C:\Users\Maria\Documents\Thumbs.db
2014-11-29 09:37 - 2014-09-24 10:14 - 00000000 ____D () C:\Users\Maria\Desktop\Gg
2014-11-29 09:36 - 2014-10-16 13:19 - 00000000 ____D () C:\Users\Maria\Documents\DTMUA
2014-11-28 16:24 - 2014-08-02 08:32 - 00000000 ____D () C:\Users\Maria\Desktop\Xilisoft
2014-11-28 16:24 - 2014-07-24 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-11-28 16:24 - 2014-02-09 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-28 16:24 - 2013-05-25 20:05 - 00002040 _____ () C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-28 15:39 - 2013-12-21 16:42 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\uTorrent
2014-11-27 22:03 - 2014-07-05 16:22 - 00000000 ____D () C:\Users\Maria\Downloads\Tom
2014-11-27 20:25 - 2014-04-05 09:19 - 00000000 ____D () C:\Users\Maria\AppData\Local\NPE
2014-11-27 19:41 - 2014-08-07 07:36 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-27 19:34 - 2009-07-14 00:13 - 00783360 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-27 16:50 - 2014-02-05 08:26 - 00000000 ____D () C:\AdwCleaner
2014-11-27 16:33 - 2014-04-24 17:46 - 00000000 ____D () C:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-11-27 16:30 - 2014-03-20 17:52 - 00000000 ____D () C:\Program Files\DivX
2014-11-27 16:30 - 2014-03-20 17:48 - 00000000 ____D () C:\ProgramData\DivX
2014-11-27 16:30 - 2014-03-20 17:48 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-11-27 16:21 - 2013-09-18 15:54 - 00000000 ____D () C:\Program Files (x86)\KeyCryptSDK
2014-11-27 14:40 - 2014-02-02 09:34 - 00000000 ____D () C:\Users\Maria\Downloads\Magazines
2014-11-27 10:34 - 2013-10-10 16:28 - 00027256 _____ (Symantec Corporation) C:\windows\system32\Drivers\FixZeroAccess.sys
2014-11-27 09:48 - 2014-07-23 12:19 - 00004972 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Maria-HP-Maria Maria-HP
2014-11-26 18:50 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-11-26 18:40 - 2013-12-08 15:25 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 18:40 - 2013-05-17 13:27 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 18:40 - 2013-05-17 13:27 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 13:44 - 2013-05-17 13:20 - 00000000 ____D () C:\ProgramData\Temp
2014-11-25 09:17 - 2009-07-14 00:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-11-25 09:13 - 2009-07-14 00:08 - 00032650 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-11-25 09:02 - 2014-09-14 09:11 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-11-25 01:00 - 2009-07-13 21:34 - 00000466 _____ () C:\windows\win.ini
2014-11-25 00:39 - 2014-01-10 18:53 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-24 20:30 - 2013-05-26 14:39 - 00190082 _____ () C:\windows\system32\LexFiles.ulf
2014-11-24 20:29 - 2013-05-26 14:40 - 00000000 ____D () C:\Program Files\Dell Printable Web
2014-11-23 15:46 - 2013-05-27 10:45 - 00000756 _____ () C:\ProgramData\FastPics.log
2014-11-23 15:40 - 2013-05-26 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Printers
2014-11-23 15:28 - 2013-10-21 11:33 - 00010297 _____ () C:\ProgramData\dlea.log
2014-11-23 10:10 - 2013-05-26 08:12 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-11-23 10:08 - 2013-05-26 08:10 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\HpUpdate
2014-11-23 10:08 - 2013-05-26 08:10 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\HP Support Assistant
2014-11-22 11:49 - 2014-04-03 16:43 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-20 15:00 - 2014-10-25 08:58 - 00000000 ____D () C:\Users\Maria\Documents\Ethics
2014-11-18 16:29 - 2014-02-09 18:14 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-17 18:29 - 2014-10-30 20:32 - 00000000 ____D () C:\Users\Maria\Documents\Cards - printed pages
2014-11-17 18:29 - 2014-09-11 16:24 - 00000000 ____D () C:\Users\Maria\Documents\Corel PaintShop Pro
2014-11-16 19:19 - 2014-09-14 11:21 - 00000000 ____D () C:\Users\Maria\Downloads\07-01-2014
2014-11-15 18:34 - 2014-10-29 12:33 - 00000000 ____D () C:\Users\Maria\Downloads\YIFY.info_-_Jesus.of.Nazareth.1977.SE.Disc.02.720p.BRRip.H264.AC3.-.CODY
2014-11-15 18:33 - 2014-10-29 12:32 - 00000000 ____D () C:\Users\Maria\Downloads\YIFY.info_-_Jesus.of.Nazareth.1977.SE.Disc.01.720p.BRRip.H264.AC3.-.CODY
2014-11-14 13:59 - 2013-07-04 18:06 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 13:59 - 2013-07-04 18:06 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 15:46 - 2013-05-26 13:17 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-11-08 15:31 - 2014-10-09 16:37 - 00000000 ____D () C:\Users\Maria\Downloads\Two Weeks With love (1950) Xvid 1cd - Subs-Eng-Francais- Jane Powell, Ricardo Montalban
2014-11-06 16:33 - 2013-06-19 17:13 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Windows Live Writer
2014-11-06 16:27 - 2014-10-07 13:19 - 00000000 ____D () C:\Users\Maria\AppData\Local\Windows Live
2014-11-03 11:04 - 2014-08-07 07:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-03 11:04 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\IME
2014-11-02 22:58 - 2014-08-07 07:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-02 22:58 - 2013-06-01 18:36 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

Some content of TEMP:
====================
C:\Users\Maria\AppData\Local\Temp\7z.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 20:30

==================== End Of Log ============================

Edited by otisman, 30 November 2014 - 02:16 PM.


#4 otisman

otisman
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 30 November 2014 - 02:14 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2014
Ran by Maria at 2014-11-30 13:53:53
Running from C:\Users\Maria\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
4 Elements II (HKLM-x32\...\BFG-4 Elements II) (Version: - )
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
4 Great Games GOLD (HKLM-x32\...\4 Great Games GOLD1.0) (Version: 1.0 - Gogii Games)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Ancient Secrets (HKLM-x32\...\Ancient_0) (Version: - On Hand Software)
AntiLogger SDK version 1.7.6.367 (HKLM-x32\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.7.6.367 - Zemana Ltd.)
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Around the World in 80 Days (HKLM-x32\...\BFG-Around the World in 80 Days) (Version: - )
Babylonia (HKLM-x32\...\BFG-Babylonia) (Version: - )
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Big City Adventure Deluxe Pack (HKLM-x32\...\{A4F17891-1761-46D7-BAD3-9115EB8EABAD}) (Version: 6.6.6 - LeeGT-Games)
Big City Adventure: Rio de Janeiro (HKLM-x32\...\BFG-Big City Adventure - Rio de Janeiro) (Version: - )
Big City Adventure: Tokyo (HKLM-x32\...\BFG-Big City Adventure - Tokyo) (Version: - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{7BCD1A5E-F903-48C9-9CB2-37E5A6FB2111}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
Bookworm Adventures (HKLM-x32\...\BFG-Bookworm Adventures) (Version: - )
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
calibre 64bit (HKLM\...\{9BC77540-BA1D-44B9-AEA7-600362A08F7C}) (Version: 1.27.0 - Kovid Goyal)
CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version: - cbrreader.com)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
coinyTTiinuetosaave (HKLM-x32\...\{C1C6816E-CBB3-A748-85F9-A8B47B68985B}) (Version: - continue to save) <==== ATTENTION
Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.922.1 - Comcast)
Corel PaintShop Pro X7 (HKLM-x32\...\_{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.0.0.199 - Corel Corporation)
Corel PaintShop Pro X7 (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
CouponPrinterPlugin (HKLM-x32\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.3907 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC++ 0.843 (HKLM-x32\...\DC++) (Version: 0.843 - Jacek Sieka)
Dell Toolbar (HKLM-x32\...\{09B71986-2AC5-482d-B6CB-42EA34F4F85B}) (Version: 1.8.12.0 - )
Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version: - Dell, Inc.)
Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - CHIP.de)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Elementals - The Magic Key (HKLM-x32\...\Elementals - The Magic Key_is1) (Version: - Playrix Entertainment)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Escape the Emerald Star (x32 Version: 2.2.0.98 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Esoterica - Hollow Earth (HKLM-x32\...\Esoterica - Hollow EarthFinal) (Version: Final - AllSmartGames)
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fashion Solitaire (HKLM-x32\...\Fashion Solitaire) (Version: 32.0.0.0 - Shockwave.com)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
File Renamer - Basic (HKLM-x32\...\File Renamer - Basic) (Version: 6.3 - Sherrod Computers)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom 3 (HKLM-x32\...\BFG-Fishdom 3) (Version: - )
Glass Eye 2000 (HKLM-x32\...\Glass Eye 2000) (Version: 3.1 - Dragonfly Software)
Golden Trails 2: The Lost Legacy Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Haunted Legends 4 - The Curse of Vox Collectors Edition (HKLM-x32\...\Haunted Legends 4 - The Curse of Vox Collectors EditionFinal) (Version: Final - AllSmartGames)
Hauntings Of Mystery Manor (HKLM-x32\...\Hauntings Of Mystery Manor_is1) (Version: - Cindy Pondillo)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hidden Expedition - Smithsonian Hope Diamond CE (HKLM-x32\...\Hidden Expedition - Smithsonian Hope Diamond CEFinal) (Version: Final - AllSmartGames)
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{750E9D0F-B188-4A7E-ADD2-84B7ED7D32F6}) (Version: 5.1.4281.27332 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 6.0.0.0 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard)
ICA (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
InstallConverter (x32 Version: 1.0 - InstallConverter) Hidden
InstallConverter bundle uninstaller (HKLM-x32\...\InstallConverter bundle uninstaller) (Version: 2.0.0.5 - InstallConverter)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
IPM_PSP_COM (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 17.0.0.199 - Corel Corporation) Hidden
iTunes (HKLM\...\{BCF07271-A853-4D3A-B668-4B752174CAA8}) (Version: 10.3.1.55 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jojo's Fashion Show (HKLM-x32\...\BFG-Jojo's Fashion Show) (Version: - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Little Shop - City Lights (HKLM-x32\...\Little Shop - City Lights) (Version: 1.0.0.32 - LeeGT-Games)
LogMeIn (HKLM-x32\...\{53E10F4E-B361-45D7-8DBD-A6BF073236F0}) (Version: 4.1.3430 - LogMeIn, Inc.)
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic DVD Ripper V8.1.0 (HKLM-x32\...\Magic DVD Ripper_is1) (Version: - Magic DVD Software, Inc.)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Make The Cut! (HKLM-x32\...\Make The Cut!) (Version: 4.6.1.0 - Make The Cut, LLC.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mobi File Reader (HKLM-x32\...\{FFA8548C-9BC2-427F-9F81-E64F620A30CB}_is1) (Version: - mobifilereader.com)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Farm Life 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery Case Files &reg;: Dire Grove (HKLM-x32\...\BFG-Mystery Case Files - Dire Grove) (Version: - )
Nero 12 (HKLM\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - )
Nero 2014 (HKLM-x32\...\{B7D4C429-9CAB-4B97-A879-AFD1F922DD27}) (Version: 15.0.06800 - Nero AG)
Nero 2014 Content Pack (HKLM-x32\...\{204A26F0-01B8-4656-8607-5CCEDE820BC2}) (Version: 15.0.00200 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 5.1.0.26 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
NTComic CBR Reader (HKLM-x32\...\{205F179A-33F4-4D5E-BB14-B889D3003357}) (Version: 2.1.5 - NTComic)
NVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.95 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Popup Card Studio (HKLM-x32\...\Popup Card Studio) (Version: 1.1.0.0 - Make The Cut, LLC.)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6207 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.6207 - CyberLink Corp.) Hidden
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
PrintFolder 1.3 (HKLM-x32\...\PrintFolder_is1) (Version: - No Nonsense Software)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PSPPContent (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
PSPPro64 (Version: 17.0.0.199 - Corel Corporation) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.33.1 - Mediatek)
Recovery Manager (x32 Version: 5.5.0.5119 - CyberLink Corp.) Hidden
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.6.3.8 - Reimage) <==== ATTENTION
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 5.71 - Denis Kozlov)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Setup (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
Sharpe Investigations - Death on the Seine (HKLM-x32\...\Sharpe Investigations - Death on the Seine) (Version: 1.0.0 - LeeGT-Games)
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
Should I Remove It (HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Shrouded Tales - The Spellbound Land (HKLM-x32\...\Your Product1.0) (Version: 1.0 - Your Company)
Skype 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Optimizer Pro (Version: 1.0 - 383 Media, Inc.) Hidden <==== ATTENTION
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
The Princess Case - A Royal Scoop (HKLM-x32\...\The Princess Case - A Royal Scoop1.0) (Version: 1.0 - TriSynergy, Inc.)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Viking Mystery (HKLM-x32\...\Viking Mystery) (Version: 1.0.0.2706 - LeeGT-Games)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VS10Runtimex64 (Version: 1.0.0 - sourcefire) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.10.16 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
Xilisoft Audio Converter Pro (HKLM-x32\...\Xilisoft Audio Converter Pro) (Version: 6.5.0.20130130 - Xilisoft)
Xilisoft Blu-ray Creator 2 (HKLM-x32\...\Xilisoft Blu-ray Creator 2) (Version: 2.0.4.0707 - Xilisoft)
Xilisoft Blu-ray Ripper (HKLM-x32\...\Xilisoft Blu-ray Ripper) (Version: 7.1.0.20120409 - Xilisoft)
Xilisoft DVD Copy 2 (HKLM-x32\...\Xilisoft DVD Copy 2) (Version: 2.0.2.20130128 - Xilisoft)
Xilisoft DVD Creator (HKLM-x32\...\Xilisoft DVD Creator) (Version: 7.1.3.20130701 - Xilisoft)
Xilisoft DVD Ripper Ultimate (HKLM-x32\...\Xilisoft DVD Ripper Ultimate) (Version: 7.8.0.20140401 - Xilisoft)
Xilisoft Movie Maker 6 (HKLM-x32\...\Xilisoft Movie Maker 6) (Version: 6.6.0.20120823 - Xilisoft)
Xilisoft Photo DVD Maker (HKLM-x32\...\Xilisoft Photo DVD Maker) (Version: 1.5.1.1124 - Xilisoft)
Xilisoft Photo Slideshow Maker (HKLM-x32\...\Xilisoft Photo Slideshow Maker) (Version: 1.0.2.0214 - Xilisoft)
Xilisoft Video Converter Smart (HKLM-x32\...\Xilisoft Video Converter Smart) (Version: 1.0.0.20140424 - Xilisoft)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.0.20140401 - Xilisoft)
Xilisoft Video Editor 2 (HKLM-x32\...\Xilisoft Video Editor 2) (Version: 2.2.0.20120901 - Xilisoft)
Xilisoft YouTube Video Converter (HKLM-x32\...\Xilisoft YouTube Video Converter) (Version: 5.6.0.20140331 - Xilisoft)
Youda Fisherman (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

28-11-2014 21:26:47 Revo Uninstaller's restore point - Desktop Temperature Monitor

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2013-06-19 16:28 - 00000027 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10EAA32F-F22D-419E-BBAD-23746F29DD90} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {124785F9-D34F-41BA-B61A-21DA4FAC2D93} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)
Task: {14344BFE-BED1-4519-978D-2E0A2DAE77DE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {21BD934C-AEA5-4BC7-BD5D-F4418CAB9A8D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3DF9ACED-203E-48D6-809C-392FFA99FA0F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {3FD9968E-2B01-4301-B73B-AD91002C9B85} - System32\Tasks\Digital Sites => C:\Users\Maria\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {4513C47A-E822-4D9B-AC16-BB8B78365119} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {45D3E825-BE49-453F-B3CB-71B08E6BD65C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {48DECACA-9FCC-4A1B-9E21-42E5F21937C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {53E9BA54-8876-413A-9D59-001129AF9B5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)
Task: {5BB861B2-010F-4273-B0E1-91588525B347} - System32\Tasks\SuperFastPC_AutorunOnStartup => C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exe <==== ATTENTION
Task: {5FDE71DD-3DAA-42E2-8B24-E185A8CDC69F} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe <==== ATTENTION
Task: {61D57778-AD0D-4901-801C-AE33903EC35F} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2012-03-19] (CyberLink)
Task: {7E469713-05D4-44BA-88CE-245810F440C6} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {82562517-4B6F-45EC-ACAA-170CA5DE0A05} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {87BB1811-6E12-425F-B4C8-6C0B8DC3D1D2} - System32\Tasks\AdobeAAMUpdater-1.0-Maria-HP-Maria => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {91EA83BE-6F79-46B4-9ECA-FF2AA91C632A} - System32\Tasks\Reimage ScanAgent => C:\Program Files\Reimage\Reimage Repair\Rei_ScanAgent.exe <==== ATTENTION
Task: {91F8D836-3CF9-406F-AEA4-CDB8E32732D5} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Maria-HP-Maria Maria-HP => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation)
Task: {BAA1E294-8B2F-4811-A26E-CD02EC6D36CA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {D75F090E-372A-48AD-B50C-00BABC9C8070} - System32\Tasks\HPCeeScheduleForMaria => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {DB0D4767-10AF-4598-9E0F-9CFBC9B5C4FA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
Task: {FB30A81F-8BBE-45C3-8697-5064098EB31B} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {FBD0DC5A-7081-4E85-B28E-A6CECD879539} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Digital Sites.job => C:\Users\Maria\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForMaria.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-09-27 19:18 - 2014-09-27 19:18 - 01464320 _____ () c:\windows\system32\cartmgr.dll
2013-05-17 13:14 - 2014-09-13 16:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-05-26 14:44 - 2009-11-04 13:18 - 00189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\dleadrpp.dll
2013-05-26 14:43 - 2009-02-20 02:50 - 00381440 _____ () C:\windows\System32\dleasm.dll
2013-05-26 14:43 - 2009-02-20 02:50 - 00028672 _____ () C:\windows\System32\dleasmr.dll
2014-04-03 16:43 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-05-21 22:20 - 2010-05-21 22:20 - 00045224 _____ () C:\windows\system32\spool\DRIVERS\x64\3\dleaserv.exe
2014-11-22 11:48 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-06 12:20 - 2013-08-23 12:36 - 00721263 _____ () C:\windows\SysWOW64\WSCM64.dll
2014-11-23 15:40 - 2010-04-01 12:23 - 00765952 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
2014-11-23 15:40 - 2009-06-22 08:08 - 00135168 _____ () C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
2014-11-23 15:40 - 2009-11-26 03:49 - 00086180 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacfg.dll
2014-11-23 15:40 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll
2014-11-23 15:40 - 2009-05-27 07:16 - 00192512 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll
2014-11-23 15:40 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleaDRS.dll
2014-11-23 15:40 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll
2014-11-23 15:40 - 2009-03-05 12:55 - 00059904 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll
2013-05-26 14:43 - 2009-02-20 02:50 - 00381440 _____ () C:\windows\system32\dleasm.dll
2013-05-26 14:43 - 2009-02-20 02:50 - 00028672 _____ () C:\windows\system32\dleasmr.dll
2014-11-23 15:40 - 2009-06-22 08:08 - 00708608 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Epwizard.DLL
2014-11-23 15:40 - 2009-06-22 08:06 - 00159744 _____ () C:\Program Files (x86)\Dell V310-V510 Series\customui.dll
2014-11-23 15:40 - 2009-06-22 08:06 - 00114688 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Eputil.DLL
2014-11-23 15:40 - 2009-06-22 08:05 - 00139264 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Imagutil.DLL
2014-11-23 15:40 - 2009-06-22 08:06 - 00061440 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Epfunct.DLL
2014-11-23 15:40 - 2009-06-22 08:08 - 02203648 _____ () C:\Program Files (x86)\Dell V310-V510 Series\EPWizRes.dll
2014-11-23 15:40 - 2009-06-22 08:08 - 00045056 _____ () C:\Program Files (x86)\Dell V310-V510 Series\epstring.dll
2014-11-23 15:40 - 2009-06-22 08:08 - 00196608 _____ () C:\Program Files (x86)\Dell V310-V510 Series\EPOEMDll.dll
2014-11-23 15:40 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files (x86)\Dell V310-V510 Series\iptk.dll
2014-11-23 15:40 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleaptp.dll
2014-09-22 15:30 - 2014-09-22 15:30 - 00548488 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
2011-05-26 12:42 - 2011-05-26 12:42 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-09-06 12:21 - 2014-08-05 09:22 - 01489408 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-09-06 12:21 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:17C643E2
AlternateDataStreams: C:\ProgramData\Temp:18A6D2CC
AlternateDataStreams: C:\ProgramData\Temp:268A5068
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:35A81752
AlternateDataStreams: C:\ProgramData\Temp:394EB021
AlternateDataStreams: C:\ProgramData\Temp:40EE25BB
AlternateDataStreams: C:\ProgramData\Temp:43301D1D
AlternateDataStreams: C:\ProgramData\Temp:61B54B15
AlternateDataStreams: C:\ProgramData\Temp:7A2101AB
AlternateDataStreams: C:\ProgramData\Temp:7ADA8871
AlternateDataStreams: C:\ProgramData\Temp:884C7316
AlternateDataStreams: C:\ProgramData\Temp:99A29126
AlternateDataStreams: C:\ProgramData\Temp:9ACB70D7
AlternateDataStreams: C:\ProgramData\Temp:9B721CFF
AlternateDataStreams: C:\ProgramData\Temp:A02025CE
AlternateDataStreams: C:\ProgramData\Temp:B84EF836
AlternateDataStreams: C:\ProgramData\Temp:D8134D8F
AlternateDataStreams: C:\ProgramData\Temp:F5B69884

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-738952025-4262938640-2191891780-500 - Administrator - Disabled)
Guest (S-1-5-21-738952025-4262938640-2191891780-501 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-738952025-4262938640-2191891780-1002 - Administrator - Enabled)
Maria (S-1-5-21-738952025-4262938640-2191891780-1000 - Administrator - Enabled) => C:\Users\Maria

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2014 01:40:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 249c

Start Time: 01d00ccc16a9b72c

Termination Time: 9

Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/30/2014 01:33:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f70

Start Time: 01d00cc7b1c9bcb4

Termination Time: 9

Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/30/2014 01:27:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262eb
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe06d7363
Fault offset: 0x000000000000940d
Faulting process id: 0x2b50
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/30/2014 01:19:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262eb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fff3cb5d58
Faulting process id: 0x16b0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/29/2014 09:58:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262eb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000000b9f3ba2
Faulting process id: 0x49dc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/29/2014 06:21:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262eb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000124e43e5
Faulting process id: 0x209c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/29/2014 06:11:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/29/2014 05:05:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262ac
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002e3be
Faulting process id: 0x205c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/29/2014 03:44:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/29/2014 02:17:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262eb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000015ab3d3a
Faulting process id: 0x8590
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3


System errors:
=============
Error: (11/30/2014 00:56:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

Error: (11/29/2014 10:04:28 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (11/29/2014 10:04:28 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (11/29/2014 04:16:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/29/2014 04:09:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

Error: (11/29/2014 09:26:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

Error: (11/28/2014 02:45:12 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (11/28/2014 02:45:12 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (11/28/2014 02:01:34 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/28/2014 00:48:19 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.


Microsoft Office Sessions:
=========================
Error: (11/30/2014 01:40:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17280249c01d00ccc16a9b72c9C:\Program Files\Internet Explorer\IEXPLORE.EXE

Error: (11/30/2014 01:33:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17280f7001d00cc7b1c9bcb49C:\Program Files\Internet Explorer\IEXPLORE.EXE

Error: (11/30/2014 01:27:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1728053f262ebKERNELBASE.dll6.1.7601.184095315a05ae06d7363000000000000940d2b5001d00ccb4064926eC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\windows\system32\KERNELBASE.dll954e4eb3-78be-11e4-b291-7054d2e40262

Error: (11/30/2014 01:19:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1728053f262ebunknown0.0.0.000000000c0000005000007fff3cb5d5816b001d00cca0ac6af09C:\Program Files\Internet Explorer\IEXPLORE.EXEunknown657e198f-78bd-11e4-b291-7054d2e40262

Error: (11/29/2014 09:58:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1728053f262ebunknown0.0.0.000000000c0000005000000000b9f3ba249dc01d00c480bd9b704C:\Program Files\Internet Explorer\IEXPLORE.EXEunknownb2d3dc10-783c-11e4-8841-7054d2e40262

Error: (11/29/2014 06:21:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1728053f262ebunknown0.0.0.000000000c000000500000000124e43e5209c01d00c1b4c71723eC:\Program Files\Internet Explorer\IEXPLORE.EXEunknown641f4b4c-781e-11e4-8841-7054d2e40262

Error: (11/29/2014 06:11:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Maria\Downloads\Applications\SoftonicDownloader_for_cbr-reader.exe

Error: (11/29/2014 05:05:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1728053f262acntdll.dll6.1.7601.18247521ea8e7c00000050002e3be205c01d00c1caeec5dceC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SysWOW64\ntdll.dlle408aac5-7813-11e4-8841-7054d2e40262

Error: (11/29/2014 03:44:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (11/29/2014 02:17:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1728053f262ebunknown0.0.0.000000000c00000050000000015ab3d3a859001d00c08ccaba81aC:\Program Files\Internet Explorer\IEXPLORE.EXEunknown55bbeaeb-77fc-11e4-8bac-7054d2e40262


CodeIntegrity Errors:
===================================
Date: 2014-03-20 20:33:23.627
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-03-20 20:32:38.349
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-03-20 20:29:48.165
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-03-20 20:29:43.523
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-03-20 20:29:03.311
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-03-20 20:19:56.676
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-03-20 20:19:52.185
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-03-20 20:19:35.503
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-03-20 19:53:11.828
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-03-20 19:52:31.174
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 29%
Total physical RAM: 10197.41 MB
Available physical RAM: 7165.09 MB
Total Pagefile: 20393 MB
Available Pagefile: 17066.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:2773.91 GB) (Free:769.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:20.38 GB) (Free:2.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 2794.5 GB) (Disk ID: C9292085)

Partition: GPT Partition Type.

==================== End Of Log ============================

#5 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 30 November 2014 - 02:23 PM

Thank you for your assistance in resolving this. I have the first scan below and the additional scan in the next reply. Norton didremove Farbar Recovery stating it contained WS.Reputation 1.


Hi :)

You'll need to shut down virus protections while we run our fixes, but I'll always post a reminder about shutting them down. We'll have to re-download FRST to run some of our fixes as well. I'm currently reviewing your logs and will post instructions soon.

Edited by pystryker, 30 November 2014 - 11:17 PM.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#6 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 30 November 2014 - 11:18 PM

Hello :)

Let's get started.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: P2P Warning and Program Uninstalls

I noticed that you have a P2P file sharing program (uTorrent) on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Program Uninstalls

Please uninstall the following programs as they are all adware/malware related programs.

coinyTTiinuetosaave

CouponPrinterPlugin

Reimage Repair

System Optimizer Pro



Step 2: Fix with Farbar's Recovery Scan Tool


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
Closeprocesses:
(Time Lapse Solutions) C:\ProgramData\pIPlGT\AFAsdqUV.exe
C:\ProgramData\pIPlGT
HKLM-x32\...\Run: [ospd_us_410] => [X]
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
C:\Program Files\OutfoxTV
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
CHR DefaultSearchKeyword: Default -> conduit.search
S3 cpuz134; \??\C:\Users\Maria\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
2014-11-30 13:41 - 2014-11-30 13:41 - 00000000 ____D () C:\ZombieNews
2014-11-27 14:53 - 2014-11-27 14:53 - 00000000 ____D () C:\Users\Maria\AppData\Local\ZombieNews
Task: {3FD9968E-2B01-4301-B73B-AD91002C9B85} - System32\Tasks\Digital Sites => C:\Users\Maria\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {5BB861B2-010F-4273-B0E1-91588525B347} - System32\Tasks\SuperFastPC_AutorunOnStartup => C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exe <==== ATTENTION
Task: {5FDE71DD-3DAA-42E2-8B24-E185A8CDC69F} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe <==== ATTENTION
Task: {91EA83BE-6F79-46B4-9ECA-FF2AA91C632A} - System32\Tasks\Reimage ScanAgent => C:\Program Files\Reimage\Reimage Repair\Rei_ScanAgent.exe <==== ATTENTION
Task: {FBD0DC5A-7081-4E85-B28E-A6CECD879539} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
Task: C:\windows\Tasks\Digital Sites.job => C:\Users\Maria\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:17C643E2
AlternateDataStreams: C:\ProgramData\Temp:18A6D2CC
AlternateDataStreams: C:\ProgramData\Temp:268A5068
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:35A81752
AlternateDataStreams: C:\ProgramData\Temp:394EB021
AlternateDataStreams: C:\ProgramData\Temp:40EE25BB
AlternateDataStreams: C:\ProgramData\Temp:43301D1D
AlternateDataStreams: C:\ProgramData\Temp:61B54B15
AlternateDataStreams: C:\ProgramData\Temp:7A2101AB
AlternateDataStreams: C:\ProgramData\Temp:7ADA8871
AlternateDataStreams: C:\ProgramData\Temp:884C7316
AlternateDataStreams: C:\ProgramData\Temp:99A29126
AlternateDataStreams: C:\ProgramData\Temp:9ACB70D7
AlternateDataStreams: C:\ProgramData\Temp:9B721CFF
AlternateDataStreams: C:\ProgramData\Temp:A02025CE
AlternateDataStreams: C:\ProgramData\Temp:B84EF836
AlternateDataStreams: C:\ProgramData\Temp:D8134D8F
AlternateDataStreams: C:\ProgramData\Temp:F5B69884
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 5: Scan with TDSSKiller


Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!


Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.


Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

TDSSKiller Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#7 otisman

otisman
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 01 December 2014 - 02:10 PM

FIXLOG


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2014
Ran by Maria at 2014-12-01 13:12:05 Run:4
Running from C:\Users\Maria\Desktop
Loaded Profile: Maria (Available profiles: Maria)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************



Start
Closeprocesses:
(Time Lapse Solutions) C:\ProgramData\pIPlGT\AFAsdqUV.exe
C:\ProgramData\pIPlGT
HKLM-x32\...\Run: [ospd_us_410] => [X]
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
C:\Program Files\OutfoxTV
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
CHR DefaultSearchKeyword: Default -> conduit.search
S3 cpuz134; \??\C:\Users\Maria\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
2014-11-30 13:41 - 2014-11-30 13:41 - 00000000 ____D () C:\ZombieNews
2014-11-27 14:53 - 2014-11-27 14:53 - 00000000 ____D () C:\Users\Maria\AppData\Local\ZombieNews
Task: {3FD9968E-2B01-4301-B73B-AD91002C9B85} - System32\Tasks\Digital Sites => C:\Users\Maria\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {5BB861B2-010F-4273-B0E1-91588525B347} - System32\Tasks\SuperFastPC_AutorunOnStartup => C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exe <==== ATTENTION
Task: {5FDE71DD-3DAA-42E2-8B24-E185A8CDC69F} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe <==== ATTENTION
Task: {91EA83BE-6F79-46B4-9ECA-FF2AA91C632A} - System32\Tasks\Reimage ScanAgent => C:\Program Files\Reimage\Reimage Repair\Rei_ScanAgent.exe <==== ATTENTION
Task: {FBD0DC5A-7081-4E85-B28E-A6CECD879539} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
Task: C:\windows\Tasks\Digital Sites.job => C:\Users\Maria\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:17C643E2
AlternateDataStreams: C:\ProgramData\Temp:18A6D2CC
AlternateDataStreams: C:\ProgramData\Temp:268A5068
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:35A81752
AlternateDataStreams: C:\ProgramData\Temp:394EB021
AlternateDataStreams: C:\ProgramData\Temp:40EE25BB
AlternateDataStreams: C:\ProgramData\Temp:43301D1D
AlternateDataStreams: C:\ProgramData\Temp:61B54B15
AlternateDataStreams: C:\ProgramData\Temp:7A2101AB
AlternateDataStreams: C:\ProgramData\Temp:7ADA8871
AlternateDataStreams: C:\ProgramData\Temp:884C7316
AlternateDataStreams: C:\ProgramData\Temp:99A29126
AlternateDataStreams: C:\ProgramData\Temp:9ACB70D7
AlternateDataStreams: C:\ProgramData\Temp:9B721CFF
AlternateDataStreams: C:\ProgramData\Temp:A02025CE
AlternateDataStreams: C:\ProgramData\Temp:B84EF836
AlternateDataStreams: C:\ProgramData\Temp:D8134D8F
AlternateDataStreams: C:\ProgramData\Temp:F5B69884
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End

*****************

Processes closed successfully.
C:\ProgramData\pIPlGT\AFAsdqUV.exe => No running process found
C:\ProgramData\pIPlGT => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_410 => value deleted successfully.
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OutfoxTV => value deleted successfully.
"C:\Program Files\OutfoxTV" => File/Directory not found.
"C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL" => Value Data removed successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-738952025-4262938640-2191891780-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-738952025-4262938640-2191891780-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@oberon-media.com/ONCAdapter" => Key deleted successfully.
Chrome DefaultSearchKeyword not detected.
cpuz134 => Service deleted successfully.
"C:\ZombieNews" => File/Directory not found.
C:\Users\Maria\AppData\Local\ZombieNews => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FD9968E-2B01-4301-B73B-AD91002C9B85}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FD9968E-2B01-4301-B73B-AD91002C9B85}" => Key deleted successfully.
C:\Windows\System32\Tasks\Digital Sites => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5BB861B2-010F-4273-B0E1-91588525B347}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BB861B2-010F-4273-B0E1-91588525B347}" => Key deleted successfully.
C:\Windows\System32\Tasks\SuperFastPC_AutorunOnStartup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SuperFastPC_AutorunOnStartup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FDE71DD-3DAA-42E2-8B24-E185A8CDC69F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FDE71DD-3DAA-42E2-8B24-E185A8CDC69F}" => Key deleted successfully.
C:\Windows\System32\Tasks\Reimage Reminder => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reimage Reminder" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91EA83BE-6F79-46B4-9ECA-FF2AA91C632A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91EA83BE-6F79-46B4-9ECA-FF2AA91C632A}" => Key deleted successfully.
C:\Windows\System32\Tasks\Reimage ScanAgent => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reimage ScanAgent" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FBD0DC5A-7081-4E85-B28E-A6CECD879539}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBD0DC5A-7081-4E85-B28E-A6CECD879539}" => Key deleted successfully.
C:\Windows\System32\Tasks\pcreg => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg" => Key deleted successfully.
C:\windows\Tasks\Digital Sites.job => Moved successfully.
C:\ProgramData\Temp => ":17C643E2" ADS removed successfully.
C:\ProgramData\Temp => ":18A6D2CC" ADS removed successfully.
C:\ProgramData\Temp => ":268A5068" ADS removed successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":35A81752" ADS removed successfully.
C:\ProgramData\Temp => ":394EB021" ADS removed successfully.
C:\ProgramData\Temp => ":40EE25BB" ADS removed successfully.
C:\ProgramData\Temp => ":43301D1D" ADS removed successfully.
C:\ProgramData\Temp => ":61B54B15" ADS removed successfully.
C:\ProgramData\Temp => ":7A2101AB" ADS removed successfully.
C:\ProgramData\Temp => ":7ADA8871" ADS removed successfully.
C:\ProgramData\Temp => ":884C7316" ADS removed successfully.
C:\ProgramData\Temp => ":99A29126" ADS removed successfully.
C:\ProgramData\Temp => ":9ACB70D7" ADS removed successfully.
C:\ProgramData\Temp => ":9B721CFF" ADS removed successfully.
C:\ProgramData\Temp => ":A02025CE" ADS removed successfully.
C:\ProgramData\Temp => ":B84EF836" ADS removed successfully.
C:\ProgramData\Temp => ":D8134D8F" ADS removed successfully.
C:\ProgramData\Temp => ":F5B69884" ADS removed successfully.

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 682.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====


Edited by otisman, 01 December 2014 - 02:10 PM.


#8 otisman

otisman
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 01 December 2014 - 02:11 PM

JRT LOG

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Maria on Mon 12/01/2014 at 13:22:06.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220522302298}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660566306698}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220522302298}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660566306698}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660566306698}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660566306698}

 

~~~ Files

Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-969E73DB.pf
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARUSER_32.EXE-66EEE4D2.pf
Successfully deleted: [File] "C:\windows\reimage.ini"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\browser"
Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\Maria\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Users\Maria\appdata\local\genienext"
Successfully deleted: [Folder] "C:\Users\Maria\appdata\local\speed browser"
Successfully deleted: [Folder] "C:\Program Files (x86)\predm"
Successfully deleted: [Folder] "C:\Program Files (x86)\smart pc cleaner"
Successfully deleted: [Folder] "C:\Program Files (x86)\your product"
Successfully deleted: [Folder] "C:\Users\Maria\documents\smart pc cleaner"
Successfully deleted: [Empty Folder] C:\Users\Maria\appdata\local\{130E5838-0B35-4138-9671-21E7BC0CD7B2}
Successfully deleted: [Empty Folder] C:\Users\Maria\appdata\local\{39589210-52C1-4BF4-838B-179A5BA8C311}
Successfully deleted: [Empty Folder] C:\Users\Maria\appdata\local\{8077E8BD-409A-4DB2-8CA7-2C85FA0FED63}
Successfully deleted: [Empty Folder] C:\Users\Maria\appdata\local\{B92F541D-D5D8-43DD-BF57-235112959CF0}

 

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\hgiifhjbblnglipdbpdgagphlcbililb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hgiifhjbblnglipdbpdgagphlcbililb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\iijmpjamifmplbakhgikofogdfackici

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/01/2014 at 13:24:49.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#9 otisman

otisman
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 01 December 2014 - 02:12 PM

ADWCLEANER LOG

 

 

# AdwCleaner v4.103 - Report created 01/12/2014 at 13:48:38
# Updated 01/12/2014 by Xplode
# Database : 2014-12-01.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Maria - MARIA-HP
# Running from : C:\Users\Maria\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Around the world in 80 days
Folder Deleted : C:\Program Files (x86)\Around the world in 80 days
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Maxiget
Folder Deleted : C:\Users\Maria\AppData\Local\emaze
Folder Deleted : C:\Users\Maria\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Maria\AppData\Local\System_Alerts_LLC
Folder Deleted : C:\Users\Maria\AppData\Local\DesktopTemperature
Folder Deleted : C:\Users\Maria\AppData\Local\Maxiget
Folder Deleted : C:\Users\Maria\AppData\Roaming\DesktopIconForAmazon
Folder Deleted : C:\Users\Maria\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\Users\Maria\daemonprocess.txt
File Deleted : C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnk

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter bundle uninstaller\InstallConverter bundle uninstaller.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller\FileParade bundle uninstaller.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\StormWatchApp
Key Deleted : HKCU\Software\USyndication
Key Deleted : HKCU\Software\MaxiGet
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\VBMZ
Key Deleted : HKLM\SOFTWARE\Video Converter
Key Deleted : HKLM\SOFTWARE\visualbee
Key Deleted : HKLM\SOFTWARE\SpeedBrowser
Key Deleted : HKLM\SOFTWARE\MaxiGet
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\System Optimizer Pro
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Optimizer Pro
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\crunchycreamysweet.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\drmbuster.en.softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\en.softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sandcrawler.utinnigames.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sweetlyscrappedart.blogspot.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\talesfrombabylon.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.crunchycreamysweet.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.talesfrombabylon.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Google Chrome v39.0.2171.71

[C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869

*************************

AdwCleaner[R0].txt - [5833 octets] - [05/02/2014 08:26:09]
AdwCleaner[R1].txt - [10810 octets] - [27/11/2014 16:49:54]
AdwCleaner[R2].txt - [9428 octets] - [01/12/2014 13:28:20]
AdwCleaner[S0].txt - [5862 octets] - [05/02/2014 08:28:02]
AdwCleaner[S1].txt - [8790 octets] - [01/12/2014 13:48:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8850 octets] ##########



#10 otisman

otisman
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 01 December 2014 - 02:14 PM

TDSSKILLER LOG  - I will change the name to fixlist.txt

 

 

 

13:56:10.0772 0x0b0c  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
13:56:10.0772 0x0b0c  UEFI system
13:56:17.0446 0x0b0c  ============================================================
13:56:17.0446 0x0b0c  Current date / time: 2014/12/01 13:56:17.0446
13:56:17.0446 0x0b0c  SystemInfo:
13:56:17.0446 0x0b0c 
13:56:17.0446 0x0b0c  OS Version: 6.1.7601 ServicePack: 1.0
13:56:17.0446 0x0b0c  Product type: Workstation
13:56:17.0446 0x0b0c  ComputerName: MARIA-HP
13:56:17.0447 0x0b0c  UserName: Maria
13:56:17.0447 0x0b0c  Windows directory: C:\windows
13:56:17.0447 0x0b0c  System windows directory: C:\windows
13:56:17.0447 0x0b0c  Running under WOW64
13:56:17.0447 0x0b0c  Processor architecture: Intel x64
13:56:17.0447 0x0b0c  Number of processors: 8
13:56:17.0447 0x0b0c  Page size: 0x1000
13:56:17.0447 0x0b0c  Boot type: Normal boot
13:56:17.0447 0x0b0c  ============================================================
13:56:29.0294 0x0b0c  KLMD registered as C:\windows\system32\drivers\13763211.sys
13:56:30.0038 0x0b0c  System UUID: {F10E34D6-2E9D-5F5A-BCF1-866014F9E360}
13:56:30.0466 0x0b0c  Drive \Device\Harddisk0\DR0 - Size: 0x2BAA1476000 ( 2794.52 Gb ), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:56:30.0506 0x0b0c  ============================================================
13:56:30.0506 0x0b0c  \Device\Harddisk0\DR0:
13:56:30.0510 0x0b0c  GPT partitions:
13:56:30.0566 0x0b0c  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {E770DEA9-7FAE-4CB3-B701-0BBC0D7B4E62}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
13:56:30.0566 0x0b0c  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {C399BE8D-0942-4E23-8C87-81997C9A495E}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
13:56:30.0566 0x0b0c  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {5817CC40-3276-4DB4-BC37-9D72D7365938}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x5ABD3000
13:56:30.0566 0x0b0c  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {DC30AD89-A603-4E53-B6F1-A0488E3CC3A2}, Name: Basic data partition, StartLBA 0x15AC45800, BlocksNum 0x28C4800
13:56:30.0566 0x0b0c  MBR partitions:
13:56:30.0566 0x0b0c  ============================================================
13:56:30.0879 0x0b0c  C: <-> \Device\Harddisk0\DR0\Partition3
13:56:31.0005 0x0b0c  D: <-> \Device\Harddisk0\DR0\Partition4
13:56:31.0005 0x0b0c  ============================================================
13:56:31.0005 0x0b0c  Initialize success
13:56:31.0005 0x0b0c  ============================================================
13:57:10.0160 0x0830  ============================================================
13:57:10.0160 0x0830  Scan started
13:57:10.0160 0x0830  Mode: Manual; SigCheck; TDLFS;
13:57:10.0160 0x0830  ============================================================
13:57:10.0160 0x0830  KSN ping started
13:57:56.0293 0x0830  KSN ping finished: false
13:57:58.0911 0x0830  ================ Scan system memory ========================
13:57:58.0911 0x0830  System memory - ok
13:57:58.0912 0x0830  ================ Scan services =============================
13:57:59.0306 0x0830  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
13:57:59.0435 0x0830  1394ohci - ok
13:57:59.0455 0x0830  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
13:57:59.0467 0x0830  ACPI - ok
13:57:59.0476 0x0830  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
13:57:59.0556 0x0830  AcpiPmi - ok
13:57:59.0861 0x0830  [ 047BD1EB681453A7FE492A71802AC9F3, C7401A815D4604CA341EEEAE17C7256401A8D725D27E068E67E791CAD6461445 ] AdobeActiveFileMonitor10.0 c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
13:57:59.0873 0x0830  AdobeActiveFileMonitor10.0 - ok
13:57:59.0995 0x0830  [ F79623288F2A357AB20288B5DC4F452A, AA6F70A4C12E390E08074D6FD0EA0D1856D8274DA833E56A8811BF820A2D41D4 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:58:00.0009 0x0830  AdobeFlashPlayerUpdateSvc - ok
13:58:00.0036 0x0830  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
13:58:00.0058 0x0830  adp94xx - ok
13:58:00.0072 0x0830  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys
13:58:00.0084 0x0830  adpahci - ok
13:58:00.0103 0x0830  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys
13:58:00.0113 0x0830  adpu320 - ok
13:58:00.0130 0x0830  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
13:58:00.0242 0x0830  AeLookupSvc - ok
13:58:00.0269 0x0830  AFAsdqUV - ok
13:58:00.0387 0x0830  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\windows\system32\drivers\afd.sys
13:58:00.0465 0x0830  AFD - ok
13:58:00.0490 0x0830  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
13:58:00.0505 0x0830  agp440 - ok
13:58:00.0517 0x0830  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
13:58:00.0577 0x0830  ALG - ok
13:58:00.0599 0x0830  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
13:58:00.0612 0x0830  aliide - ok
13:58:00.0655 0x0830  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
13:58:00.0671 0x0830  amdide - ok
13:58:00.0716 0x0830  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
13:58:00.0757 0x0830  AmdK8 - ok
13:58:00.0794 0x0830  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
13:58:00.0841 0x0830  AmdPPM - ok
13:58:00.0871 0x0830  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
13:58:00.0888 0x0830  amdsata - ok
13:58:00.0910 0x0830  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
13:58:00.0921 0x0830  amdsbs - ok
13:58:00.0935 0x0830  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
13:58:00.0943 0x0830  amdxata - ok
13:58:00.0991 0x0830  [ E531B633B2C92F8E09122BA20E31CE86, 74E492BC12A8AC15AB0ABED3EFE9A6F09CCE53EF53C08104EC74CE523F8DC959 ] AntiLog32       C:\windows\system32\drivers\AntiLog64.sys
13:58:01.0009 0x0830  AntiLog32 - ok
13:58:01.0044 0x0830  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
13:58:01.0171 0x0830  AppID - ok
13:58:01.0184 0x0830  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
13:58:01.0239 0x0830  AppIDSvc - ok
13:58:01.0272 0x0830  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
13:58:01.0294 0x0830  Appinfo - ok
13:58:01.0488 0x0830  [ 20F6F19FE9E753F2780DC2FA083AD597, 5106F0F9BA8A7DE49260A9B13BF8EC45ACA6A166FA8B10B4F69C3BB54F6840A1 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:58:01.0502 0x0830  Apple Mobile Device - ok
13:58:01.0556 0x0830  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys
13:58:01.0572 0x0830  arc - ok
13:58:01.0588 0x0830  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
13:58:01.0604 0x0830  arcsas - ok
13:58:01.0723 0x0830  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:58:01.0815 0x0830  aspnet_state - ok
13:58:01.0851 0x0830  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
13:58:01.0908 0x0830  AsyncMac - ok
13:58:01.0945 0x0830  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
13:58:01.0959 0x0830  atapi - ok
13:58:02.0000 0x0830  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
13:58:02.0077 0x0830  AudioEndpointBuilder - ok
13:58:02.0090 0x0830  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\windows\System32\Audiosrv.dll
13:58:02.0121 0x0830  AudioSrv - ok
13:58:02.0151 0x0830  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
13:58:02.0237 0x0830  AxInstSV - ok
13:58:02.0259 0x0830  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
13:58:02.0317 0x0830  b06bdrv - ok
13:58:02.0334 0x0830  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
13:58:02.0388 0x0830  b57nd60a - ok
13:58:02.0433 0x0830  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
13:58:02.0497 0x0830  BDESVC - ok
13:58:02.0506 0x0830  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
13:58:02.0577 0x0830  Beep - ok
13:58:02.0668 0x0830  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
13:58:02.0736 0x0830  BFE - ok
13:58:03.0265 0x0830  [ D90F5136CB6512B2B9A855C94F79B0B5, 7E2FFDF2B1147E25EA2530DB55667352116EE676D0B6F76ED4C6FEAFC88AB5D4 ] BHDrvx64        C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141118.001\BHDrvx64.sys
13:58:03.0303 0x0830  BHDrvx64 - ok
13:58:03.0352 0x0830  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\system32\qmgr.dll
13:58:03.0389 0x0830  BITS - ok
13:58:03.0409 0x0830  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\drivers\blbdrive.sys
13:58:03.0445 0x0830  blbdrive - ok
13:58:03.0599 0x0830  [ F2060A34C8A75BC24A9222EB4F8C07BD, 14EE16BF7E55716C1ADC3F133582A03339844088CF01E929B5A8FB8FA515F714 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
13:58:03.0651 0x0830  Bonjour Service - ok
13:58:03.0667 0x0830  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
13:58:03.0691 0x0830  bowser - ok
13:58:03.0701 0x0830  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
13:58:03.0740 0x0830  BrFiltLo - ok
13:58:03.0771 0x0830  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
13:58:03.0788 0x0830  BrFiltUp - ok
13:58:03.0818 0x0830  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
13:58:03.0876 0x0830  BridgeMP - ok
13:58:03.0907 0x0830  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
13:58:03.0963 0x0830  Browser - ok
13:58:03.0984 0x0830  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
13:58:04.0043 0x0830  Brserid - ok
13:58:04.0058 0x0830  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
13:58:04.0080 0x0830  BrSerWdm - ok
13:58:04.0094 0x0830  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
13:58:04.0106 0x0830  BrUsbMdm - ok
13:58:04.0124 0x0830  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
13:58:04.0138 0x0830  BrUsbSer - ok
13:58:04.0182 0x0830  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
13:58:04.0205 0x0830  BTHMODEM - ok
13:58:04.0233 0x0830  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
13:58:04.0290 0x0830  bthserv - ok
13:58:04.0465 0x0830  [ A3AD13CA2747953DDD4C9AE4FB925BEC, 860FA3A04DE9DA0B19C625681E594713844F3401FEFD7C26A28C6C94BA6920C7 ] CalendarSynchService C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
13:58:04.0472 0x0830  CalendarSynchService - detected UnsignedFile.Multi.Generic ( 1 )
13:58:12.0717 0x0830  CalendarSynchService ( UnsignedFile.Multi.Generic ) - warning
13:58:12.0813 0x0830  [ 11D20D4158FD55E818910D433CD0BE06, 311DDE44950C56D638F85F8831BF3F1A60D602DFBB652DC42B9ECEF8E9477F65 ] cartmgr         C:\windows\System32\cartmgr.dll
13:58:12.0875 0x0830  cartmgr - detected UnsignedFile.Multi.Generic ( 1 )
13:58:12.0876 0x0830  cartmgr ( UnsignedFile.Multi.Generic ) - warning
13:58:12.0915 0x0830  catchme - ok
13:58:13.0019 0x0830  [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_N360      C:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys
13:58:13.0035 0x0830  ccSet_N360 - ok
13:58:13.0081 0x0830  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
13:58:13.0146 0x0830  cdfs - ok
13:58:13.0179 0x0830  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
13:58:13.0220 0x0830  cdrom - ok
13:58:13.0255 0x0830  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
13:58:13.0322 0x0830  CertPropSvc - ok
13:58:13.0339 0x0830  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
13:58:13.0350 0x0830  circlass - ok
13:58:13.0361 0x0830  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
13:58:13.0373 0x0830  CLFS - ok
13:58:14.0082 0x0830  [ E9C4FE59345E50CFCC544B051FBDDE0D, 0C5FA27C08A382028D8C78E3ECF86DF6AF9C488A671A9C080BC489C7B6073548 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
13:58:14.0152 0x0830  ClickToRunSvc - ok
13:58:14.0220 0x0830  [ 0CAE9EE567832A37AC397AA0E285327F, E68055CA3EF2EEC6CB5D66FB547BE22CA744ACEC8F65C1C6062B687D29B7BE0C ] CLKMSVC10_38F51D56 c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe
13:58:14.0237 0x0830  CLKMSVC10_38F51D56 - ok
13:58:14.0313 0x0830  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:58:14.0328 0x0830  clr_optimization_v2.0.50727_32 - ok
13:58:14.0371 0x0830  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:58:14.0387 0x0830  clr_optimization_v2.0.50727_64 - ok
13:58:15.0689 0x0830  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:58:15.0895 0x0830  clr_optimization_v4.0.30319_32 - ok
13:58:15.0950 0x0830  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:58:16.0017 0x0830  clr_optimization_v4.0.30319_64 - ok
13:58:16.0052 0x0830  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\drivers\CmBatt.sys
13:58:16.0085 0x0830  CmBatt - ok
13:58:16.0114 0x0830  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
13:58:16.0128 0x0830  cmdide - ok
13:58:16.0226 0x0830  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\windows\system32\Drivers\cng.sys
13:58:16.0252 0x0830  CNG - ok
13:58:16.0269 0x0830  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
13:58:16.0276 0x0830  Compbatt - ok
13:58:16.0299 0x0830  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
13:58:16.0335 0x0830  CompositeBus - ok
13:58:16.0337 0x0830  COMSysApp - ok
13:58:16.0361 0x0830  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
13:58:16.0367 0x0830  crcdisk - ok
13:58:16.0409 0x0830  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll
13:58:16.0428 0x0830  CryptSvc - ok
13:58:16.0730 0x0830  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:58:16.0802 0x0830  cvhsvc - ok
13:58:16.0859 0x0830  [ 4A4D12F0C7FD2DE35EA9E8838FF0909C, F40B912CAD0609EE1E917AC07AD69E37BCAD10F3B3D99510E721ADC5BDE764D1 ] DbusAudio       C:\windows\system32\drivers\DbusAudio.sys
13:58:16.0874 0x0830  DbusAudio - ok
13:58:16.0947 0x0830  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
13:58:17.0044 0x0830  DcomLaunch - ok
13:58:17.0083 0x0830  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
13:58:17.0139 0x0830  defragsvc - ok
13:58:17.0176 0x0830  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
13:58:17.0236 0x0830  DfsC - ok
13:58:17.0271 0x0830  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
13:58:17.0339 0x0830  Dhcp - ok
13:58:17.0348 0x0830  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
13:58:17.0405 0x0830  discache - ok
13:58:17.0433 0x0830  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
13:58:17.0448 0x0830  Disk - ok
13:58:17.0536 0x0830  [ 1017D70ABE5483F40C10B7774397D120, A3F49AF1ADBF9B3D82208BE0BB699B07F1C0CC4BE2286835FBA944E2CBD1FEB6 ] dleaCATSCustConnectService C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
13:58:17.0551 0x0830  dleaCATSCustConnectService - ok
13:58:17.0587 0x0830  dlea_device - ok
13:58:17.0611 0x0830  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
13:58:17.0636 0x0830  Dnscache - ok
13:58:17.0652 0x0830  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
13:58:17.0699 0x0830  dot3svc - ok
13:58:17.0781 0x0830  [ 11D20D4158FD55E818910D433CD0BE06, 311DDE44950C56D638F85F8831BF3F1A60D602DFBB652DC42B9ECEF8E9477F65 ] dpcEptMapper    C:\windows\System32\dpcEptMapper.dll
13:58:17.0811 0x0830  dpcEptMapper - detected UnsignedFile.Multi.Generic ( 1 )
13:58:17.0811 0x0830  dpcEptMapper ( UnsignedFile.Multi.Generic ) - warning
13:58:17.0871 0x0830  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
13:58:17.0936 0x0830  DPS - ok
13:58:17.0974 0x0830  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
13:58:18.0031 0x0830  drmkaud - ok
13:58:18.0072 0x0830  [ A59661BAF656A17C673B96687DFA704B, C8BBA5341B8F67041A07328304898B5C6D8874143C48DFC41D8DD492CBB09CA3 ] DrmRAudio       C:\windows\system32\drivers\DrmRAudio.sys
13:58:18.0085 0x0830  DrmRAudio - ok
13:58:18.0191 0x0830  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
13:58:18.0220 0x0830  DXGKrnl - ok
13:58:18.0257 0x0830  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
13:58:18.0278 0x0830  EapHost - ok
13:58:18.0408 0x0830  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\drivers\evbda.sys
13:58:18.0552 0x0830  ebdrv - ok
13:58:18.0602 0x0830  [ 03E1B8BA59327D186C7C533A6998FEF9, 224937A697B55BD9CCD790771DBE9D135021AD1DC3E6D6AC7C431C56F0FFBBB5 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:58:18.0628 0x0830  eeCtrl - ok
13:58:18.0658 0x0830  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\windows\System32\lsass.exe
13:58:18.0724 0x0830  EFS - ok
13:58:18.0785 0x0830  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
13:58:18.0869 0x0830  ehRecvr - ok
13:58:18.0886 0x0830  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
13:58:18.0904 0x0830  ehSched - ok
13:58:18.0935 0x0830  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
13:58:18.0961 0x0830  elxstor - ok
13:58:19.0014 0x0830  [ 142EA7DF1851C563571F2DCFC7AFBB40, 14DE008B68D127F246A64290DFCBD7ECDE8FF7932B3BAE660EB131860E826EAD ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:58:19.0029 0x0830  EraserUtilRebootDrv - ok
13:58:19.0140 0x0830  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
13:58:19.0164 0x0830  ErrDev - ok
13:58:19.0245 0x0830  [ 7AEC5E76816178BF6C543A155D8208B6, 7A591CD484B92A88C01F6FA309BECD9D56B4EDE05875427D0D6CAF25E286D860 ] esgiguard       C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
13:58:19.0259 0x0830  esgiguard - ok
13:58:19.0324 0x0830  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
13:58:19.0388 0x0830  EventSystem - ok
13:58:19.0421 0x0830  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
13:58:19.0447 0x0830  exfat - ok
13:58:19.0477 0x0830  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
13:58:19.0526 0x0830  fastfat - ok
13:58:19.0559 0x0830  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
13:58:19.0627 0x0830  Fax - ok
13:58:19.0637 0x0830  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\drivers\fdc.sys
13:58:19.0676 0x0830  fdc - ok
13:58:19.0702 0x0830  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
13:58:19.0763 0x0830  fdPHost - ok
13:58:19.0789 0x0830  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
13:58:19.0813 0x0830  FDResPub - ok
13:58:19.0819 0x0830  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
13:58:19.0827 0x0830  FileInfo - ok
13:58:19.0834 0x0830  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
13:58:19.0894 0x0830  Filetrace - ok
13:58:19.0918 0x0830  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
13:58:19.0935 0x0830  flpydisk - ok
13:58:20.0000 0x0830  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
13:58:20.0022 0x0830  FltMgr - ok
13:58:20.0371 0x0830  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll
13:58:20.0413 0x0830  FontCache - ok
13:58:20.0447 0x0830  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:58:20.0453 0x0830  FontCache3.0.0.0 - ok
13:58:20.0496 0x0830  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
13:58:20.0511 0x0830  FsDepends - ok
13:58:20.0540 0x0830  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
13:58:20.0553 0x0830  Fs_Rec - ok
13:58:20.0599 0x0830  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
13:58:20.0622 0x0830  fvevol - ok
13:58:20.0637 0x0830  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
13:58:20.0653 0x0830  gagp30kx - ok
13:58:20.0702 0x0830  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
13:58:20.0719 0x0830  GamesAppService - ok
13:58:20.0771 0x0830  [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
13:58:20.0782 0x0830  GEARAspiWDM - ok
13:58:21.0242 0x0830  [ C511B8331F7CCB3FD7902958C261CC85, DCF70C551A559A539C3366657EBBAC9A39CEFA916010813FE70D51D7742C0C1B ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
13:58:21.0268 0x0830  GfExperienceService - ok
13:58:21.0302 0x0830  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
13:58:21.0334 0x0830  gpsvc - ok
13:58:21.0542 0x0830  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:58:21.0557 0x0830  gupdate - ok
13:58:21.0587 0x0830  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:58:21.0600 0x0830  gupdatem - ok
13:58:21.0667 0x0830  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:58:21.0684 0x0830  gusvc - ok
13:58:21.0720 0x0830  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\windows\system32\DRIVERS\hamachi.sys
13:58:21.0733 0x0830  hamachi - ok
13:58:21.0760 0x0830  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
13:58:21.0821 0x0830  hcw85cir - ok
13:58:21.0848 0x0830  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
13:58:21.0889 0x0830  HdAudAddService - ok
13:58:21.0914 0x0830  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
13:58:21.0948 0x0830  HDAudBus - ok
13:58:21.0972 0x0830  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
13:58:22.0008 0x0830  HidBatt - ok
13:58:22.0029 0x0830  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys
13:58:22.0052 0x0830  HidBth - ok
13:58:22.0065 0x0830  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\drivers\hidir.sys
13:58:22.0080 0x0830  HidIr - ok
13:58:22.0094 0x0830  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\System32\hidserv.dll
13:58:22.0125 0x0830  hidserv - ok
13:58:22.0163 0x0830  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
13:58:22.0176 0x0830  HidUsb - ok
13:58:22.0227 0x0830  [ FCE2251FE4464DCAA2F4684F19A8EE9B, 8062CD636DEFA8E160427BC2C61BC5C0DAA5396E16ABE9353B27C217FDE70B04 ] hitmanpro37     C:\windows\system32\drivers\hitmanpro37.sys
13:58:22.0241 0x0830  hitmanpro37 - ok
13:58:22.0268 0x0830  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
13:58:22.0338 0x0830  hkmsvc - ok
13:58:22.0374 0x0830  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
13:58:22.0395 0x0830  HomeGroupListener - ok
13:58:22.0412 0x0830  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
13:58:22.0426 0x0830  HomeGroupProvider - ok
13:58:22.0502 0x0830  [ BB1FC298BE53AAB1E110F6E786BD8AC5, C2DA2C3CE96D5F8B50013063B5EF7BED7478636896C709A7AF34855B2E69B9F1 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
13:58:22.0531 0x0830  HP Support Assistant Service - detected UnsignedFile.Multi.Generic ( 1 )
13:58:22.0531 0x0830  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
13:58:22.0983 0x0830  [ 9B7EDD3FE7C211C36E921D34D18A3A0A, 03A450F85A042F9668D1560FA2B8B89783568C87CDB1A8685CDA2AC9FE3761C3 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
13:58:23.0046 0x0830  hpqwmiex - ok
13:58:23.0076 0x0830  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
13:58:23.0084 0x0830  HpSAMD - ok
13:58:23.0117 0x0830  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
13:58:23.0167 0x0830  HTTP - ok
13:58:23.0191 0x0830  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
13:58:23.0197 0x0830  hwpolicy - ok
13:58:23.0216 0x0830  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
13:58:23.0226 0x0830  i8042prt - ok
13:58:23.0255 0x0830  [ C224331A54571C8C9162F7714400BBBD, C2CA4881ACD46071E67435BE5E3DB133D0743B026FD20D6D6E26B2FE7A03FCAA ] iaStor          C:\windows\system32\drivers\iaStor.sys
13:58:23.0270 0x0830  iaStor - ok
13:58:23.0471 0x0830  [ 0A34D806EF2767E62CAFEA1A150A8830, 2C5C9C0924C6AE379E3CD071E6687885006843A17742B083CE14719F666F7FE6 ] iaStorA         C:\windows\system32\DRIVERS\iaStorA.sys
13:58:23.0499 0x0830  iaStorA - ok
13:58:23.0556 0x0830  [ 6EE3E8FB6C5B1DCC42464BF95F32AC7A, 1D2C3F474B200946F190C2ACD6BF2B2ABDBA16374675920E78280131EDB4ED8C ] iaStorF         C:\windows\system32\DRIVERS\iaStorF.sys
13:58:23.0569 0x0830  iaStorF - ok
13:58:23.0595 0x0830  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
13:58:23.0615 0x0830  iaStorV - ok
13:58:24.0035 0x0830  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:58:24.0144 0x0830  idsvc - ok
13:58:24.0530 0x0830  [ B463A82741E67093B7DBAE8D460159D0, E4DD5FFF9F2C4322AD7E05DEAB5200346196995CBDAD5F7A583748041BB048A6 ] IDSVia64        C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141128.001\IDSvia64.sys
13:58:24.0550 0x0830  IDSVia64 - ok
13:58:24.0805 0x0830  [ 053FA8AB3ACF75D5BFA08BB44B1DEB35, 8B602451B2C743B9FD4CB7C4D57BD019506FDDA782CCC447CD85E3AC5980341F ] IDVaultSvc      C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
13:58:24.0816 0x0830  IDVaultSvc - ok
13:58:24.0833 0x0830  IEEtwCollectorService - ok
13:58:26.0037 0x0830  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
13:58:26.0309 0x0830  igfx - ok
13:58:26.0338 0x0830  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
13:58:26.0349 0x0830  iirsp - ok
13:58:26.0612 0x0830  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
13:58:26.0695 0x0830  IKEEXT - ok
13:58:26.0729 0x0830  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
13:58:26.0745 0x0830  intelide - ok
13:58:26.0779 0x0830  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\drivers\intelppm.sys
13:58:26.0796 0x0830  intelppm - ok
13:58:26.0830 0x0830  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
13:58:26.0890 0x0830  IPBusEnum - ok
13:58:26.0914 0x0830  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
13:58:26.0941 0x0830  IpFilterDriver - ok
13:58:26.0973 0x0830  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
13:58:27.0028 0x0830  iphlpsvc - ok
13:58:27.0044 0x0830  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
13:58:27.0063 0x0830  IPMIDRV - ok
13:58:27.0074 0x0830  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
13:58:27.0128 0x0830  IPNAT - ok
13:58:27.0255 0x0830  [ D38469601B72D2DA4F847FC642174E21, 7AFAD65B8C1B2615F03F75CED3173C93D9CE2B33BDD20A7CE23E78B98A375A64 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:58:27.0280 0x0830  iPod Service - ok
13:58:27.0303 0x0830  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
13:58:27.0313 0x0830  IRENUM - ok
13:58:27.0334 0x0830  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
13:58:27.0342 0x0830  isapnp - ok
13:58:27.0380 0x0830  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
13:58:27.0391 0x0830  iScsiPrt - ok
13:58:27.0429 0x0830  [ C8A3C909F0EFF13CAE0C17503B1F5DB2, 48B83C625AD4FFF4B8D92C70FEFDE70354C18193A8DDFE6D716776228FF691D5 ] iusb3hcs        C:\windows\system32\drivers\iusb3hcs.sys
13:58:27.0442 0x0830  iusb3hcs - ok
13:58:27.0496 0x0830  [ BB47E889BA2ADB7D1A438F9824F5899B, CE074B540154501C2B77A11BD27996D652BA3C81B7CBD2E8DF2E57B3DF770517 ] iusb3hub        C:\windows\system32\DRIVERS\iusb3hub.sys
13:58:27.0515 0x0830  iusb3hub - ok
13:58:27.0580 0x0830  [ 7971B368F36042A0EC31FEA15945187B, E5EDD32316549644708DFD84ECC899C12C5095A16A607ACE0E23A9F49DCCC0BC ] iusb3xhc        C:\windows\system32\DRIVERS\iusb3xhc.sys
13:58:27.0605 0x0830  iusb3xhc - ok
13:58:27.0666 0x0830  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
13:58:27.0680 0x0830  kbdclass - ok
13:58:27.0725 0x0830  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
13:58:27.0759 0x0830  kbdhid - ok
13:58:27.0793 0x0830  [ F03A97CEAF4E848978864C59A50D1E3D, C46061F51C5A7AB47C21C66FBFC3606686664298814AD104A243B6D98CA18ADD ] keycrypt        C:\windows\system32\DRIVERS\KeyCrypt64.sys
13:58:27.0804 0x0830  keycrypt - ok
13:58:27.0816 0x0830  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\windows\system32\lsass.exe
13:58:27.0829 0x0830  KeyIso - ok
13:58:27.0857 0x0830  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
13:58:27.0870 0x0830  KSecDD - ok
13:58:27.0885 0x0830  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
13:58:27.0899 0x0830  KSecPkg - ok
13:58:27.0913 0x0830  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
13:58:27.0970 0x0830  ksthunk - ok
13:58:28.0011 0x0830  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
13:58:28.0064 0x0830  KtmRm - ok
13:58:28.0097 0x0830  [ 320F16CA30BC0B8FF59F6C9E1ACD8516, FDCD8E1BFC57CD3B827A78CBFC26F8F7E2F1CFD4A422D72D82A44152F7A06A85 ] L1C             C:\windows\system32\DRIVERS\L1C62x64.sys
13:58:28.0106 0x0830  L1C - ok
13:58:28.0137 0x0830  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\System32\srvsvc.dll
13:58:28.0203 0x0830  LanmanServer - ok
13:58:28.0224 0x0830  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
13:58:28.0262 0x0830  LanmanWorkstation - ok
13:58:28.0287 0x0830  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
13:58:28.0340 0x0830  lltdio - ok
13:58:28.0370 0x0830  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
13:58:28.0395 0x0830  lltdsvc - ok
13:58:28.0416 0x0830  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
13:58:28.0454 0x0830  lmhosts - ok
13:58:28.0457 0x0830  lmimirr - ok
13:58:28.0527 0x0830  [ BF22ACF4CF3734D61357E67F0521BC03, EDDFBDC4BE29BF26904B2DF7074F471711238469CDDBED1CA253A49B993F53DF ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:58:28.0544 0x0830  LMS - ok
13:58:28.0575 0x0830  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
13:58:28.0590 0x0830  LSI_FC - ok
13:58:28.0606 0x0830  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
13:58:28.0621 0x0830  LSI_SAS - ok
13:58:28.0628 0x0830  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
13:58:28.0641 0x0830  LSI_SAS2 - ok
13:58:28.0653 0x0830  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
13:58:28.0668 0x0830  LSI_SCSI - ok
13:58:28.0683 0x0830  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
13:58:28.0743 0x0830  luafv - ok
13:58:28.0919 0x0830  [ 1704A8189EE5580AB147CFD25C5C8770, DFA076FD36B5CC844D4BE3B865E9A1F809E14CCB1D78D82A2D8D8EE38210E6EB ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
13:58:28.0963 0x0830  McComponentHostService - ok
13:58:29.0001 0x0830  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
13:58:29.0049 0x0830  Mcx2Svc - ok
13:58:29.0081 0x0830  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\drivers\megasas.sys
13:58:29.0097 0x0830  megasas - ok
13:58:29.0117 0x0830  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
13:58:29.0137 0x0830  MegaSR - ok
13:58:29.0160 0x0830  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
13:58:29.0168 0x0830  MEIx64 - ok
13:58:29.0179 0x0830  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
13:58:29.0228 0x0830  MMCSS - ok
13:58:29.0252 0x0830  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
13:58:29.0282 0x0830  Modem - ok
13:58:29.0293 0x0830  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
13:58:29.0338 0x0830  monitor - ok
13:58:29.0369 0x0830  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
13:58:29.0381 0x0830  mouclass - ok
13:58:29.0415 0x0830  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
13:58:29.0448 0x0830  mouhid - ok
13:58:29.0472 0x0830  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
13:58:29.0489 0x0830  mountmgr - ok
13:58:29.0538 0x0830  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
13:58:29.0556 0x0830  mpio - ok
13:58:29.0570 0x0830  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
13:58:29.0612 0x0830  mpsdrv - ok
13:58:29.0683 0x0830  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
13:58:29.0736 0x0830  MpsSvc - ok
13:58:29.0856 0x0830  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
13:58:29.0886 0x0830  MRxDAV - ok
13:58:29.0949 0x0830  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
13:58:30.0008 0x0830  mrxsmb - ok
13:58:30.0032 0x0830  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
13:58:30.0058 0x0830  mrxsmb10 - ok
13:58:30.0066 0x0830  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
13:58:30.0076 0x0830  mrxsmb20 - ok
13:58:30.0114 0x0830  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
13:58:30.0123 0x0830  msahci - ok
13:58:30.0139 0x0830  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
13:58:30.0155 0x0830  msdsm - ok
13:58:30.0167 0x0830  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
13:58:30.0205 0x0830  MSDTC - ok
13:58:30.0228 0x0830  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
13:58:30.0260 0x0830  Msfs - ok
13:58:30.0280 0x0830  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
13:58:30.0334 0x0830  mshidkmdf - ok
13:58:30.0365 0x0830  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
13:58:30.0378 0x0830  msisadrv - ok
13:58:30.0492 0x0830  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
13:58:30.0572 0x0830  MSiSCSI - ok
13:58:30.0574 0x0830  msiserver - ok
13:58:30.0598 0x0830  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
13:58:30.0636 0x0830  MSKSSRV - ok
13:58:30.0648 0x0830  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
13:58:30.0668 0x0830  MSPCLOCK - ok
13:58:30.0675 0x0830  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
13:58:30.0712 0x0830  MSPQM - ok
13:58:30.0743 0x0830  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
13:58:30.0755 0x0830  MsRPC - ok
13:58:30.0776 0x0830  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
13:58:30.0782 0x0830  mssmbios - ok
13:58:30.0796 0x0830  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
13:58:30.0817 0x0830  MSTEE - ok
13:58:30.0824 0x0830  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
13:58:30.0832 0x0830  MTConfig - ok
13:58:30.0840 0x0830  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
13:58:30.0846 0x0830  Mup - ok
13:58:31.0594 0x0830  [ 63F5AC8B04F3134E97379CA38DBFBC3C, 1F414CD4554407A0106FB34FC502818A5471E859992A8E7E253B15573283DA5D ] N360            C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
13:58:31.0615 0x0830  N360 - ok
13:58:31.0653 0x0830  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
13:58:31.0715 0x0830  napagent - ok
13:58:31.0780 0x0830  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
13:58:31.0823 0x0830  NativeWifiP - ok
13:58:32.0015 0x0830  [ 0CB8324F6CB624812FD9D4FE9186F845, 15E939AF3F11FD109BF7678C010F2C9C883DFA375A4A18FDE24B3C960C983B84 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
13:58:32.0045 0x0830  NAUpdate - ok
13:58:32.0376 0x0830  [ C180A82874D3CDC390A27F2F1E1AF025, 9F473661524D645D5C1D616BF2BEC2996DFAE9268B7CF280FCCBD19AA072E567 ] NAVENG          C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141129.002\ENG64.SYS
13:58:32.0393 0x0830  NAVENG - ok
13:58:33.0243 0x0830  [ E66CA6C321614D7BC0AFC9C8436131B9, BF732419D56E1B8AB3B11B19403087D4EDBF9108F0252ACBB561235040AB4436 ] NAVEX15         C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141129.002\EX64.SYS
13:58:33.0342 0x0830  NAVEX15 - ok
13:58:33.0873 0x0830  [ 11D20D4158FD55E818910D433CD0BE06, 311DDE44950C56D638F85F8831BF3F1A60D602DFBB652DC42B9ECEF8E9477F65 ] ncpipreg        C:\windows\System32\ncpipreg.dll
13:58:33.0900 0x0830  ncpipreg - detected UnsignedFile.Multi.Generic ( 1 )
13:58:33.0900 0x0830  ncpipreg ( UnsignedFile.Multi.Generic ) - warning
13:58:34.0021 0x0830  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
13:58:34.0044 0x0830  NDIS - ok
13:58:34.0088 0x0830  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
13:58:34.0148 0x0830  NdisCap - ok
13:58:34.0184 0x0830  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
13:58:34.0206 0x0830  NdisTapi - ok
13:58:34.0232 0x0830  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
13:58:34.0268 0x0830  Ndisuio - ok
13:58:34.0295 0x0830  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
13:58:34.0356 0x0830  NdisWan - ok
13:58:34.0375 0x0830  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
13:58:34.0395 0x0830  NDProxy - ok
13:58:34.0402 0x0830  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
13:58:34.0438 0x0830  NetBIOS - ok
13:58:34.0463 0x0830  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
13:58:34.0486 0x0830  NetBT - ok
13:58:34.0493 0x0830  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\windows\system32\lsass.exe
13:58:34.0501 0x0830  Netlogon - ok
13:58:34.0524 0x0830  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
13:58:34.0558 0x0830  Netman - ok
13:58:34.0621 0x0830  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:58:34.0664 0x0830  NetMsmqActivator - ok
13:58:34.0671 0x0830  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:58:34.0684 0x0830  NetPipeActivator - ok
13:58:34.0752 0x0830  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
13:58:34.0832 0x0830  netprofm - ok
13:58:35.0474 0x0830  [ 8F320BAF24A8F9252980C64349822B9D, D95A3D35E0FCA56F2A92BA6D6D2D4BB055B50143D88D6F590FAADDB654FAA660 ] netr28x         C:\windows\system32\DRIVERS\netr28x.sys
13:58:35.0514 0x0830  netr28x - ok
13:58:35.0595 0x0830  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:58:35.0612 0x0830  NetTcpActivator - ok
13:58:35.0680 0x0830  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:58:35.0699 0x0830  NetTcpPortSharing - ok
13:58:35.0765 0x0830  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
13:58:35.0780 0x0830  nfrd960 - ok
13:58:35.0806 0x0830  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\windows\System32\nlasvc.dll
13:58:35.0851 0x0830  NlaSvc - ok
13:58:36.0250 0x0830  [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
13:58:36.0315 0x0830  NOBU - ok
13:58:36.0347 0x0830  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
13:58:36.0368 0x0830  Npfs - ok
13:58:36.0393 0x0830  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
13:58:36.0413 0x0830  nsi - ok
13:58:36.0528 0x0830  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
13:58:36.0609 0x0830  nsiproxy - ok
13:58:37.0109 0x0830  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
13:58:37.0142 0x0830  Ntfs - ok
13:58:37.0152 0x0830  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
13:58:37.0171 0x0830  Null - ok
13:58:37.0211 0x0830  [ C87B11EB78428853F9E8495C47E53C10, FAE479DB0812967B3FF968773BA998591B4F50BE4329B8349BCA7E6EAB1B0474 ] NVHDA           C:\windows\system32\drivers\nvhda64v.sys
13:58:37.0229 0x0830  NVHDA - ok
13:58:39.0701 0x0830  [ A6975E0E4BE34667933846DE2F28AEFC, DFCF194C457A80C8222821001626D089FB1D97A37CA4D50D92144CE324911A78 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
13:58:39.0878 0x0830  nvlddmkm - ok
13:58:40.0742 0x0830  [ CF4905C5F3179F20DA550CD135EE90EE, D887773F537268CD1141776FC439299C2C9F2986D7962D83FE534E3CD4F983AD ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
13:58:40.0778 0x0830  NvNetworkService - ok
13:58:40.0822 0x0830  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
13:58:40.0830 0x0830  nvraid - ok
13:58:40.0849 0x0830  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
13:58:40.0857 0x0830  nvstor - ok
13:58:40.0971 0x0830  [ 6B2CFB1BF233F6946F293B5B30FD599A, 91FC84D5D0497235015850FA1DFFFD8EDEB3C89FAB0BAD65AC86E161CC3593BD ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
13:58:40.0984 0x0830  NvStreamKms - ok
13:58:44.0853 0x0830  [ 2FAD0F3004D0CFEE5148CB36E6999DBD, 4EE62420BBC6B81048B35E549F2332EA3640B41101FC174C74CCCC412AF0D6E3 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
13:58:45.0301 0x0830  NvStreamSvc - ok
13:58:45.0377 0x0830  [ 9AEDEFFFE581D775E70C1C228CCD495E, F31C6DED1292A9392B83F9F557070543984AAB73718785B1C189752B34D4805B ] nvsvc           C:\windows\system32\nvvsvc.exe
13:58:45.0407 0x0830  nvsvc - ok
13:58:45.0460 0x0830  [ 1AF619620613869C07F9C147BC37520F, 0AD4E100354E201D5E72BA236C1464F5083A7E3B58C4AC6BA712489D258955F5 ] nvvad_WaveExtensible C:\windows\system32\drivers\nvvad64v.sys
13:58:45.0473 0x0830  nvvad_WaveExtensible - ok
13:58:45.0513 0x0830  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
13:58:45.0531 0x0830  nv_agp - ok
13:58:45.0547 0x0830  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
13:58:45.0559 0x0830  ohci1394 - ok
13:58:45.0617 0x0830  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:58:45.0636 0x0830  ose - ok
13:58:46.0959 0x0830  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:58:47.0183 0x0830  osppsvc - ok
13:58:47.0393 0x0830  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
13:58:47.0475 0x0830  p2pimsvc - ok
13:58:47.0498 0x0830  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
13:58:47.0523 0x0830  p2psvc - ok
13:58:47.0547 0x0830  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\drivers\parport.sys
13:58:47.0556 0x0830  Parport - ok
13:58:47.0579 0x0830  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
13:58:47.0586 0x0830  partmgr - ok
13:58:47.0623 0x0830  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
13:58:47.0660 0x0830  PcaSvc - ok
13:58:47.0764 0x0830  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
13:58:47.0783 0x0830  pci - ok
13:58:47.0857 0x0830  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
13:58:47.0871 0x0830  pciide - ok
13:58:47.0900 0x0830  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
13:58:47.0919 0x0830  pcmcia - ok
13:58:47.0932 0x0830  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
13:58:47.0943 0x0830  pcw - ok
13:58:47.0978 0x0830  pdfcDispatcher - ok
13:58:48.0212 0x0830  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
13:58:48.0272 0x0830  PEAUTH - ok
13:58:48.0339 0x0830  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
13:58:48.0384 0x0830  PerfHost - ok
13:58:48.0782 0x0830  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
13:58:48.0839 0x0830  pla - ok
13:58:48.0889 0x0830  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
13:58:48.0955 0x0830  PlugPlay - ok
13:58:48.0971 0x0830  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
13:58:49.0011 0x0830  PNRPAutoReg - ok
13:58:49.0063 0x0830  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
13:58:49.0085 0x0830  PNRPsvc - ok
13:58:49.0287 0x0830  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
13:58:49.0337 0x0830  PolicyAgent - ok
13:58:49.0369 0x0830  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
13:58:49.0412 0x0830  Power - ok
13:58:49.0454 0x0830  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
13:58:49.0521 0x0830  PptpMiniport - ok
13:58:49.0586 0x0830  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\drivers\processr.sys
13:58:49.0607 0x0830  Processor - ok
13:58:49.0685 0x0830  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\windows\system32\profsvc.dll
13:58:49.0748 0x0830  ProfSvc - ok
13:58:49.0779 0x0830  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\windows\system32\lsass.exe
13:58:49.0795 0x0830  ProtectedStorage - ok
13:58:49.0835 0x0830  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
13:58:49.0870 0x0830  Psched - ok
13:58:49.0887 0x0830  [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64        C:\windows\system32\Drivers\PxHlpa64.sys
13:58:49.0894 0x0830  PxHlpa64 - ok
13:58:49.0983 0x0830  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys
13:58:50.0020 0x0830  ql2300 - ok
13:58:50.0048 0x0830  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
13:58:50.0057 0x0830  ql40xx - ok
13:58:50.0178 0x0830  [ 11D20D4158FD55E818910D433CD0BE06, 311DDE44950C56D638F85F8831BF3F1A60D602DFBB652DC42B9ECEF8E9477F65 ] qupdate         C:\windows\System32\qupdate.dll
13:58:50.0210 0x0830  qupdate - detected UnsignedFile.Multi.Generic ( 1 )
13:58:50.0210 0x0830  qupdate ( UnsignedFile.Multi.Generic ) - warning
13:58:50.0210 0x0830  Force sending object to P2P due to detect: qupdate
13:58:50.0214 0x0830  Object send P2P result: false
13:58:50.0326 0x0830  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
13:58:50.0353 0x0830  QWAVE - ok
13:58:50.0368 0x0830  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
13:58:50.0407 0x0830  QWAVEdrv - ok
13:58:50.0503 0x0830  [ 285B89D9CAE3565A1888FB027BD47A33, 7CCF283641517CB58F6B17E94A81F946B5FC2C6EE11A20EAB5DE9662A4847797 ] RalinkCountryRegion C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe
13:58:50.0549 0x0830  RalinkCountryRegion - detected UnsignedFile.Multi.Generic ( 1 )
13:58:50.0549 0x0830  RalinkCountryRegion ( UnsignedFile.Multi.Generic ) - warning
13:58:50.0590 0x0830  [ 4E033A3D13F2D3611A7DF0A60CE090CB, 545AC55E76A122C7303F074A4733F5363E2C758465E80A0DFBC80E6DA7FBAE35 ] RalinkRegistryWriter C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
13:58:50.0611 0x0830  RalinkRegistryWriter - detected UnsignedFile.Multi.Generic ( 1 )
13:58:50.0611 0x0830  RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - warning
13:58:50.0611 0x0830  Force sending object to P2P due to detect: RalinkRegistryWriter
13:58:50.0612 0x0830  Object send P2P result: false
13:58:50.0633 0x0830  [ 1222BD405310F8B39D4EC28691E24F7A, CDE37AB98B924A699A4DB193D92FC17F8A76EFED38558102C1537DC265636292 ] RalinkRegistryWriter64 C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
13:58:50.0644 0x0830  RalinkRegistryWriter64 - detected UnsignedFile.Multi.Generic ( 1 )
13:58:50.0644 0x0830  RalinkRegistryWriter64 ( UnsignedFile.Multi.Generic ) - warning
13:58:50.0710 0x0830  [ 2977F7750EA2BECB3E623814D2C18800, A2FAE078FC18481C59D7D3B465D4E53756D85C1C49F6471D3840EEF49814EA19 ] RaMediaServer   C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
13:58:50.0766 0x0830  RaMediaServer - detected UnsignedFile.Multi.Generic ( 1 )
13:58:50.0766 0x0830  RaMediaServer ( UnsignedFile.Multi.Generic ) - warning
13:58:50.0827 0x0830  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
13:58:50.0866 0x0830  RasAcd - ok
13:58:50.0901 0x0830  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
13:58:50.0931 0x0830  RasAgileVpn - ok
13:58:50.0952 0x0830  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
13:58:51.0007 0x0830  RasAuto - ok
13:58:51.0033 0x0830  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
13:58:51.0055 0x0830  Rasl2tp - ok
13:58:51.0080 0x0830  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
13:58:51.0105 0x0830  RasMan - ok
13:58:51.0115 0x0830  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
13:58:51.0155 0x0830  RasPppoe - ok
13:58:51.0184 0x0830  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
13:58:51.0205 0x0830  RasSstp - ok
13:58:51.0217 0x0830  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
13:58:51.0241 0x0830  rdbss - ok
13:58:51.0253 0x0830  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
13:58:51.0286 0x0830  rdpbus - ok
13:58:51.0316 0x0830  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
13:58:51.0356 0x0830  RDPCDD - ok
13:58:51.0363 0x0830  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
13:58:51.0400 0x0830  RDPENCDD - ok
13:58:51.0419 0x0830  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
13:58:51.0441 0x0830  RDPREFMP - ok
13:58:51.0463 0x0830  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
13:58:51.0492 0x0830  RDPWD - ok
13:58:51.0507 0x0830  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
13:58:51.0516 0x0830  rdyboost - ok
13:58:51.0918 0x0830  [ 11D20D4158FD55E818910D433CD0BE06, 311DDE44950C56D638F85F8831BF3F1A60D602DFBB652DC42B9ECEF8E9477F65 ] reLookupSvc     C:\windows\System32\reLookupSvc.dll
13:58:51.0949 0x0830  reLookupSvc - detected UnsignedFile.Multi.Generic ( 1 )
13:58:51.0950 0x0830  reLookupSvc ( UnsignedFile.Multi.Generic ) - warning
13:58:51.0950 0x0830  Force sending object to P2P due to detect: reLookupSvc
13:58:51.0953 0x0830  Object send P2P result: false
13:58:52.0049 0x0830  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
13:58:52.0122 0x0830  RemoteAccess - ok
13:58:52.0175 0x0830  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
13:58:52.0213 0x0830  RemoteRegistry - ok
13:58:52.0249 0x0830  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
13:58:52.0308 0x0830  RpcEptMapper - ok
13:58:52.0384 0x0830  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
13:58:52.0451 0x0830  RpcLocator - ok
13:58:52.0493 0x0830  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\System32\rpcss.dll
13:58:52.0531 0x0830  RpcSs - ok
13:58:52.0666 0x0830  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
13:58:52.0706 0x0830  rspndr - ok
13:58:52.0754 0x0830  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\windows\system32\lsass.exe
13:58:52.0770 0x0830  SamSs - ok
13:58:52.0876 0x0830  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
13:58:52.0892 0x0830  sbp2port - ok
13:58:52.0932 0x0830  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
13:58:52.0967 0x0830  SCardSvr - ok
13:58:53.0018 0x0830  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
13:58:53.0081 0x0830  scfilter - ok
13:58:53.0337 0x0830  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
13:58:53.0423 0x0830  Schedule - ok
13:58:53.0441 0x0830  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
13:58:53.0460 0x0830  SCPolicySvc - ok
13:58:53.0489 0x0830  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
13:58:53.0569 0x0830  SDRSVC - ok
13:58:53.0605 0x0830  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
13:58:53.0663 0x0830  secdrv - ok
13:58:53.0696 0x0830  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
13:58:53.0732 0x0830  seclogon - ok
13:58:53.0820 0x0830  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\system32\sens.dll
13:58:53.0884 0x0830  SENS - ok
13:58:54.0005 0x0830  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
13:58:54.0066 0x0830  SensrSvc - ok
13:58:54.0121 0x0830  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\drivers\serenum.sys
13:58:54.0161 0x0830  Serenum - ok
13:58:54.0185 0x0830  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys
13:58:54.0225 0x0830  Serial - ok
13:58:54.0257 0x0830  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys
13:58:54.0296 0x0830  sermouse - ok
13:58:54.0759 0x0830  [ 11D20D4158FD55E818910D433CD0BE06, 311DDE44950C56D638F85F8831BF3F1A60D602DFBB652DC42B9ECEF8E9477F65 ] sertPropSvc     C:\windows\System32\sertPropSvc.dll
13:58:54.0791 0x0830  sertPropSvc - detected UnsignedFile.Multi.Generic ( 1 )
13:58:54.0791 0x0830  sertPropSvc ( UnsignedFile.Multi.Generic ) - warning
13:58:54.0791 0x0830  Force sending object to P2P due to detect: sertPropSvc
13:58:54.0795 0x0830  Object send P2P result: false
13:58:54.0916 0x0830  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
13:58:55.0009 0x0830  SessionEnv - ok
13:58:55.0043 0x0830  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
13:58:55.0056 0x0830  sffdisk - ok
13:58:55.0139 0x0830  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
13:58:55.0193 0x0830  sffp_mmc - ok
13:58:55.0209 0x0830  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
13:58:55.0248 0x0830  sffp_sd - ok
13:58:55.0284 0x0830  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
13:58:55.0319 0x0830  sfloppy - ok
13:58:55.0388 0x0830  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
13:58:55.0415 0x0830  Sftfs - ok
13:58:55.0968 0x0830  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
13:58:56.0007 0x0830  sftlist - ok
13:58:56.0111 0x0830  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
13:58:56.0131 0x0830  Sftplay - ok
13:58:56.0245 0x0830  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
13:58:56.0256 0x0830  Sftredir - ok
13:58:56.0371 0x0830  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
13:58:56.0384 0x0830  Sftvol - ok
13:58:56.0460 0x0830  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
13:58:56.0481 0x0830  sftvsa - ok
13:58:56.0551 0x0830  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
13:58:56.0609 0x0830  SharedAccess - ok
13:58:56.0665 0x0830  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
13:58:56.0759 0x0830  ShellHWDetection - ok
13:58:56.0805 0x0830  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
13:58:56.0819 0x0830  SiSRaid2 - ok
13:58:56.0832 0x0830  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
13:58:56.0852 0x0830  SiSRaid4 - ok
13:58:56.0926 0x0830  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:58:56.0946 0x0830  SkypeUpdate - ok
13:58:56.0956 0x0830  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
13:58:56.0985 0x0830  Smb - ok
13:58:57.0004 0x0830  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
13:58:57.0028 0x0830  SNMPTRAP - ok
13:58:57.0579 0x0830  [ 11D20D4158FD55E818910D433CD0BE06, 311DDE44950C56D638F85F8831BF3F1A60D602DFBB652DC42B9ECEF8E9477F65 ] sontCache3.0.0.0 C:\windows\System32\sontCache3.0.0.0.dll
13:58:57.0609 0x0830  sontCache3.0.0.0 - detected UnsignedFile.Multi.Generic ( 1 )
13:58:57.0609 0x0830  sontCache3.0.0.0 ( UnsignedFile.Multi.Generic ) - warning
13:58:57.0713 0x0830  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
13:58:57.0725 0x0830  spldr - ok
13:58:57.0960 0x0830  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
13:58:58.0004 0x0830  Spooler - ok
13:58:58.0186 0x0830  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
13:58:58.0366 0x0830  sppsvc - ok
13:58:58.0390 0x0830  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
13:58:58.0414 0x0830  sppuinotify - ok
13:58:58.0809 0x0830  [ 8621D971971592A27D80EA8A820A07CE, 56E8B56AB922F217408C13ABF669D580CC482BDB2F1652EECBA73D1B2EA5AB73 ] SpyHunter 4 Service C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
13:58:58.0903 0x0830  SpyHunter 4 Service - ok
13:58:59.0232 0x0830  [ E163E10191958FF6A2B0B48353F9E9FD, C4F5B83B5C435458AEEC4BD5C6A0FE15F4C3CD5C23CA7F5949A62214634DBB36 ] SRTSP           C:\windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS
13:58:59.0314 0x0830  SRTSP - ok
13:58:59.0360 0x0830  [ 68E7B6708B9EEE021301C483825D05EA, 87E262405473A063E3E6E9D1D61D8381C997C95F77317CDBB3C59369436E70C5 ] SRTSPX          C:\windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS
13:58:59.0372 0x0830  SRTSPX - ok
13:58:59.0536 0x0830  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
13:58:59.0615 0x0830  srv - ok
13:58:59.0650 0x0830  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
13:58:59.0699 0x0830  srv2 - ok
13:58:59.0724 0x0830  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
13:58:59.0744 0x0830  srvnet - ok
13:58:59.0781 0x0830  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
13:58:59.0852 0x0830  SSDPSRV - ok
13:58:59.0864 0x0830  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
13:58:59.0884 0x0830  SstpSvc - ok
13:59:00.0189 0x0830  [ 605ECCCE95ACF7AF12CBCCDAB55B8DD0, 7B676B58C26D880320434066B93C7B8372421699C0006806D4E8E0E824124281 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
13:59:00.0253 0x0830  STacSV - ok
13:59:00.0332 0x0830  [ AD5CE4DBBBAFB82B728BA0548876C5B6, 09022AE357FFBD9F3DF7807BF57704AA8E71767E043E92DA06DB5FE828B3F26F ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:59:00.0350 0x0830  Stereo Service - ok
13:59:00.0367 0x0830  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys
13:59:00.0374 0x0830  stexstor - ok
13:59:00.0434 0x0830  [ 5709F6AEECC9C43AD9D550FB1D882209, CF4681AE1D6B15340F5A0787E0EFB682AA3CFA15D25741364D8455C040A5997B ] STHDA           C:\windows\system32\DRIVERS\stwrt64.sys
13:59:00.0476 0x0830  STHDA - ok
13:59:00.0505 0x0830  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
13:59:00.0525 0x0830  stisvc - ok
13:59:00.0538 0x0830  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\drivers\swenum.sys
13:59:00.0543 0x0830  swenum - ok
13:59:00.0594 0x0830  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
13:59:00.0659 0x0830  swprv - ok
13:59:00.0707 0x0830  [ 5C9EE2303CA7F267665D75237862B39C, 5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D ] SymDS           C:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS
13:59:00.0728 0x0830  SymDS - ok
13:59:00.0757 0x0830  [ 9F31630D7FC2DD9D5DA1CE359AAD1F46, 296D29EDF53956D1899DE4669AB429C280DF9F183F00AE1CE528E7C575802235 ] SymEFA          C:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS
13:59:00.0781 0x0830  SymEFA - ok
13:59:00.0827 0x0830  [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent        C:\windows\system32\Drivers\SYMEVENT64x86.SYS
13:59:00.0843 0x0830  SymEvent - ok
13:59:00.0894 0x0830  [ 2C95265BE19F338E1C1090E4E91055BB, 1E580E9367B1C89B06BD4B34EFD94CD511FD3AA1617D943DDFE0A28B7ED5D5F9 ] SymIRON         C:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS
13:59:00.0913 0x0830  SymIRON - ok
13:59:01.0082 0x0830  [ 5570A74FF9B1EFBC5154DD1E2F05C517, 2C883A0334CBE4AE257028805C9BB1E529A80F56BA6D341E8EBB83CB3E46FEB7 ] SymNetS         C:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS
13:59:01.0110 0x0830  SymNetS - ok
13:59:01.0477 0x0830  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
13:59:01.0555 0x0830  SysMain - ok
13:59:01.0582 0x0830  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
13:59:01.0595 0x0830  TabletInputService - ok
13:59:01.0608 0x0830  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
13:59:01.0651 0x0830  TapiSrv - ok
13:59:01.0678 0x0830  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
13:59:01.0718 0x0830  TBS - ok
13:59:01.0822 0x0830  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
13:59:01.0859 0x0830  Tcpip - ok
13:59:01.0988 0x0830  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
13:59:02.0019 0x0830  TCPIP6 - ok
13:59:02.0052 0x0830  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
13:59:02.0059 0x0830  tcpipreg - ok
13:59:02.0111 0x0830  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
13:59:02.0143 0x0830  TDPIPE - ok
13:59:02.0166 0x0830  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
13:59:02.0184 0x0830  TDTCP - ok
13:59:02.0202 0x0830  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
13:59:02.0234 0x0830  tdx - ok
13:59:02.0259 0x0830  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\drivers\termdd.sys
13:59:02.0266 0x0830  TermDD - ok
13:59:02.0286 0x0830  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\windows\System32\termsrv.dll
13:59:02.0342 0x0830  TermService - ok
13:59:02.0362 0x0830  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
13:59:02.0373 0x0830  Themes - ok
13:59:02.0390 0x0830  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
13:59:02.0412 0x0830  THREADORDER - ok
13:59:02.0460 0x0830  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
13:59:02.0529 0x0830  TrkWks - ok
13:59:02.0622 0x0830  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
13:59:02.0654 0x0830  TrustedInstaller - ok
13:59:02.0707 0x0830  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
13:59:02.0731 0x0830  tssecsrv - ok
13:59:02.0751 0x0830  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
13:59:02.0773 0x0830  TsUsbFlt - ok
13:59:02.0822 0x0830  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
13:59:02.0859 0x0830  TsUsbGD - ok
13:59:02.0910 0x0830  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
13:59:02.0974 0x0830  tunnel - ok
13:59:02.0999 0x0830  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys
13:59:03.0012 0x0830  uagp35 - ok
13:59:03.0030 0x0830  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
13:59:03.0080 0x0830  udfs - ok
13:59:03.0117 0x0830  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
13:59:03.0133 0x0830  UI0Detect - ok
13:59:03.0165 0x0830  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
13:59:03.0181 0x0830  uliagpkx - ok
13:59:03.0207 0x0830  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
13:59:03.0236 0x0830  umbus - ok
13:59:03.0279 0x0830  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys
13:59:03.0295 0x0830  UmPass - ok
13:59:03.0322 0x0830  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
13:59:03.0380 0x0830  upnphost - ok
13:59:03.0444 0x0830  [ AA33FC47ED58C34E6E9261E4F850B7EB, C6388127CAA695434ABFB6C59A53C8544E67E414012DE5F21B36D035BB1BACC8 ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
13:59:03.0467 0x0830  USBAAPL64 - ok
13:59:03.0488 0x0830  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
13:59:03.0512 0x0830  usbccgp - ok
13:59:03.0562 0x0830  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
13:59:03.0592 0x0830  usbcir - ok
13:59:03.0645 0x0830  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\drivers\usbehci.sys
13:59:03.0665 0x0830  usbehci - ok
13:59:03.0716 0x0830  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
13:59:03.0762 0x0830  usbhub - ok
13:59:03.0798 0x0830  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\drivers\usbohci.sys
13:59:03.0813 0x0830  usbohci - ok
13:59:03.0837 0x0830  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
13:59:03.0883 0x0830  usbprint - ok
13:59:03.0962 0x0830  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
13:59:04.0015 0x0830  usbscan - ok
13:59:04.0026 0x0830  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
13:59:04.0055 0x0830  USBSTOR - ok
13:59:04.0103 0x0830  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
13:59:04.0119 0x0830  usbuhci - ok
13:59:04.0137 0x0830  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
13:59:04.0177 0x0830  UxSms - ok
13:59:04.0188 0x0830  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\windows\system32\lsass.exe
13:59:04.0195 0x0830  VaultSvc - ok
13:59:04.0201 0x0830  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
13:59:04.0207 0x0830  vdrvroot - ok
13:59:04.0223 0x0830  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
13:59:04.0250 0x0830  vds - ok
13:59:04.0338 0x0830  [ 11D20D4158FD55E818910D433CD0BE06, 311DDE44950C56D638F85F8831BF3F1A60D602DFBB652DC42B9ECEF8E9477F65 ] vENS            C:\windows\System32\vENS.dll
13:59:04.0370 0x0830  vENS - detected UnsignedFile.Multi.Generic ( 1 )
13:59:04.0370 0x0830  vENS ( UnsignedFile.Multi.Generic ) - warning
13:59:04.0395 0x0830  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
13:59:04.0404 0x0830  vga - ok
13:59:04.0416 0x0830  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
13:59:04.0447 0x0830  VgaSave - ok
13:59:04.0471 0x0830  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
13:59:04.0481 0x0830  vhdmp - ok
13:59:04.0501 0x0830  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
13:59:04.0509 0x0830  viaide - ok
13:59:04.0537 0x0830  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
13:59:04.0545 0x0830  volmgr - ok
13:59:04.0554 0x0830  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
13:59:04.0565 0x0830  volmgrx - ok
13:59:04.0582 0x0830  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\windows\system32\drivers\volsnap.sys
13:59:04.0593 0x0830  volsnap - ok
13:59:04.0603 0x0830  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
13:59:04.0612 0x0830  vsmraid - ok
13:59:04.0643 0x0830  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
13:59:04.0690 0x0830  VSS - ok
13:59:04.0701 0x0830  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
13:59:04.0724 0x0830  vwifibus - ok
13:59:04.0727 0x0830  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
13:59:04.0745 0x0830  vwififlt - ok
13:59:04.0788 0x0830  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
13:59:04.0806 0x0830  vwifimp - ok
13:59:04.0827 0x0830  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
13:59:04.0864 0x0830  W32Time - ok
13:59:04.0878 0x0830  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
13:59:04.0892 0x0830  WacomPen - ok
13:59:04.0910 0x0830  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
13:59:04.0953 0x0830  WANARP - ok
13:59:04.0972 0x0830  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
13:59:04.0991 0x0830  Wanarpv6 - ok
13:59:05.0223 0x0830  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
13:59:05.0298 0x0830  WatAdminSvc - ok
13:59:05.0859 0x0830  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
13:59:05.0960 0x0830  wbengine - ok
13:59:05.0983 0x0830  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
13:59:06.0007 0x0830  WbioSrvc - ok
13:59:06.0023 0x0830  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
13:59:06.0064 0x0830  wcncsvc - ok
13:59:06.0089 0x0830  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
13:59:06.0109 0x0830  WcsPlugInService - ok
13:59:06.0116 0x0830  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys
13:59:06.0124 0x0830  Wd - ok
13:59:06.0339 0x0830  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
13:59:06.0368 0x0830  Wdf01000 - ok
13:59:06.0404 0x0830  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
13:59:06.0480 0x0830  WdiServiceHost - ok
13:59:06.0485 0x0830  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
13:59:06.0504 0x0830  WdiSystemHost - ok
13:59:06.0559 0x0830  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll
13:59:06.0585 0x0830  WebClient - ok
13:59:06.0651 0x0830  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
13:59:06.0703 0x0830  Wecsvc - ok
13:59:06.0713 0x0830  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
13:59:06.0740 0x0830  wercplsupport - ok
13:59:06.0778 0x0830  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
13:59:06.0816 0x0830  WerSvc - ok
13:59:06.0828 0x0830  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
13:59:06.0848 0x0830  WfpLwf - ok
13:59:06.0874 0x0830  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
13:59:06.0881 0x0830  WIMMount - ok
13:59:06.0923 0x0830  WinDefend - ok
13:59:06.0926 0x0830  WinHttpAutoProxySvc - ok
13:59:07.0465 0x0830  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
13:59:07.0499 0x0830  Winmgmt - ok
13:59:07.0907 0x0830  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\windows\system32\WsmSvc.dll
13:59:08.0006 0x0830  WinRM - ok
13:59:08.0055 0x0830  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
13:59:08.0096 0x0830  Wlansvc - ok
13:59:08.0136 0x0830  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:59:08.0150 0x0830  wlcrasvc - ok
13:59:08.0251 0x0830  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:59:08.0333 0x0830  wlidsvc - ok
13:59:08.0366 0x0830  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
13:59:08.0396 0x0830  WmiAcpi - ok
13:59:08.0433 0x0830  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
13:59:08.0477 0x0830  wmiApSrv - ok
13:59:08.0507 0x0830  WMPNetworkSvc - ok
13:59:08.0617 0x0830  [ 11D20D4158FD55E818910D433CD0BE06, 311DDE44950C56D638F85F8831BF3F1A60D602DFBB652DC42B9ECEF8E9477F65 ] wolmgrx         C:\windows\System32\wolmgrx.dll
13:59:08.0647 0x0830  wolmgrx - detected UnsignedFile.Multi.Generic ( 1 )
13:59:08.0647 0x0830  wolmgrx ( UnsignedFile.Multi.Generic ) - warning
13:59:08.0671 0x0830  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
13:59:08.0689 0x0830  WPCSvc - ok
13:59:08.0704 0x0830  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
13:59:08.0713 0x0830  WPDBusEnum - ok
13:59:08.0731 0x0830  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
13:59:08.0794 0x0830  ws2ifsl - ok
13:59:08.0840 0x0830  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\system32\wscsvc.dll
13:59:08.0886 0x0830  wscsvc - ok
13:59:08.0947 0x0830  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys
13:59:08.0967 0x0830  WSDPrintDevice - ok
13:59:08.0973 0x0830  WSearch - ok
13:59:09.0312 0x0830  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\windows\system32\wuaueng.dll
13:59:09.0441 0x0830  wuauserv - ok
13:59:09.0497 0x0830  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
13:59:09.0561 0x0830  WudfPf - ok
13:59:09.0576 0x0830  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
13:59:09.0619 0x0830  WUDFRd - ok
13:59:09.0660 0x0830  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
13:59:09.0698 0x0830  wudfsvc - ok
13:59:09.0740 0x0830  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
13:59:09.0792 0x0830  WwanSvc - ok
13:59:09.0877 0x0830  [ 11D20D4158FD55E818910D433CD0BE06, 311DDE44950C56D638F85F8831BF3F1A60D602DFBB652DC42B9ECEF8E9477F65 ] xDSVia64        C:\windows\System32\xDSVia64.dll
13:59:09.0907 0x0830  xDSVia64 - detected UnsignedFile.Multi.Generic ( 1 )
13:59:09.0907 0x0830  xDSVia64 ( UnsignedFile.Multi.Generic ) - warning
13:59:09.0907 0x0830  Force sending object to P2P due to detect: xDSVia64
13:59:09.0911 0x0830  Object send P2P result: false
13:59:09.0950 0x0830  ================ Scan global ===============================
13:59:09.0966 0x0830  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
13:59:10.0021 0x0830  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
13:59:10.0037 0x0830  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
13:59:10.0061 0x0830  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
13:59:10.0102 0x0830  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
13:59:10.0117 0x0830  [ Global ] - ok
13:59:10.0117 0x0830  ================ Scan MBR ==================================
13:59:10.0123 0x0830  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
13:59:10.0240 0x0830  \Device\Harddisk0\DR0 - ok
13:59:10.0240 0x0830  ================ Scan VBR ==================================
13:59:10.0328 0x0830  [ 892AE1FD18116564DC6EF0205E23A65B ] \Device\Harddisk0\DR0\Partition1
13:59:10.0436 0x0830  \Device\Harddisk0\DR0\Partition1 - ok
13:59:10.0478 0x0830  [ 1F1CAFACFA10CEB439B57D6EC683527E ] \Device\Harddisk0\DR0\Partition2
13:59:10.0509 0x0830  \Device\Harddisk0\DR0\Partition2 - ok
13:59:10.0555 0x0830  [ ADB477A4E73E5262EA8C5D693F237268 ] \Device\Harddisk0\DR0\Partition3
13:59:10.0918 0x0830  \Device\Harddisk0\DR0\Partition3 - ok
13:59:10.0975 0x0830  [ D139A83B8BB675DAD35756D468CC4BB5 ] \Device\Harddisk0\DR0\Partition4
13:59:11.0039 0x0830  \Device\Harddisk0\DR0\Partition4 - ok
13:59:11.0039 0x0830  ================ Scan generic autorun ======================
13:59:11.0099 0x0830  [ 0D997D69A624B2A04EED0B64F2092642, 67B34F6EDF0BA7C2C2BD11D6F8423FAB7AE6D7672220AACE31B632081EA25E35 ] C:\Program Files\IDT\WDM\beats64.exe
13:59:11.0115 0x0830  BeatsOSDApp - ok
13:59:11.0283 0x0830  [ 554A50B5310E702029D3A675459108FF, 4757D5FFFAC7E73D4A3D931DB1399DDFDBD5811639BDA4517F886C21CC7F2574 ] C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE
13:59:11.0294 0x0830  HPSYSDRV - ok
13:59:11.0853 0x0830  [ AD6C376374C21EC68DF33884613D0A05, 65E0668A2A24B9EF2BDABDE044D240F110AEC8B1EF838AB28084B7F899D2A75E ] C:\Program Files\IDT\WDM\sttray64.exe
13:59:11.0959 0x0830  SysTrayApp - ok
13:59:12.0483 0x0830  [ 320681DF28D82CDCA7E3EED0846625DB, 7F709ADFB0FE36BEC857A928E9CB29BB5B6C0BAD98824D0302C7BB7185100CB9 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
13:59:12.0505 0x0830  AdobeAAMUpdater-1.0 - ok
13:59:13.0132 0x0830  [ D6DBF46C5CAE0EEDA1DF1BD080D6FE3B, F93A5992B384B663F3A9D60BADA8E031A45B96A66C9AEA4B948563520DB69992 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
13:59:13.0188 0x0830  NvBackend - ok
13:59:13.0212 0x0830  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\windows\system32\rundll32.exe
13:59:13.0243 0x0830  ShadowPlay - ok
13:59:13.0522 0x0830  [ BF32D7496BB9A8785383E4E97EBC9F32, 0516AF3BD2558147C85B790D034CB81E6111D988AC0568B7A825FC6158656ACC ] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
13:59:13.0596 0x0830  dleamon.exe - detected UnsignedFile.Multi.Generic ( 1 )
13:59:13.0596 0x0830  dleamon.exe ( UnsignedFile.Multi.Generic ) - warning
13:59:13.0639 0x0830  [ 8DF4486AA983F9923F9E0E0A09FB5369, 9FA0BAA6B5BFEE89E4BCBCA08D5562F1421C454DD1E895A409AF8475DCFE8919 ] C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
13:59:13.0667 0x0830  EzPrint - detected UnsignedFile.Multi.Generic ( 1 )
13:59:13.0667 0x0830  EzPrint ( UnsignedFile.Multi.Generic ) - warning
13:59:13.0667 0x0830  Force sending object to P2P due to detect: C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
13:59:13.0668 0x0830  Object send P2P result: false
13:59:13.0904 0x0830  [ DD79A6B15C2F28DE98DF4852AAF6B13B, 0F7E9023E0BA4B40E2DE9A9FA34E85FEAF72B93049AAB3E1D73AD046BB113E05 ] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
13:59:13.0919 0x0830  NCPluginUpdater - ok
13:59:14.0024 0x0830  [ BDDAFDB5F9517DFE97AD3750CF343819, 4DA9A1FE099CE2EF9F3BA2F30B391B2720806BB815D79CE7C0BEC101399B37FE ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
13:59:14.0042 0x0830  USB3MON - ok
13:59:14.0192 0x0830  [ C637FC4638A96165256B28D38DE7B953, CD658543610F151C7860DBDCF36596C9B5417D87E598FA50A435392D4AED1C14 ] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
13:59:14.0204 0x0830  HP Software Update - ok
13:59:14.0278 0x0830  [ D3E69D500466C17498AAF7F83D12FFF0, F5723FC28396489EADDDCAD67A0E46B56D859590823E3CFA7254BA6709DC5AE6 ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
13:59:14.0300 0x0830  Norton Online Backup - ok
13:59:14.0339 0x0830  DivXMediaServer - ok
13:59:14.0484 0x0830  [ 0FE752F863D787FAA03E9D125C414BFB, FE5483AB7DB667FA4044EAE797224E3991A8383B857A3BBF75C64C0C3ECBCD18 ] C:\Program Files (x86)\PDF Complete\pdfsty.exe
13:59:14.0508 0x0830  PDF Complete - ok
13:59:14.0583 0x0830  [ 1DE859B82E381A645C44284A5044BC33, 305AE678D3163D57C8E027F94BC553FDFDE7F9A14599EAEC370B0867DE4A9EC2 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
13:59:14.0602 0x0830  SunJavaUpdateSched - ok
13:59:14.0737 0x0830  [ 0AEE5668EB59912F32FF245BFA72465F, 653978E365B0E72D34E8B3ED1BFCF0237B70B41396BD70EBBBEDB31AFD77857B ] C:\Program Files (x86)\QuickTime\QTTask.exe
13:59:14.0758 0x0830  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
13:59:14.0759 0x0830  QuickTime Task ( UnsignedFile.Multi.Generic ) - warning
13:59:14.0759 0x0830  Force sending object to P2P due to detect: C:\Program Files (x86)\QuickTime\QTTask.exe
13:59:14.0761 0x0830  Object send P2P result: false
13:59:14.0909 0x0830  [ 53D96678FB89F056D5285101481297D9, E66D799027046ADBF573BC357196A45D6F5A0F571C694A7F659B8278A982E29C ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
13:59:14.0932 0x0830  iTunesHelper - ok
13:59:15.0283 0x0830  [ 763CF780485BE99AB60418294C2167C9, DAF046C58586DB4E04027C7049CD39E2A2611E4A2F2F7828185B1442E9D0041A ] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
13:59:15.0390 0x0830  Wondershare Helper Compact.exe - ok
13:59:15.0548 0x0830  DelaypluginInstall - ok
13:59:16.0205 0x0830  [ E2D0FD93370929A336B716CCD325DA20, 4A3409FFDAC80308CF4EFF3C529A1D6E18CFCA31178CCFC4259AD96FA7A59FF1 ] c:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
13:59:16.0234 0x0830  CAHeadless - ok
13:59:16.0367 0x0830  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
13:59:16.0379 0x0830  swg - ok
13:59:16.0380 0x0830  Web Companion - ok
13:59:16.0398 0x0830  AV detected via SS2: Norton Security Suite, C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe ( 21.6.0.0 ), 0x50000 ( disabled : updated )
13:59:16.0400 0x0830  FW detected via SS2: Norton Security Suite, C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe ( 21.6.0.0 ), 0x51010 ( enabled )
13:59:16.0400 0x0830  ============================================================
13:59:16.0400 0x0830  Scan finished
13:59:16.0400 0x0830  ============================================================
13:59:16.0409 0x1840  Detected object count: 19
13:59:16.0409 0x1840  Actual detected object count: 19
14:00:24.0062 0x1840  CalendarSynchService ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:24.0062 0x1840  CalendarSynchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:24.0063 0x1840  cartmgr ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:24.0063 0x1840  cartmgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:24.0064 0x1840  dpcEptMapper ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:24.0064 0x1840  dpcEptMapper ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:24.0065 0x1840  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:24.0065 0x1840  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:24.0066 0x1840  ncpipreg ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:24.0066 0x1840  ncpipreg ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:24.0067 0x1840  qupdate ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:24.0067 0x1840  qupdate ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:24.0068 0x1840  RalinkCountryRegion ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:24.0068 0x1840  RalinkCountryRegion ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:24.0070 0x1840  RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:24.0070 0x1840  RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:24.0071 0x1840  RalinkRegistryWriter64 ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:24.0071 0x1840  RalinkRegistryWriter64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:24.0072 0x1840  RaMediaServer ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:24.0072 0x1840  RaMediaServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:24.0073 0x1840  reLookupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:24.0073 0x1840  reLookupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:24.0074 0x1840  sertPropSvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:24.0074 0x1840  sertPropSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:24.0075 0x1840  sontCache3.0.0.0 ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:24.0076 0x1840  sontCache3.0.0.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:24.0077 0x1840  vENS ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:24.0077 0x1840  vENS ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:24.0078 0x1840  wolmgrx ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:24.0078 0x1840  wolmgrx ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:24.0079 0x1840  xDSVia64 ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:24.0079 0x1840  xDSVia64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:24.0080 0x1840  dleamon.exe ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:24.0080 0x1840  dleamon.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:24.0081 0x1840  EzPrint ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:24.0081 0x1840  EzPrint ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:24.0082 0x1840  QuickTime Task ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:24.0082 0x1840  QuickTime Task ( UnsignedFile.Multi.Generic ) - User select action: Skip
 



#11 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 01 December 2014 - 02:53 PM

TDSSKILLER LOG  - I will change the name to fixlist.txt

Why would you do that?

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#12 otisman

otisman
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 01 December 2014 - 03:02 PM

Wow, spooky.  I printed  your instructions and it says to change the TDSSKiller Log to fixlist.txt, but as I look at your instructions online it does not say that. 



#13 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 01 December 2014 - 04:01 PM

Ah, ok. :) How is the machine running? We still have a ways to go, but I wanted to see how it's doing.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#14 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 02 December 2014 - 06:38 AM

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#15 otisman

otisman
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 02 December 2014 - 02:49 PM

It appears to be running well.  I have not had any Zombie News ads on the webpages today.  I will do the next steps this evening.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users