Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus just won't DIE!!!


  • This topic is locked This topic is locked
22 replies to this topic

#1 T1gT34gu3

T1gT34gu3

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 30 December 2014 - 03:24 AM

Hi! 
i'm really new at troubleshooting virus's and heard this was the place to zappin' this NASTY sucker. 
 
What i have installed
1.) hijackthis.exe (i'm alright at navigating around the menus and bringing up general information but i'm SO new at )
2.) rkill 64
3.) Mbam (Premium if that makes a difference)
4.) TDSSKiller 
 
My scan/eliminate process usually goes: (Everything is one step at a time, no overlapping programs)
1.)rkill 64
2.)Mbam 
3.)TDSSKiller
 
Issues the virus/root-kit cause's: 
1.) VICIOUS add popup's in chrome (I'm talking like I click on a new tab/window or any user input area and chrome will open two more unwanted ad filled tabs every time i restart my laptop. The virus/root-kit only kinda dies down after i remove the extensions it creates!!!) 
2.) Constant rebuilding of unwanted extensions in my chrome extensions bar
3.) General system performance has been slowed 
4.) Full system crash (Recent! Happened twice!) 
 
Any help would be great at this point, I've hit a serious wall, probably need to get more familiar with hijackthis but it seems a bit over my head at the moment lol.
 
P.S. The attached file below is the log file form hijackthis.exe,

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:18:30 PM, on 12/29/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe
C:\Users\Tegrodamus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Tegrodamus\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\Tegrodamus\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Tegrodamus\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
O4 - HKCU\..\Run: [SafeInCloud] "C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe" /auto-start
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Tegrodamus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [HP Deskjet 3050 J610 series (NET)] "C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN13U3B4KD05HX:NW" -scfn "HP Deskjet 3050 J610 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [f.lux] "C:\Users\Tegrodamus\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_E7B268EE4A8BE80218F4023395E5BE05] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Dropbox.lnk = Tegrodamus\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13259 bytes

Attached Files


Edited by Oh My!, 03 January 2015 - 10:33 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:47 AM

Posted 03 January 2015 - 10:37 PM

Greetings T1gT34gu3 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 T1gT34gu3

T1gT34gu3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 05 January 2015 - 06:43 PM

Ok, i apologize for not responding sooner hopefully you have not left me lol. i looked over what you read and currently, as i type even, i am downloading the software you recommended and following the steps you provided. ill post another response when i finish downloading everything, should be an hour after i respond to this. 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:47 AM

Posted 05 January 2015 - 07:20 PM

No problem, thanks for letting me know...
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 T1gT34gu3

T1gT34gu3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 05 January 2015 - 10:14 PM

A little longer than promised, but here you go. 

 

# AdwCleaner v4.106 - Report created 05/01/2015 at 16:03:59
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tegrodamus - TEGRODAMUS-PC
# Running from : C:\Users\Tegrodamus\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Found : C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Folder Found : C:\Program Files (x86)\RoyalCoupon
Folder Found : C:\Program Files (x86)\shopnndrope
Folder Found : C:\ProgramData\379f1a5d1153fa68
Folder Found : C:\ProgramData\4007951180408027752
Folder Found : C:\ProgramData\CoolSiaaleCoouponn
Folder Found : C:\ProgramData\deali4me
Folder Found : C:\ProgramData\douwnloaditkeep
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
Folder Found : C:\ProgramData\RoyalCoupon
Folder Found : C:\ProgramData\RoyiaalShoPPperApep
Folder Found : C:\ProgramData\ShhoopperMAster
Folder Found : C:\ProgramData\shopnndrope
Folder Found : C:\ProgramData\WorldWideWebCoupon
Folder Found : C:\ProgramData\WorldWideWebCoupon
Folder Found : C:\Users\Tegrodamus\AppData\Roaming\Search Protection

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{c48b8bd4-f776-4e17-b0ea-98ac28f285b3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Pc48b8bd4_f776_4e17_b0ea_98ac28f285b3_.Pc48b8bd4_f776_4e17_b0ea_98ac28f285b3_
Key Found : HKLM\SOFTWARE\Classes\Pc48b8bd4_f776_4e17_b0ea_98ac28f285b3_.Pc48b8bd4_f776_4e17_b0ea_98ac28f285b3_.9
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c48b8bd4-f776-4e17-b0ea-98ac28f285b3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c48b8bd4-f776-4e17-b0ea-98ac28f285b3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{09854D8E-46B5-057B-5B6E-BFD2A04AD5AB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F10CA8F-97E3-48FB-9003-3EE8E9050577}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7E7FAE3D-3358-D280-8DBF-E8E2D94326D1}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{c48b8bd4-f776-4e17-b0ea-98ac28f285b3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c48b8bd4-f776-4e17-b0ea-98ac28f285b3}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v35.0.1916.153

[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.startnow.com/s/?q={searchTerms}&submit=Search+&category=web&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20130410&user_guid=48B3468E4F85425CB14833BEB2693738&machine_id=228d95bb936298cd740fd8a2073ae7ef&browser=cr&os=win&os_version=6.1-x86-SP1&provider=vmn&provider_name=yahoo&provider_code=search.startnow.com&src=startpage
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.49ers.com/search-results?q={searchTerms}&Go.x=14&Go.y=7
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0Czz0DtA0AtAtD0CtDyDtAtA0C0C0FyDtN0D0Tzu0CyBzztDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1901088366&ir=
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0Czz0DtA0AtAtD0CtDyDtAtA0C0C0FyDtN0D0Tzu0CyBzztDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1901088366&ir=
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20130410&user_guid=48B3468E4F85425CB14833BEB2693738&machine_id=228d95bb936298cd740fd8a2073ae7ef&browser=CR&os=win&os_version=6.1-x86-SP1
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN33656360426255280&ctid=CT3289847&UM=2&sspv=CHNTI1
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN33656360426255280&ctid=CT3289847&UM=2&sspv=CHNTI1
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.facemoods.com/?a=fmtoby&s={searchTerms}&f=4
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?searchfor={searchTerms}&ptb=&n=&tpr=hpsb&ts=1376338043551&st=hp
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?searchfor={searchTerms}&ptb=&n=&tpr=hpsb&ts=1376338043551&st=hp
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.foxnews.com/search-results/search?q={searchTerms}&submit=Search&ss=fn
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=hells+kitchen&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN42011141632564516&ctid=CT3311875&UM=2
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN42011141632564516&ctid=CT3311875&UM=2
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_34_ch&cd=2XzuyEtN2Y1L1Qzu0Czz0DtA0AtAtD0CtDyDtAtA0C0C0FyDtN0D0Tzu0SzyyCyEtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0CzytDtAzzyB0CtGtByB0A0AtGyByEtCyBtG0ByBtBzytGyB0DyCzy0B0CyEtC0D0CyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtAtDtD0F0FtAtBtGtD0B0C0FtGyEyDyDyCtG0AtC0F0BtG0DyCyDzz0CtD0DyC0ByBtA0D2Q&cr=1018790794&ir=
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://search.conduit.com/?ctid=CT3311875&SearchSource=48&CUI=UN42011141632564516&UM=2
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://search.conduit.com/?ctid=CT3311875&SearchSource=48&CUI=UN42011141632564516&UM=2
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://searchy.easylifeapp.com/
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://search.gboxapp.com/?aff=p
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0Czz0DtA0AtAtD0CtDyDtAtA0C0C0FyDtN0D0Tzu0CyBzztDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1901088366&ir=
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://www.searchnu.com/406?appid=707
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ch
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20130410&user_guid=48B3468E4F85425CB14833BEB2693738&machine_id=228d95bb936298cd740fd8a2073ae7ef&browser=CR&os=win&os_version=6.1-x86-SP1
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://www.v9.com/?type=hp&ts=1403604771&from=ymb&uid=TOSHIBAXMK3265GSXV_60TBS6V7SXX60TBS6V7S&i=psd&t=3449d1761

*************************

AdwCleaner[R0].txt - [6659 octets] - [05/01/2015 15:09:43]
AdwCleaner[R1].txt - [6719 octets] - [05/01/2015 16:01:57]
AdwCleaner[R2].txt - [11314 octets] - [05/01/2015 16:03:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [11375 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Tegrodamus on Mon 01/05/2015 at 17:10:48.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/05/2015 at 17:15:03.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by Tegrodamus (administrator) on TEGRODAMUS-PC on 05-01-2015 18:25:25
Running from C:\Users\Tegrodamus\Desktop
Loaded Profile: Tegrodamus (Available profiles: Tegrodamus)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe
(Spotify Ltd) C:\Users\Tegrodamus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe
(Flux Software LLC) C:\Users\Tegrodamus\AppData\Local\FluxSoftware\Flux\flux.exe
(Dropbox, Inc.) C:\Users\Tegrodamus\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(SpiderOak) C:\Program Files\SpiderOak\SpiderOak.exe
(SpiderOak) C:\Program Files\SpiderOak\SpiderOak.exe
() C:\Program Files\SpiderOak\windows_dir_watcher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4285596166-217634841-3432072464-1000\...\Run: [SafeInCloud] => C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe [1569792 2014-03-06] ()
HKU\S-1-5-21-4285596166-217634841-3432072464-1000\...\Run: [Spotify Web Helper] => C:\Users\Tegrodamus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-4285596166-217634841-3432072464-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-4285596166-217634841-3432072464-1000\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4285596166-217634841-3432072464-1000\...\Run: [f.lux] => C:\Users\Tegrodamus\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-4285596166-217634841-3432072464-1000\...\Run: [GoogleChromeAutoLaunch_E7B268EE4A8BE80218F4023395E5BE05] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2014-07-05] (Microsoft Corporation)
Startup: C:\Users\Tegrodamus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tegrodamus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SpiderOakOverlay] -> {6E1010DC-3571-45DE-9CA2-C5890119BBBE} => C:\Program Files\SpiderOak\shell_extension.dll (SpiderOak)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> {091A39E3-2EF9-4A1C-BD6A-606B87303342} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {FBDEA8B6-60D4-4B4F-8E04-8EC86AEA87B9} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4285596166-217634841-3432072464-1000 -> {091A39E3-2EF9-4A1C-BD6A-606B87303342} URL =
SearchScopes: HKU\S-1-5-21-4285596166-217634841-3432072464-1000 -> {849C3E34-B5D8-4F17-88A8-556E308914F7} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4285596166-217634841-3432072464-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4285596166-217634841-3432072464-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-06-27]
CHR Extension: (reddit companion) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2014-06-27]
CHR Extension: (reddit) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\anbjdcdemclgpcafgdehfmmakkhnopen [2014-07-02]
CHR Extension: (Google Drive) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-27]
CHR Extension: (YouTube) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-27]
CHR Extension: (Facebook) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-06-27]
CHR Extension: (Lamborghini Sesto Elemento Theme) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dappigdjllcnkkoacaoolciaolaaiemb [2014-06-27]
CHR Extension: (IGN Entertainment, Inc.) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\egaldchnbmmdfealahdjkjenipolfggb [2014-06-27]
CHR Extension: (Stitcher) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcenjghnbkdmdncneijobnbgjcadnbge [2014-06-27]
CHR Extension: (Alarm Clock - on & offline Free) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckmpcehmdipkonjnilbahaacckekbfm [2014-06-27]
CHR Extension: (Where to delete an account) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpofkfbabpbbmchmiekfnlcgaedbgcf [2014-06-27]
CHR Extension: (SoundCloud) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2014-07-09]
CHR Extension: (Typing Test - KeyHero) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2014-06-27]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-06-27]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-06-27]
CHR Extension: (Google Maps) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-06-27]
CHR Extension: (Amazon Windowshop) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nielaigelomefgdoljcpfgbdbfefhdjc [2014-06-27]
CHR Extension: (Google Wallet) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-27]
CHR Extension: (Hover Zoom) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-06-27]
CHR Extension: (Gmail) - C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 e72fc89f; c:\Program Files (x86)\TheRealDeals\CouponMania.dll [4094976 2014-11-21] () [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [115056 2010-10-20] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 18:25 - 2015-01-05 18:25 - 00018597 _____ () C:\Users\Tegrodamus\Desktop\FRST.txt
2015-01-05 18:23 - 2015-01-05 18:25 - 00000000 ____D () C:\FRST
2015-01-05 18:22 - 2015-01-05 18:22 - 02123776 _____ (Farbar) C:\Users\Tegrodamus\Desktop\FRST64.exe
2015-01-05 16:13 - 2015-01-05 16:13 - 00000000 ____D () C:\windows\ERUNT
2015-01-05 16:11 - 2015-01-05 16:11 - 01707939 _____ (Thisisu) C:\Users\Tegrodamus\Downloads\JRT.exe
2015-01-05 15:51 - 2015-01-05 17:15 - 00000000 ____D () C:\Users\Tegrodamus\Desktop\Virus Removal Resource
2015-01-05 15:09 - 2015-01-05 16:06 - 00000000 ____D () C:\AdwCleaner
2015-01-05 15:07 - 2015-01-05 15:07 - 02173952 _____ () C:\Users\Tegrodamus\Downloads\AdwCleaner.exe
2015-01-04 15:31 - 2015-01-04 15:32 - 00000000 ____D () C:\Users\Tegrodamus\Desktop\Resume's
2015-01-02 13:39 - 2015-01-02 13:44 - 00000000 ____D () C:\windows\system32\MRT
2015-01-02 13:39 - 2014-11-27 16:40 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-02 11:48 - 2015-01-02 11:48 - 00000000 ____D () C:\Users\Tegrodamus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-30 16:07 - 2014-12-30 16:08 - 00013261 _____ () C:\Users\Tegrodamus\Downloads\hijackthis (1).log
2014-12-29 22:13 - 2014-12-29 22:13 - 00000000 __SHD () C:\found.000
2014-12-24 02:35 - 2014-12-24 03:37 - 00000000 ____D () C:\Users\Tegrodamus\Desktop\IT Administrator Trainer
2014-12-23 13:31 - 2014-12-23 13:31 - 00000000 ____D () C:\Users\Tegrodamus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2014-12-23 13:30 - 2014-12-23 13:30 - 00597304 _____ () C:\Users\Tegrodamus\Downloads\flux-setup.exe
2014-12-23 13:30 - 2014-12-23 13:30 - 00000000 ____D () C:\Users\Tegrodamus\AppData\Local\FluxSoftware
2014-12-23 11:09 - 2014-12-23 11:10 - 00000000 ____D () C:\Users\Tegrodamus\Desktop\Vgrab
2014-12-23 11:08 - 2014-12-23 11:08 - 13096515 _____ () C:\Users\Tegrodamus\Downloads\vgrab.zip
2014-12-19 23:34 - 2014-12-19 23:34 - 542162872 _____ () C:\windows\MEMORY.DMP
2014-12-19 23:34 - 2014-12-19 23:34 - 00817264 _____ () C:\windows\Minidump\121914-28080-01.dmp
2014-12-17 13:59 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-17 13:59 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-13 19:30 - 2014-12-13 19:30 - 00110424 _____ () C:\Users\Tegrodamus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-13 18:50 - 2014-12-13 18:50 - 00000000 ____D () C:\Users\Tegrodamus\AppData\Roaming\InstallShield
2014-12-13 18:48 - 2014-12-29 22:25 - 00000004 _____ () C:\Users\Tegrodamus\AppData\Roaming\appdataFr2.bin
2014-12-13 18:19 - 2014-12-13 18:19 - 00000000 ____D () C:\windows\pss
2014-12-13 18:17 - 2014-12-13 18:17 - 00000000 __SHD () C:\Users\Tegrodamus\AppData\Local\EmieUserList
2014-12-13 18:17 - 2014-12-13 18:17 - 00000000 __SHD () C:\Users\Tegrodamus\AppData\Local\EmieSiteList
2014-12-13 18:17 - 2014-12-13 18:17 - 00000000 __SHD () C:\Users\Tegrodamus\AppData\Local\EmieBrowserModeList
2014-12-13 14:59 - 2014-12-13 14:59 - 00896048 _____ () C:\Users\Tegrodamus\Downloads\Norton_Removal_Tool.exe
2014-12-13 13:20 - 2014-12-13 13:20 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Tegrodamus\Downloads\tdsskiller.exe
2014-12-13 13:10 - 2014-12-13 13:10 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Tegrodamus\Downloads\rkill64.exe
2014-12-11 17:38 - 2014-12-11 17:38 - 00000000 ____D () C:\ProgramData\flohhhaibkpjahbnnaeddgflhkmaihkf
2014-12-11 09:19 - 2014-12-11 09:19 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-11 09:07 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-11 09:07 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-11 09:07 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-12-11 09:07 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-12-11 09:07 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-12-11 09:07 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-12-11 09:07 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-12-11 09:07 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-12-11 09:07 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-12-11 09:07 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-12-10 14:30 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 14:30 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 14:30 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-10 14:30 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 14:30 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-10 14:30 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 14:30 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 14:30 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-10 14:30 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 14:30 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 14:30 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 14:30 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 14:30 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 14:30 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 14:30 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 14:29 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 14:29 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 14:29 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-10 14:29 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-10 14:29 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 14:29 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 14:29 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-10 14:29 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 14:29 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-10 14:29 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 14:29 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-10 14:29 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 14:29 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 14:29 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 14:29 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 14:29 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 14:29 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-10 14:29 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 14:29 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 14:29 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-10 14:29 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 14:29 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 14:29 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-10 14:29 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-10 14:29 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 14:29 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-10 14:29 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 14:29 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 14:29 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 14:29 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 14:29 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 14:29 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 14:29 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 14:29 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-10 14:29 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 14:29 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 14:29 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-10 14:29 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 14:29 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-10 14:26 - 2014-12-03 18:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-10 14:26 - 2014-12-03 18:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-10 14:26 - 2014-12-03 18:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-10 14:26 - 2014-12-03 18:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-10 14:26 - 2014-12-03 18:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-10 14:26 - 2014-12-03 18:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-10 14:26 - 2014-12-03 18:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-10 14:26 - 2014-12-01 15:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-10 14:24 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 14:24 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 14:24 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-10 14:19 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-10 14:19 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-10 14:19 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-10 14:19 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-10 14:19 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-10 14:19 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 14:19 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-10 14:19 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-10 14:19 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-10 14:19 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-10 14:19 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 14:19 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-10 14:19 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-10 14:19 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 09:12 - 2014-12-08 09:12 - 00003652 _____ () C:\windows\System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series
2014-12-08 09:12 - 2014-12-08 09:12 - 00000000 ____D () C:\Users\Tegrodamus\AppData\Roaming\HpUpdate
2014-12-08 09:12 - 2014-12-08 09:12 - 00000000 ____D () C:\ProgramData\Visan
2014-12-08 09:12 - 2014-12-08 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-12-08 09:12 - 2014-12-08 09:12 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-12-08 09:12 - 2014-12-08 09:12 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-12-08 09:12 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\windows\system32\HPDiscoPM9311.dll
2014-12-08 09:11 - 2014-12-08 09:11 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-12-08 09:11 - 2014-12-08 09:11 - 00000000 ____D () C:\ProgramData\HP
2014-12-08 09:11 - 2014-12-08 09:11 - 00000000 ____D () C:\Program Files\HP
2014-12-08 09:09 - 2014-12-08 09:19 - 00000000 ____D () C:\Users\Tegrodamus\AppData\Local\HP
2014-12-08 09:05 - 2014-12-08 09:12 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-12-08 09:05 - 2014-12-08 09:08 - 57070208 _____ () C:\Users\Tegrodamus\Downloads\DJ3050_J610_1315-1.exe
2014-12-08 09:05 - 2014-12-08 09:05 - 00000000 ____D () C:\Users\Tegrodamus\AppData\Local\Hewlett-Packard
2014-12-08 09:05 - 2014-12-08 09:05 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-12-08 09:01 - 2014-12-08 09:02 - 05152768 _____ () C:\Users\Tegrodamus\Downloads\HPSupportSolutionsFramework-11.51.0027.msi

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 18:17 - 2010-10-27 17:36 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 18:15 - 2014-06-26 23:22 - 01326184 _____ () C:\windows\WindowsUpdate.log
2015-01-05 16:30 - 2014-07-09 10:12 - 00000000 ___RD () C:\Users\Tegrodamus\Google Drive
2015-01-05 16:15 - 2009-07-13 20:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 16:15 - 2009-07-13 20:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 16:11 - 2014-10-11 15:51 - 00000000 ____D () C:\Users\Tegrodamus\AppData\Roaming\SpiderOak
2015-01-05 16:08 - 2014-12-04 17:07 - 00001972 _____ () C:\windows\setupact.log
2015-01-05 16:08 - 2014-11-12 14:06 - 00000000 ___RD () C:\Users\Tegrodamus\Dropbox
2015-01-05 16:08 - 2014-06-27 21:15 - 00000000 ____D () C:\Users\Tegrodamus\AppData\Roaming\Dropbox
2015-01-05 16:08 - 2014-06-27 00:58 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-05 16:08 - 2010-10-27 17:36 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 16:08 - 2009-07-13 21:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-05 16:07 - 2010-10-27 17:52 - 00263034 _____ () C:\windows\PFRO.log
2015-01-05 16:06 - 2009-07-13 21:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-05 15:03 - 2009-07-13 21:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-05 11:37 - 2014-06-27 11:25 - 00000000 ____D () C:\Users\Tegrodamus\AppData\Roaming\Spotify
2015-01-04 08:48 - 2014-06-27 11:25 - 00000000 ____D () C:\Users\Tegrodamus\AppData\Local\Spotify
2015-01-04 02:03 - 2014-07-14 09:08 - 00000000 ____D () C:\Users\Tegrodamus\AppData\Local\CrashDumps
2015-01-02 16:10 - 2014-10-28 13:19 - 00000000 ____D () C:\Users\Tegrodamus\Desktop\Picture Hole
2015-01-02 13:37 - 2014-11-02 15:30 - 00012951 _____ () C:\Users\Tegrodamus\Downloads\hijackthis.log
2014-12-23 11:10 - 2014-06-27 00:01 - 00000000 ____D () C:\Users\Tegrodamus
2014-12-21 05:36 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\rescache
2014-12-19 23:34 - 2014-11-14 11:19 - 00000000 ____D () C:\windows\Minidump
2014-12-17 18:24 - 2009-07-13 23:45 - 00000000 ____D () C:\windows\ShellNew
2014-12-16 18:36 - 2014-11-12 14:04 - 00000000 ____D () C:\Users\Tegrodamus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-13 18:52 - 2014-06-26 23:45 - 00000000 ____D () C:\ProgramData\WildTangent
2014-12-13 18:52 - 2014-06-26 23:45 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Games
2014-12-13 18:48 - 2014-11-02 15:33 - 00000000 ____D () C:\Users\Tegrodamus\Downloads\backups
2014-12-13 18:15 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system
2014-12-13 15:03 - 2014-06-26 23:43 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-12-13 12:47 - 2010-10-27 17:39 - 00000000 ____D () C:\windows\en
2014-12-11 09:19 - 2014-07-11 03:38 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-11 09:19 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-11 09:19 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-10 16:15 - 2009-07-13 20:45 - 00414240 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-10 16:15 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\Branding

Some content of TEMP:
====================
C:\Users\Tegrodamus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpanscpa.dll
C:\Users\Tegrodamus\AppData\Local\Temp\Quarantine.exe
C:\Users\Tegrodamus\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 14:13

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
Ran by Tegrodamus at 2015-01-05 18:26:10
Running from C:\Users\Tegrodamus\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4285596166-217634841-3432072464-1000\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.82.76 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.1.82.76 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
Corona SDK (HKLM-x32\...\{370EFB73-17E8-42E3-8DEC-A3BE4A55DD67}) (Version: 14.0.2189 - Corona Labs)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-4285596166-217634841-3432072464-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
f.lux (HKU\S-1-5-21-4285596166-217634841-3432072464-1000\...\Flux) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{5FB5B723-6B6E-45ED-BA73-F264D52AF916}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
IsoBuster 3.3 (HKLM-x32\...\IsoBuster_is1) (Version: 3.3 - Smart Projects)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Outlaw 3.1.0 (HKLM-x32\...\{E982AEF3-72DA-466F-9C18-87A957BFAC2A}_is1) (Version:  - J. A. Whye)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Safe In Cloud Password Manager (HKLM-x32\...\{9C59A9EC-BB66-4D09-A7A7-CA1E6E5FBE4E}) (Version: 2.2 - Andrey Shcherbakov)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Smart File Advisor 1.2.0 (HKLM-x32\...\Smart File Advisor_is1) (Version: 1.2.0 - Filefacts.net)
SpiderOak x64 (HKLM\...\{C75767FB-C884-494C-8C38-50AD8DB0E47E}) (Version: 5.1.8.10105 - SpiderOak)
Spotify (HKU\S-1-5-21-4285596166-217634841-3432072464-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.6.22 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4285596166-217634841-3432072464-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tegrodamus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4285596166-217634841-3432072464-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tegrodamus\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4285596166-217634841-3432072464-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tegrodamus\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4285596166-217634841-3432072464-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tegrodamus\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4285596166-217634841-3432072464-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tegrodamus\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4285596166-217634841-3432072464-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tegrodamus\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4285596166-217634841-3432072464-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tegrodamus\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4285596166-217634841-3432072464-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tegrodamus\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4285596166-217634841-3432072464-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tegrodamus\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

14-12-2014 15:48:26 Windows Update
18-12-2014 11:14:18 Windows Update
23-12-2014 02:41:08 Windows Update
30-12-2014 15:50:41 Windows Update
02-01-2015 13:39:25 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {284CDD5B-F99B-4EDE-9D54-059974F36062} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-27] (Google Inc.)
Task: {34825B2B-B7E9-40DC-84D0-942C6F968D09} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {D0308825-3F77-4D77-B011-025724894A07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-27] (Google Inc.)
Task: {FE627556-5766-4BFC-AE2B-5132278C4087} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-06 08:56 - 2014-03-06 08:56 - 01569792 _____ () C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe
2014-06-01 13:22 - 2014-06-01 13:22 - 01695232 _____ () C:\Program Files\SpiderOak\lib\_ssl.pyd
2014-06-01 13:22 - 2014-06-01 13:22 - 00047616 _____ () C:\Program Files\SpiderOak\lib\_socket.pyd
2014-06-01 13:22 - 2014-06-01 13:22 - 00059392 _____ () C:\Program Files\SpiderOak\lib\_sqlite3.pyd
2014-06-01 13:21 - 2014-06-01 13:21 - 00535040 _____ () C:\Program Files\SpiderOak\lib\sqlite3.dll
2012-09-28 21:43 - 2012-09-28 21:43 - 00025088 _____ () C:\Program Files\SpiderOak\lib\zope.interface._zope_interface_coptimizations.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00067584 _____ () C:\Program Files\SpiderOak\lib\BTrees._OOBTree.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00022528 _____ () C:\Program Files\SpiderOak\lib\persistent.cPersistence.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00012800 _____ () C:\Program Files\SpiderOak\lib\persistent.TimeStamp.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00018944 _____ () C:\Program Files\SpiderOak\lib\persistent.cPickleCache.pyd
2014-06-01 13:22 - 2014-06-01 13:22 - 01067520 _____ () C:\Program Files\SpiderOak\lib\_hashlib.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00072192 _____ () C:\Program Files\SpiderOak\lib\BTrees._OIBTree.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00075264 _____ () C:\Program Files\SpiderOak\lib\BTrees._IIBTree.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00072704 _____ () C:\Program Files\SpiderOak\lib\BTrees._IOBTree.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00075776 _____ () C:\Program Files\SpiderOak\lib\BTrees._IFBTree.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00073728 _____ () C:\Program Files\SpiderOak\lib\BTrees._OLBTree.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00076288 _____ () C:\Program Files\SpiderOak\lib\BTrees._LLBTree.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00073728 _____ () C:\Program Files\SpiderOak\lib\BTrees._LOBTree.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00076288 _____ () C:\Program Files\SpiderOak\lib\BTrees._LFBTree.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00073216 _____ () C:\Program Files\SpiderOak\lib\BTrees._fsBTree.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00006656 _____ () C:\Program Files\SpiderOak\lib\twisted.python._initgroups.pyd
2014-03-11 06:51 - 2014-03-11 06:51 - 00130048 _____ () C:\Program Files\SpiderOak\lib\win32api.pyd
2014-03-11 06:48 - 2014-03-11 06:48 - 00138240 _____ () C:\Program Files\SpiderOak\lib\pywintypes27.dll
2012-09-28 21:42 - 2012-09-28 21:42 - 00011264 _____ () C:\Program Files\SpiderOak\lib\Crypto.Hash.SHA256.pyd
2014-03-11 06:49 - 2014-03-11 06:49 - 00149504 _____ () C:\Program Files\SpiderOak\lib\win32file.pyd
2012-09-28 22:55 - 2012-09-28 22:55 - 00016384 _____ () C:\Program Files\SpiderOak\lib\bcrypt._bcrypt.pyd
2012-09-28 21:42 - 2012-09-28 21:42 - 00010752 _____ () C:\Program Files\SpiderOak\lib\Crypto.Random.OSRNG.winrandom.pyd
2012-09-28 21:42 - 2012-09-28 21:42 - 00010752 _____ () C:\Program Files\SpiderOak\lib\Crypto.Util._counter.pyd
2012-09-28 21:42 - 2012-09-28 21:42 - 00033280 _____ () C:\Program Files\SpiderOak\lib\Crypto.Cipher.AES.pyd
2012-06-26 08:57 - 2012-06-26 08:57 - 02145792 _____ () C:\Program Files\SpiderOak\lib\PyQt4.QtCore.pyd
2012-06-26 08:48 - 2012-06-26 08:48 - 00089088 _____ () C:\Program Files\SpiderOak\lib\sip.pyd
2014-06-01 13:22 - 2014-06-01 13:22 - 00112128 _____ () C:\Program Files\SpiderOak\lib\_ctypes.pyd
2014-03-11 06:55 - 2014-03-11 06:55 - 00548864 _____ () C:\Program Files\SpiderOak\lib\pythoncom27.dll
2014-03-11 07:01 - 2014-03-11 07:01 - 00522752 _____ () C:\Program Files\SpiderOak\lib\win32com.shell.shell.pyd
2012-06-26 09:13 - 2012-06-26 09:13 - 07643648 _____ () C:\Program Files\SpiderOak\lib\PyQt4.QtGui.pyd
2012-06-26 09:16 - 2012-06-26 09:16 - 00641536 _____ () C:\Program Files\SpiderOak\lib\PyQt4.QtNetwork.pyd
2012-06-26 09:23 - 2012-06-26 09:23 - 00009216 _____ () C:\Program Files\SpiderOak\lib\PyQt4.Qt.pyd
2014-03-11 06:50 - 2014-03-11 06:50 - 00048128 _____ () C:\Program Files\SpiderOak\lib\win32inet.pyd
2014-06-01 13:22 - 2014-06-01 13:22 - 00010752 _____ () C:\Program Files\SpiderOak\lib\select.pyd
2014-06-07 21:08 - 2014-06-07 21:08 - 00069120 _____ () C:\Program Files\SpiderOak\lib\OpenSSL.crypto.pyd
2014-06-07 21:08 - 2014-06-07 21:08 - 00010240 _____ () C:\Program Files\SpiderOak\lib\OpenSSL.rand.pyd
2014-06-07 21:08 - 2014-06-07 21:08 - 00053248 _____ () C:\Program Files\SpiderOak\lib\OpenSSL.SSL.pyd
2014-03-11 06:50 - 2014-03-11 06:50 - 00045056 _____ () C:\Program Files\SpiderOak\lib\win32process.pyd
2012-09-28 21:42 - 2012-09-28 21:42 - 00059392 _____ () C:\Program Files\SpiderOak\lib\Crypto.Cipher.DES3.pyd
2012-09-28 21:42 - 2012-09-28 21:42 - 00009728 _____ () C:\Program Files\SpiderOak\lib\Crypto.Cipher.XOR.pyd
2012-09-28 21:42 - 2012-09-28 21:42 - 00008192 _____ () C:\Program Files\SpiderOak\lib\Crypto.Util.strxor.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00007680 _____ () C:\Program Files\SpiderOak\lib\twisted.protocols._c_urlarg.pyd
2014-06-01 13:22 - 2014-06-01 13:22 - 00689664 _____ () C:\Program Files\SpiderOak\lib\unicodedata.pyd
2014-03-11 06:50 - 2014-03-11 06:50 - 00027648 _____ () C:\Program Files\SpiderOak\lib\win32pipe.pyd
2014-03-11 06:49 - 2014-03-11 06:49 - 00023040 _____ () C:\Program Files\SpiderOak\lib\win32event.pyd
2014-03-11 06:51 - 2014-03-11 06:51 - 00064000 _____ () C:\Program Files\SpiderOak\lib\win32evtlog.pyd
2014-03-11 06:50 - 2014-03-11 06:50 - 00136192 _____ () C:\Program Files\SpiderOak\lib\win32security.pyd
2014-03-11 06:51 - 2014-03-11 06:51 - 00223744 _____ () C:\Program Files\SpiderOak\lib\win32gui.pyd
2014-03-11 06:50 - 2014-03-11 06:50 - 00055296 _____ () C:\Program Files\SpiderOak\lib\win32console.pyd
2012-09-28 21:42 - 2012-09-28 21:42 - 00035840 _____ () C:\Program Files\SpiderOak\lib\simplejson._speedups.pyd
2012-01-14 09:31 - 2012-01-14 09:31 - 01228800 _____ () C:\Program Files\SpiderOak\lib\pycurl.pyd
2014-08-15 08:52 - 2014-08-15 08:52 - 00013824 _____ () C:\Program Files\SpiderOak\lib\spideroak_version_matcher.pyd
2012-09-24 06:40 - 2012-09-24 06:40 - 01068544 _____ () C:\Program Files\SpiderOak\lib\PIL._imaging.pyd
2014-08-15 08:55 - 2014-08-15 08:55 - 00013824 _____ () C:\Program Files\SpiderOak\windows_dir_watcher.exe
2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-03-11 06:51 - 2014-03-11 06:51 - 00130048 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32api.pyd
2014-03-11 06:48 - 2014-03-11 06:48 - 00138240 _____ () C:\Program Files\SpiderOak\shell_extension_lib\pywintypes27.dll
2014-03-11 06:55 - 2014-03-11 06:55 - 00548864 _____ () C:\Program Files\SpiderOak\shell_extension_lib\pythoncom27.dll
2014-03-11 06:50 - 2014-03-11 06:50 - 00017920 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32trace.pyd
2014-03-11 06:50 - 2014-03-11 06:50 - 00136192 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32security.pyd
2014-03-11 07:01 - 2014-03-11 07:01 - 00522752 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32com.shell.shell.pyd
2014-03-11 06:51 - 2014-03-11 06:51 - 00064000 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32evtlog.pyd
2014-06-01 13:22 - 2014-06-01 13:22 - 00112128 _____ () C:\Program Files\SpiderOak\shell_extension_lib\_ctypes.pyd
2014-03-11 06:49 - 2014-03-11 06:49 - 00149504 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32file.pyd
2014-03-11 06:50 - 2014-03-11 06:50 - 00027648 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32pipe.pyd
2014-03-11 06:49 - 2014-03-11 06:49 - 00023040 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32event.pyd
2014-06-01 13:22 - 2014-06-01 13:22 - 01067520 _____ () C:\Program Files\SpiderOak\shell_extension_lib\_hashlib.pyd
2014-03-11 06:50 - 2014-03-11 06:50 - 00045056 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32process.pyd
2014-03-11 06:51 - 2014-03-11 06:51 - 00223744 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32gui.pyd
2014-03-11 07:02 - 2014-03-11 07:02 - 00125952 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32com.propsys.propsys.pyd
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-21 16:22 - 2014-10-21 16:22 - 00750080 _____ () C:\Users\Tegrodamus\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-05 16:08 - 2015-01-05 16:08 - 00043008 _____ () c:\Users\Tegrodamus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpanscpa.dll
2014-10-21 16:22 - 2014-10-21 16:22 - 00047616 _____ () C:\Users\Tegrodamus\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 16:22 - 2014-10-21 16:22 - 00863744 _____ () C:\Users\Tegrodamus\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 16:22 - 2014-10-21 16:22 - 00200704 _____ () C:\Users\Tegrodamus\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-05 16:08 - 2015-01-05 16:08 - 00098816 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32api.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00110080 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\pywintypes27.dll
2015-01-05 16:08 - 2015-01-05 16:08 - 00364544 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\pythoncom27.dll
2015-01-05 16:08 - 2015-01-05 16:08 - 00045568 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\_socket.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 01160704 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\_ssl.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00320512 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32com.shell.shell.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00713216 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\_hashlib.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 01175040 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wx._core_.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00805888 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wx._gdi_.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00811008 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wx._windows_.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 01062400 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wx._controls_.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00735232 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wx._misc_.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00128512 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\_elementtree.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00127488 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\pyexpat.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00557056 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\pysqlite2._sqlite.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00007168 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\hashobjs_ext.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00087552 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\_ctypes.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00119808 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32file.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00108544 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32security.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00018432 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32event.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00038912 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32inet.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00070656 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wx._html2.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00167936 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32gui.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00011264 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32crypt.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00027136 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\_multiprocessing.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00122368 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wx._wizard.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00010240 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\select.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00024064 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32pipe.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00686080 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\unicodedata.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00025600 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32pdh.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00525640 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\windows._lib_cacheinvalidation.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00035840 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32process.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00017408 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32profile.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00022528 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32ts.pyd
2015-01-05 16:08 - 2015-01-05 16:08 - 00078336 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wx._animate.pyd
2014-06-27 00:21 - 2014-06-05 05:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-27 00:21 - 2014-06-05 05:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-27 00:21 - 2014-06-05 05:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-27 00:21 - 2014-06-05 05:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-27 00:21 - 2014-06-05 05:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-12 15:53 - 2014-07-08 07:18 - 14663856 _____ () C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Tegrodamus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3050 J610 series (Network).lnk => C:\windows\pss\Monitor Ink Alerts - HP Deskjet 3050 J610 series (Network).lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
MSCONFIG\startupreg: Smart File Advisor => "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: Xvid => C:\Program Files (x86)\Xvid\CheckUpdate.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-4285596166-217634841-3432072464-500 - Administrator - Disabled)
Guest (S-1-5-21-4285596166-217634841-3432072464-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4285596166-217634841-3432072464-1002 - Limited - Enabled)
Tegrodamus (S-1-5-21-4285596166-217634841-3432072464-1000 - Administrator - Enabled) => C:\Users\Tegrodamus

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 58%
Total physical RAM: 3894.85 MB
Available physical RAM: 1619.2 MB
Total Pagefile: 7787.88 MB
Available Pagefile: 5093.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (TI106049W0B) (Fixed) (Total:286.31 GB) (Free:239.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 2AC57315)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=286.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.3 GB) - (Type=17)

==================== End Of Log ============================

Attached Files


Edited by Oh My!, 05 January 2015 - 10:21 PM.
Posted logs


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:47 AM

Posted 05 January 2015 - 11:21 PM

Thank you for the information. Please copy and paste the information in your reply unless asked to attach a file. It is easier to review everything if it is posted.

Please rerun AdwCleaner and select Clean after the scan.

Consider and do this please.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4285596166-217634841-3432072464-1000 -> {091A39E3-2EF9-4A1C-BD6A-606B87303342} URL =
Toolbar: HKU\S-1-5-21-4285596166-217634841-3432072464-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
S2 e72fc89f; c:\Program Files (x86)\TheRealDeals\CouponMania.dll [4094976 2014-11-21] () [File not signed]
C:\Users\Tegrodamus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpanscpa.dll
C:\Users\Tegrodamus\AppData\Local\Temp\Quarantine.exe
C:\Users\Tegrodamus\AppData\Local\Temp\sqlite3.dll
2015-01-05 16:08 - 2015-01-05 16:08 - 00098816 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162
2014-12-11 17:38 - 2014-12-11 17:38 - 00000000 ____D () C:\ProgramData\flohhhaibkpjahbnnaeddgflhkmaihkf
c:\Program Files (x86)\TheRealDeals
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Run TDSSKiller by Kaspersky on Windows 8/7/Vista

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Fixlog
  • TDSSKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 T1gT34gu3

T1gT34gu3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 06 January 2015 - 04:32 PM

# AdwCleaner v4.106 - Report created 06/01/2015 at 11:06:39
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tegrodamus - TEGRODAMUS-PC
# Running from : C:\Users\Tegrodamus\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN42011141632564516&ctid=CT3311875&UM=2
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN42011141632564516&ctid=CT3311875&UM=2
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_34_ch&cd=2XzuyEtN2Y1L1Qzu0Czz0DtA0AtAtD0CtDyDtAtA0C0C0FyDtN0D0Tzu0SzyyCyEtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0CzytDtAzzyB0CtGtByB0A0AtGyByEtCyBtG0ByBtBzytGyB0DyCzy0B0CyEtC0D0CyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtAtDtD0F0FtAtBtGtD0B0C0FtGyEyDyDyCtG0AtC0F0BtG0DyCyDzz0CtD0DyC0ByBtA0D2Q&cr=1018790794&ir=
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN33656360426255280&ctid=CT3289847&UM=2&sspv=CHNTI1
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN33656360426255280&ctid=CT3289847&UM=2&sspv=CHNTI1
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=hells+kitchen&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0Czz0DtA0AtAtD0CtDyDtAtA0C0C0FyDtN0D0Tzu0CyBzztDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1901088366&ir=
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20130410&user_guid=48B3468E4F85425CB14833BEB2693738&machine_id=228d95bb936298cd740fd8a2073ae7ef&browser=CR&os=win&os_version=6.1-x86-SP1
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0Czz0DtA0AtAtD0CtDyDtAtA0C0C0FyDtN0D0Tzu0CyBzztDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1901088366&ir=
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.facemoods.com/?a=fmtoby&s={searchTerms}&f=4
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.foxnews.com/search-results/search?q={searchTerms}&submit=Search&ss=fn
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.49ers.com/search-results?q={searchTerms}&Go.x=14&Go.y=7
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?searchfor={searchTerms}&ptb=&n=&tpr=hpsb&ts=1376338043551&st=hp
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?searchfor={searchTerms}&ptb=&n=&tpr=hpsb&ts=1376338043551&st=hp
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.startnow.com/s/?q={searchTerms}&submit=Search+&category=web&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20130410&user_guid=48B3468E4F85425CB14833BEB2693738&machine_id=228d95bb936298cd740fd8a2073ae7ef&browser=cr&os=win&os_version=6.1-x86-SP1&provider=vmn&provider_name=yahoo&provider_code=search.startnow.com&src=startpage
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://search.conduit.com/?ctid=CT3311875&SearchSource=48&CUI=UN42011141632564516&UM=2
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://search.conduit.com/?ctid=CT3311875&SearchSource=48&CUI=UN42011141632564516&UM=2
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://searchy.easylifeapp.com/
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://search.gboxapp.com/?aff=p
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0Czz0DtA0AtAtD0CtDyDtAtA0C0C0FyDtN0D0Tzu0CyBzztDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1901088366&ir=
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://www.searchnu.com/406?appid=707
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ch
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20130410&user_guid=48B3468E4F85425CB14833BEB2693738&machine_id=228d95bb936298cd740fd8a2073ae7ef&browser=CR&os=win&os_version=6.1-x86-SP1
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://www.v9.com/?type=hp&ts=1403604771&from=ymb&uid=TOSHIBAXMK3265GSXV_60TBS6V7SXX60TBS6V7S&i=psd&t=3449d1761
 
*************************
 
AdwCleaner[R0].txt - [6659 octets] - [05/01/2015 15:09:43]
AdwCleaner[R1].txt - [6719 octets] - [05/01/2015 16:01:57]
AdwCleaner[R2].txt - [11476 octets] - [05/01/2015 16:03:59]
AdwCleaner[R3].txt - [7420 octets] - [06/01/2015 11:06:39]
AdwCleaner[S0].txt - [11742 octets] - [05/01/2015 16:06:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [7541 octets] ##########
 
======================================================================================================
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015
Ran by Tegrodamus at 2015-01-06 10:41:45 Run:1
Running from C:\Users\Tegrodamus\Desktop
Loaded Profile: Tegrodamus (Available profiles: Tegrodamus)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4285596166-217634841-3432072464-1000 -> {091A39E3-2EF9-4A1C-BD6A-606B87303342} URL =
Toolbar: HKU\S-1-5-21-4285596166-217634841-3432072464-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
S2 e72fc89f; c:\Program Files (x86)\TheRealDeals\CouponMania.dll [4094976 2014-11-21] () [File not signed]
C:\Users\Tegrodamus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpanscpa.dll
C:\Users\Tegrodamus\AppData\Local\Temp\Quarantine.exe
C:\Users\Tegrodamus\AppData\Local\Temp\sqlite3.dll
2015-01-05 16:08 - 2015-01-05 16:08 - 00098816 _____ () C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162
2014-12-11 17:38 - 2014-12-11 17:38 - 00000000 ____D () C:\ProgramData\flohhhaibkpjahbnnaeddgflhkmaihkf
c:\Program Files (x86)\TheRealDeals
*****************
 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-4285596166-217634841-3432072464-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{091A39E3-2EF9-4A1C-BD6A-606B87303342}" => Key deleted successfully.
HKCR\CLSID\{091A39E3-2EF9-4A1C-BD6A-606B87303342} => Key not found. 
HKU\S-1-5-21-4285596166-217634841-3432072464-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
e72fc89f => Service deleted successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpanscpa.dll => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\sqlite3.dll => Moved successfully.
 
"C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162" directory move:
 
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\bz2.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\gdi32.dll => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\hashobjs_ext.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\kernel32.dll => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\main.exe.manifest => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\mfc90.dll => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\mfc90u.dll => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\mfcm90.dll => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\mfcm90u.dll => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\msvcp100.dll => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\msvcr100.dll => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\psapi.dll => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\pyexpat.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\pysqlite2._sqlite.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\python27.dll => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\pythoncom27.dll => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\PyWinTypes27.dll => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\select.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\shell32.dll => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\unicodedata.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32api.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32com.shell.shell.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32crypt.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32event.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32evtlog.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32file.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32gui.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32inet.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32pdh.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32pipe.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32process.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32profile.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32security.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32trace.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32ts.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32ui.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\win32wnet.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\windows._lib_cacheinvalidation.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wx._animate.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wx._controls_.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wx._core_.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wx._gdi_.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wx._html2.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wx._misc_.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wx._windows_.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wx._wizard.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wxbase294u_net_vc90.dll => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wxbase294u_vc90.dll => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wxmsw294u_adv_vc90.dll => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wxmsw294u_core_vc90.dll => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wxmsw294u_html_vc90.dll => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\wxmsw294u_webview_vc90.dll => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\_ctypes.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\_elementtree.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\_hashlib.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\_multiprocessing.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\_socket.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\_ssl.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\_win32sysloader.pyd => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\support\gen_py\__init__.py => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\mime\drive.mime.types => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\js\XMLHttpRequest.js => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\docs.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-gdoc16.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-gdoc256.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-gdoc32.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-gdoc48.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-gdraw16.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-gdraw256.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-gdraw32.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-gdraw48.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-gform16.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-gform256.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-gform32.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-gform48.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-glink16.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-glink256.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-glink32.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-glink48.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-gsheet16.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-gsheet256.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-gsheet32.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-gsheet48.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-gslides16.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-gslides256.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-gslides32.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-gslides48.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-photos-logo.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-sync16.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-sync16.xpm => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-sync256.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-sync32.xpm => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\drive-sync64.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\exclaim.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\file.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\folder-mac.icns => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\folder-winseven.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\folder-winxp.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\folder.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\gdoc.icns => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\gdoc.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\gdraw.icns => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\gdraw.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\gform.icns => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\gform.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\glink.icns => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\glink.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\gnote.icns => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\gnote.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\gscript.icns => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\gscript.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\gsheet.icns => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\gsheet.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\gslides.icns => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\gslides.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\gtable.icns => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\gtable.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\image_resources.py => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\image_resources.pyo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate1-inverse.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate1-inverse_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate1.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate1_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate2-inverse.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate2-inverse_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate2.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate2_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate3-inverse.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate3-inverse_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate3.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate3_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate4-inverse.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate4-inverse_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate4.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate4_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate5-inverse.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate5-inverse_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate5.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate5_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate6-inverse.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate6-inverse_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate6.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate6_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate7-inverse.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate7-inverse_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate7.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate7_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate8-inverse.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate8-inverse_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate8.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-animate8_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-error-inverse.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-error-inverse_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-error.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-error_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-inactive-inverse.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-inactive-inverse_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-inactive.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-inactive_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-normal-inverse.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-normal-inverse_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-normal.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-normal_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-pause-inverse_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-paused-inverse.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-paused-inverse_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-paused.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\mac-paused_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_check.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_check_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_create.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_create_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_docs_16.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_down-arrow.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_down-arrow_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_drive-logo.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_drive-logo_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_error.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_error_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_file_32.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_folder.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_folder_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_folder_32.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_google-logo-gray.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_google-logo-gray_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_link.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_link_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_pause.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_pause_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_resume.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_resume_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_settings.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_settings_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_share.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_share_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_sheets_16.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_slides_16.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_sm_warning_red.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_sm_warning_red_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_sm_warning_yellow.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_sm_warning_yellow_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_sync-paused.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_sync.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_sync_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_sync_anim.gif => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_sync_anim_2x.gif => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_sync_anim_grey.gif => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_up-arrow.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_up-arrow_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_warning.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_warning_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_warning_color.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_warning_color_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_web.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\menu_web_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\photos16.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\photos16_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\photosfolder-mac.icns => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\photosfolder-winseven.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\photosfolder-winxp.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\setup1.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\setup2-mac.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\setup2-win.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\setup3-bottom.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\setup3-right.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\setup4-mac.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\setup4-win.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\setup5-mac.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\setup5-win.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\sharedfolder-mac.icns => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\sharedfolder-winseven.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\sharedfolder-winxp.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\shareguyicon.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\sheets.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\slides.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\sync.icns => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\sync.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\sync.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\sync_128.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\sync_menu_done.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\sync_menu_done_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\sync_menu_error.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\sync_menu_error_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\sync_menu_syncing.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\sync_menu_syncing_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\toprighticon.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\warning-hdpi_2x.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\warning_128.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\warning_256.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\warning_64.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\win-animate1.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\win-animate2.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\win-animate3.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\win-animate4.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\win-animate5.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\win-animate6.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\win-animate7.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\win-animate8.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\win-normal.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\win7-error.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\win7-inactive.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\win7-paused.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\winxp-error.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\winxp-inactive.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\winxp-paused.png => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\__init__.py => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\__init__.pyo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\overlays\Blacklisted.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\overlays\Shared.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\overlays\Synced.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\images\overlays\Syncing.ico => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\zh_TW\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\zh_HK\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\zh_CN\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\zh-Hant\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\zh-Hans\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\zh\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\vi\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\uk\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\tr\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\th\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\te\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\ta\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\sv\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\sr\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\sl\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\sk\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\ru\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\ro\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\pt_PT\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\pt_BR\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\pt\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\pl\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\no\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\nl\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\mr\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\ml\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\lv\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\lt\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\ko\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\kn\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\ja\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\it\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\id\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\hu\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\hr\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\hi\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\he\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\gu\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\fr\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\fil\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\fi\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\es\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\en_US\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\en_GB\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\en\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\el\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\de\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\da\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\cs\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\ca\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\bn\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\bg\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\i18n\locale\ar\LC_MESSAGES\syncclient.mo => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\fonts\OpenSans-Light.ttf => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\fonts\Roboto-Bold.ttf => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\fonts\Roboto-Regular.ttf => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\fonts\Roboto-Thin.ttf => Moved successfully.
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx => Moved successfully.
Could not move "C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162" directory. => Scheduled to move on reboot.
 
C:\ProgramData\flohhhaibkpjahbnnaeddgflhkmaihkf => Moved successfully.
c:\Program Files (x86)\TheRealDeals => Moved successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-06 10:43:55)<=
 
C:\Users\Tegrodamus\AppData\Local\Temp\_MEI28162 => Is moved successfully.
 
==== End of Fixlog 10:43:55 ====
 
======================================================================================================
 
13:27:51.0971 0x1568  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
13:28:08.0180 0x1568  ============================================================
13:28:08.0180 0x1568  Current date / time: 2015/01/06 13:28:08.0180
13:28:08.0180 0x1568  SystemInfo:
13:28:08.0180 0x1568  
13:28:08.0180 0x1568  OS Version: 6.1.7601 ServicePack: 1.0
13:28:08.0180 0x1568  Product type: Workstation
13:28:08.0180 0x1568  ComputerName: TEGRODAMUS-PC
13:28:08.0180 0x1568  UserName: Tegrodamus
13:28:08.0180 0x1568  Windows directory: C:\windows
13:28:08.0180 0x1568  System windows directory: C:\windows
13:28:08.0180 0x1568  Running under WOW64
13:28:08.0180 0x1568  Processor architecture: Intel x64
13:28:08.0180 0x1568  Number of processors: 4
13:28:08.0180 0x1568  Page size: 0x1000
13:28:08.0180 0x1568  Boot type: Normal boot
13:28:08.0180 0x1568  ============================================================
13:28:08.0523 0x1568  KLMD registered as C:\windows\system32\drivers\24909579.sys
13:28:09.0334 0x1568  System UUID: {2AB41E03-BA68-0605-CEE7-D99D1131B124}
13:28:10.0379 0x1568  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:28:10.0395 0x1568  ============================================================
13:28:10.0395 0x1568  \Device\Harddisk0\DR0:
13:28:10.0395 0x1568  MBR partitions:
13:28:10.0395 0x1568  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23CA0000
13:28:10.0395 0x1568  ============================================================
13:28:10.0426 0x1568  C: <-> \Device\Harddisk0\DR0\Partition1
13:28:10.0426 0x1568  ============================================================
13:28:10.0426 0x1568  Initialize success
13:28:10.0426 0x1568  ============================================================
13:28:13.0609 0x04f4  ============================================================
13:28:13.0609 0x04f4  Scan started
13:28:13.0609 0x04f4  Mode: Manual; 
13:28:13.0609 0x04f4  ============================================================
13:28:13.0609 0x04f4  KSN ping started
13:28:16.0588 0x04f4  KSN ping finished: true
13:28:18.0819 0x04f4  ================ Scan system memory ========================
13:28:18.0819 0x04f4  System memory - ok
13:28:18.0819 0x04f4  ================ Scan services =============================
13:28:19.0006 0x04f4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
13:28:19.0006 0x04f4  1394ohci - ok
13:28:19.0084 0x04f4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
13:28:19.0100 0x04f4  ACPI - ok
13:28:19.0131 0x04f4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
13:28:19.0131 0x04f4  AcpiPmi - ok
13:28:19.0193 0x04f4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
13:28:19.0193 0x04f4  adp94xx - ok
13:28:19.0240 0x04f4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
13:28:19.0240 0x04f4  adpahci - ok
13:28:19.0287 0x04f4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
13:28:19.0303 0x04f4  adpu320 - ok
13:28:19.0334 0x04f4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
13:28:19.0334 0x04f4  AeLookupSvc - ok
13:28:19.0412 0x04f4  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\windows\system32\drivers\afd.sys
13:28:19.0412 0x04f4  AFD - ok
13:28:19.0459 0x04f4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
13:28:19.0459 0x04f4  agp440 - ok
13:28:19.0505 0x04f4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
13:28:19.0505 0x04f4  ALG - ok
13:28:19.0568 0x04f4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
13:28:19.0568 0x04f4  aliide - ok
13:28:19.0583 0x04f4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
13:28:19.0599 0x04f4  amdide - ok
13:28:19.0630 0x04f4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
13:28:19.0630 0x04f4  AmdK8 - ok
13:28:19.0646 0x04f4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
13:28:19.0646 0x04f4  AmdPPM - ok
13:28:19.0693 0x04f4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
13:28:19.0693 0x04f4  amdsata - ok
13:28:19.0724 0x04f4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
13:28:19.0739 0x04f4  amdsbs - ok
13:28:19.0755 0x04f4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
13:28:19.0755 0x04f4  amdxata - ok
13:28:19.0802 0x04f4  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
13:28:19.0802 0x04f4  AppID - ok
13:28:19.0833 0x04f4  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
13:28:19.0849 0x04f4  AppIDSvc - ok
13:28:19.0911 0x04f4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
13:28:19.0911 0x04f4  Appinfo - ok
13:28:19.0973 0x04f4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\DRIVERS\arc.sys
13:28:19.0973 0x04f4  arc - ok
13:28:19.0989 0x04f4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
13:28:20.0005 0x04f4  arcsas - ok
13:28:20.0098 0x04f4  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:28:20.0114 0x04f4  aspnet_state - ok
13:28:20.0145 0x04f4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
13:28:20.0145 0x04f4  AsyncMac - ok
13:28:20.0176 0x04f4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
13:28:20.0176 0x04f4  atapi - ok
13:28:20.0332 0x04f4  [ D6CAD7E5B05055BB8226BDCB1644DA27, 053DBE95BE044C2674825561619A188660865AFCC4FD3C1D1E4F08972F5CC8DF ] athr            C:\windows\system32\DRIVERS\athrx.sys
13:28:20.0395 0x04f4  athr - ok
13:28:20.0519 0x04f4  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
13:28:20.0551 0x04f4  AudioEndpointBuilder - ok
13:28:20.0566 0x04f4  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\windows\System32\Audiosrv.dll
13:28:20.0582 0x04f4  AudioSrv - ok
13:28:20.0629 0x04f4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
13:28:20.0629 0x04f4  AxInstSV - ok
13:28:20.0660 0x04f4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
13:28:20.0675 0x04f4  b06bdrv - ok
13:28:20.0722 0x04f4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
13:28:20.0722 0x04f4  b57nd60a - ok
13:28:20.0769 0x04f4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
13:28:20.0769 0x04f4  BDESVC - ok
13:28:20.0785 0x04f4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
13:28:20.0785 0x04f4  Beep - ok
13:28:20.0847 0x04f4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
13:28:20.0863 0x04f4  BFE - ok
13:28:20.0909 0x04f4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll
13:28:20.0941 0x04f4  BITS - ok
13:28:20.0972 0x04f4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
13:28:20.0972 0x04f4  blbdrive - ok
13:28:21.0019 0x04f4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
13:28:21.0019 0x04f4  bowser - ok
13:28:21.0050 0x04f4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
13:28:21.0050 0x04f4  BrFiltLo - ok
13:28:21.0065 0x04f4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
13:28:21.0065 0x04f4  BrFiltUp - ok
13:28:21.0112 0x04f4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
13:28:21.0112 0x04f4  Browser - ok
13:28:21.0175 0x04f4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
13:28:21.0206 0x04f4  Brserid - ok
13:28:21.0221 0x04f4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
13:28:21.0237 0x04f4  BrSerWdm - ok
13:28:21.0237 0x04f4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
13:28:21.0237 0x04f4  BrUsbMdm - ok
13:28:21.0253 0x04f4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
13:28:21.0253 0x04f4  BrUsbSer - ok
13:28:21.0268 0x04f4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
13:28:21.0268 0x04f4  BTHMODEM - ok
13:28:21.0315 0x04f4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
13:28:21.0315 0x04f4  bthserv - ok
13:28:21.0502 0x04f4  [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
13:28:21.0565 0x04f4  c2cautoupdatesvc - ok
13:28:21.0705 0x04f4  [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
13:28:21.0799 0x04f4  c2cpnrsvc - ok
13:28:21.0814 0x04f4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
13:28:21.0830 0x04f4  cdfs - ok
13:28:21.0877 0x04f4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\drivers\cdrom.sys
13:28:21.0892 0x04f4  cdrom - ok
13:28:21.0939 0x04f4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
13:28:21.0939 0x04f4  CertPropSvc - ok
13:28:21.0986 0x04f4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
13:28:21.0986 0x04f4  circlass - ok
13:28:22.0048 0x04f4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
13:28:22.0048 0x04f4  CLFS - ok
13:28:22.0126 0x04f4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:28:22.0126 0x04f4  clr_optimization_v2.0.50727_32 - ok
13:28:22.0173 0x04f4  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:28:22.0173 0x04f4  clr_optimization_v2.0.50727_64 - ok
13:28:22.0267 0x04f4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:28:22.0454 0x04f4  clr_optimization_v4.0.30319_32 - ok
13:28:22.0485 0x04f4  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:28:22.0594 0x04f4  clr_optimization_v4.0.30319_64 - ok
13:28:22.0657 0x04f4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
13:28:22.0657 0x04f4  CmBatt - ok
13:28:22.0672 0x04f4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
13:28:22.0672 0x04f4  cmdide - ok
13:28:22.0735 0x04f4  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\windows\system32\Drivers\cng.sys
13:28:22.0750 0x04f4  CNG - ok
13:28:22.0828 0x04f4  [ 25C58EE97BE0416A373E3E4F855206B5, 3AE7CA1E1ED56C2CE4BD11F2F89060DEF480009E4AA2128897C70E9E679E44BB ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
13:28:22.0844 0x04f4  CnxtHdAudService - ok
13:28:22.0891 0x04f4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
13:28:22.0891 0x04f4  Compbatt - ok
13:28:22.0953 0x04f4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
13:28:22.0953 0x04f4  CompositeBus - ok
13:28:22.0969 0x04f4  COMSysApp - ok
13:28:23.0000 0x04f4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
13:28:23.0000 0x04f4  crcdisk - ok
13:28:23.0109 0x04f4  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll
13:28:23.0125 0x04f4  CryptSvc - ok
13:28:23.0171 0x04f4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
13:28:23.0187 0x04f4  DcomLaunch - ok
13:28:23.0234 0x04f4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
13:28:23.0249 0x04f4  defragsvc - ok
13:28:23.0296 0x04f4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
13:28:23.0296 0x04f4  DfsC - ok
13:28:23.0343 0x04f4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
13:28:23.0343 0x04f4  Dhcp - ok
13:28:23.0374 0x04f4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
13:28:23.0374 0x04f4  discache - ok
13:28:23.0421 0x04f4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\DRIVERS\disk.sys
13:28:23.0421 0x04f4  Disk - ok
13:28:23.0515 0x04f4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
13:28:23.0515 0x04f4  Dnscache - ok
13:28:23.0546 0x04f4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
13:28:23.0561 0x04f4  dot3svc - ok
13:28:23.0593 0x04f4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
13:28:23.0593 0x04f4  DPS - ok
13:28:23.0655 0x04f4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
13:28:23.0655 0x04f4  drmkaud - ok
13:28:23.0764 0x04f4  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
13:28:23.0811 0x04f4  DXGKrnl - ok
13:28:23.0920 0x04f4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
13:28:23.0920 0x04f4  EapHost - ok
13:28:24.0185 0x04f4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
13:28:24.0326 0x04f4  ebdrv - ok
13:28:24.0373 0x04f4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\windows\System32\lsass.exe
13:28:24.0373 0x04f4  EFS - ok
13:28:24.0497 0x04f4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
13:28:24.0513 0x04f4  ehRecvr - ok
13:28:24.0544 0x04f4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
13:28:24.0560 0x04f4  ehSched - ok
13:28:24.0622 0x04f4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
13:28:24.0638 0x04f4  elxstor - ok
13:28:24.0669 0x04f4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
13:28:24.0669 0x04f4  ErrDev - ok
13:28:24.0747 0x04f4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
13:28:24.0763 0x04f4  EventSystem - ok
13:28:24.0794 0x04f4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
13:28:24.0794 0x04f4  exfat - ok
13:28:24.0825 0x04f4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
13:28:24.0825 0x04f4  fastfat - ok
13:28:24.0887 0x04f4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
13:28:24.0903 0x04f4  Fax - ok
13:28:24.0965 0x04f4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\DRIVERS\fdc.sys
13:28:24.0965 0x04f4  fdc - ok
13:28:25.0028 0x04f4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
13:28:25.0028 0x04f4  fdPHost - ok
13:28:25.0043 0x04f4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
13:28:25.0059 0x04f4  FDResPub - ok
13:28:25.0059 0x04f4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
13:28:25.0059 0x04f4  FileInfo - ok
13:28:25.0075 0x04f4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
13:28:25.0075 0x04f4  Filetrace - ok
13:28:25.0106 0x04f4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
13:28:25.0106 0x04f4  flpydisk - ok
13:28:25.0153 0x04f4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
13:28:25.0153 0x04f4  FltMgr - ok
13:28:25.0231 0x04f4  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll
13:28:25.0262 0x04f4  FontCache - ok
13:28:25.0324 0x04f4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:28:25.0324 0x04f4  FontCache3.0.0.0 - ok
13:28:25.0355 0x04f4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
13:28:25.0355 0x04f4  FsDepends - ok
13:28:25.0402 0x04f4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
13:28:25.0402 0x04f4  Fs_Rec - ok
13:28:25.0449 0x04f4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
13:28:25.0449 0x04f4  fvevol - ok
13:28:25.0511 0x04f4  [ 60ACB128E64C35C2B4E4AAB1B0A5C293, 7B476AB5E95529A894F95397C753662F4C58D1FE89F4648271251DA77C5A3FA9 ] FwLnk           C:\windows\system32\DRIVERS\FwLnk.sys
13:28:25.0527 0x04f4  FwLnk - ok
13:28:25.0558 0x04f4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
13:28:25.0558 0x04f4  gagp30kx - ok
13:28:25.0605 0x04f4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
13:28:25.0621 0x04f4  gpsvc - ok
13:28:25.0808 0x04f4  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:28:25.0808 0x04f4  gupdate - ok
13:28:25.0839 0x04f4  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:28:25.0839 0x04f4  gupdatem - ok
13:28:25.0870 0x04f4  [ CC839E8D766CC31A7710C9F38CF3E375, 327D57F18B4A2D1CB06C5682D3364097ECD3CF40C2719AA1F41D0B49A26003E4 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:28:25.0870 0x04f4  gusvc - ok
13:28:25.0901 0x04f4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
13:28:25.0901 0x04f4  hcw85cir - ok
13:28:25.0964 0x04f4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
13:28:25.0964 0x04f4  HdAudAddService - ok
13:28:25.0995 0x04f4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
13:28:26.0011 0x04f4  HDAudBus - ok
13:28:26.0042 0x04f4  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\windows\system32\DRIVERS\HECIx64.sys
13:28:26.0042 0x04f4  HECIx64 - ok
13:28:26.0073 0x04f4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
13:28:26.0073 0x04f4  HidBatt - ok
13:28:26.0089 0x04f4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
13:28:26.0104 0x04f4  HidBth - ok
13:28:26.0120 0x04f4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
13:28:26.0120 0x04f4  HidIr - ok
13:28:26.0151 0x04f4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\system32\hidserv.dll
13:28:26.0151 0x04f4  hidserv - ok
13:28:26.0213 0x04f4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\drivers\hidusb.sys
13:28:26.0229 0x04f4  HidUsb - ok
13:28:26.0260 0x04f4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
13:28:26.0260 0x04f4  hkmsvc - ok
13:28:26.0307 0x04f4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
13:28:26.0307 0x04f4  HomeGroupListener - ok
13:28:26.0354 0x04f4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
13:28:26.0354 0x04f4  HomeGroupProvider - ok
13:28:26.0416 0x04f4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
13:28:26.0416 0x04f4  HpSAMD - ok
13:28:26.0494 0x04f4  [ 82C47A85494249623F40E43C7B04051C, 97EF087B49219B68686914B250634FF67D13B7D3F81562614F108D2A40BEBA54 ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
13:28:26.0494 0x04f4  HPSupportSolutionsFrameworkService - ok
13:28:26.0557 0x04f4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
13:28:26.0572 0x04f4  HTTP - ok
13:28:26.0619 0x04f4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
13:28:26.0619 0x04f4  hwpolicy - ok
13:28:26.0681 0x04f4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
13:28:26.0697 0x04f4  i8042prt - ok
13:28:26.0744 0x04f4  [ 85977CD13FC16069CE0AF7943A811775, 421AFFF08D14C2F55CFEF05E4A5A8B086F80BE69A927F84052A502EC5B222990 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
13:28:26.0744 0x04f4  iaStor - ok
13:28:26.0822 0x04f4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
13:28:26.0837 0x04f4  iaStorV - ok
13:28:26.0947 0x04f4  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:28:27.0071 0x04f4  idsvc - ok
13:28:27.0087 0x04f4  IEEtwCollectorService - ok
13:28:27.0586 0x04f4  [ 898AB5BFED7040D7AB07AF01885EB944, 72B140D6A62A8AF9439FA7061D8014EE7D1D49EC9EE6524881749A7C85926721 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
13:28:27.0929 0x04f4  igfx - ok
13:28:28.0023 0x04f4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
13:28:28.0023 0x04f4  iirsp - ok
13:28:28.0148 0x04f4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
13:28:28.0179 0x04f4  IKEEXT - ok
13:28:28.0226 0x04f4  [ 4B6363CD4610BB848531BB260B15DFCC, 13A8AA9571497086341AC00797EFF212FF76EE62F9CFF758D3C08B377EC7BF04 ] Impcd           C:\windows\system32\DRIVERS\Impcd.sys
13:28:28.0226 0x04f4  Impcd - ok
13:28:28.0257 0x04f4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
13:28:28.0257 0x04f4  intelide - ok
13:28:28.0304 0x04f4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
13:28:28.0304 0x04f4  intelppm - ok
13:28:28.0335 0x04f4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
13:28:28.0335 0x04f4  IPBusEnum - ok
13:28:28.0382 0x04f4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
13:28:28.0382 0x04f4  IpFilterDriver - ok
13:28:28.0429 0x04f4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
13:28:28.0444 0x04f4  iphlpsvc - ok
13:28:28.0475 0x04f4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
13:28:28.0475 0x04f4  IPMIDRV - ok
13:28:28.0522 0x04f4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
13:28:28.0522 0x04f4  IPNAT - ok
13:28:28.0553 0x04f4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
13:28:28.0553 0x04f4  IRENUM - ok
13:28:28.0585 0x04f4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
13:28:28.0585 0x04f4  isapnp - ok
13:28:28.0631 0x04f4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
13:28:28.0631 0x04f4  iScsiPrt - ok
13:28:28.0663 0x04f4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
13:28:28.0663 0x04f4  kbdclass - ok
13:28:28.0709 0x04f4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
13:28:28.0709 0x04f4  kbdhid - ok
13:28:28.0725 0x04f4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\windows\system32\lsass.exe
13:28:28.0725 0x04f4  KeyIso - ok
13:28:28.0756 0x04f4  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
13:28:28.0756 0x04f4  KSecDD - ok
13:28:28.0787 0x04f4  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
13:28:28.0803 0x04f4  KSecPkg - ok
13:28:28.0850 0x04f4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
13:28:28.0850 0x04f4  ksthunk - ok
13:28:28.0912 0x04f4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
13:28:28.0928 0x04f4  KtmRm - ok
13:28:28.0990 0x04f4  [ 48686C29856F46443952A831424F8D6F, 05BEA2243E219575B2FBED23824DB2BE61F422C2972AC2E835C94DFC8A285BF6 ] L1C             C:\windows\system32\DRIVERS\L1C62x64.sys
13:28:28.0990 0x04f4  L1C - ok
13:28:29.0084 0x04f4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\system32\srvsvc.dll
13:28:29.0084 0x04f4  LanmanServer - ok
13:28:29.0115 0x04f4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
13:28:29.0131 0x04f4  LanmanWorkstation - ok
13:28:29.0162 0x04f4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
13:28:29.0162 0x04f4  lltdio - ok
13:28:29.0209 0x04f4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
13:28:29.0209 0x04f4  lltdsvc - ok
13:28:29.0240 0x04f4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
13:28:29.0240 0x04f4  lmhosts - ok
13:28:29.0333 0x04f4  [ 259E9D38F7CABB068530101F87B6C202, 11D22953455829DE6C0AED788F73E061CD3B0A3CF62E41F8E5AFFDFD5A51E463 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:28:29.0349 0x04f4  LMS - ok
13:28:29.0427 0x04f4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
13:28:29.0427 0x04f4  LSI_FC - ok
13:28:29.0474 0x04f4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
13:28:29.0474 0x04f4  LSI_SAS - ok
13:28:29.0521 0x04f4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
13:28:29.0521 0x04f4  LSI_SAS2 - ok
13:28:29.0552 0x04f4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
13:28:29.0552 0x04f4  LSI_SCSI - ok
13:28:29.0599 0x04f4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
13:28:29.0599 0x04f4  luafv - ok
13:28:29.0661 0x04f4  [ 478CC94C937D235CB0A96AB8F2359D81, 1877AF93FD777F0D5BC02C0CD6E806A165991B6C77D424B13D2D77F8F9D1EFCC ] mbamchameleon   C:\windows\system32\drivers\mbamchameleon.sys
13:28:29.0661 0x04f4  mbamchameleon - ok
13:28:29.0708 0x04f4  [ CA43F8904E24BBE49982E4C0B29E6579, 2E3E6D02980706061C478C1643F8838310DDAC573C8722AE7F3290CE36B02CB2 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
13:28:29.0708 0x04f4  MBAMProtector - ok
13:28:29.0848 0x04f4  [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
13:28:29.0895 0x04f4  MBAMScheduler - ok
13:28:29.0989 0x04f4  [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
13:28:30.0035 0x04f4  MBAMService - ok
13:28:30.0082 0x04f4  [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy   C:\windows\system32\drivers\MBAMSwissArmy.sys
13:28:30.0082 0x04f4  MBAMSwissArmy - ok
13:28:30.0129 0x04f4  [ A646C2DDB8C46E9B20A326FAF566646C, F46E3BF392CB4EB53D323BC8CC41EFBB9C5D7C935FECF255F524EB18583A2A37 ] MBAMWebAccessControl C:\windows\system32\drivers\mwac.sys
13:28:30.0129 0x04f4  MBAMWebAccessControl - ok
13:28:30.0176 0x04f4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
13:28:30.0176 0x04f4  Mcx2Svc - ok
13:28:30.0191 0x04f4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
13:28:30.0191 0x04f4  megasas - ok
13:28:30.0254 0x04f4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
13:28:30.0269 0x04f4  MegaSR - ok
13:28:30.0363 0x04f4  Microsoft SharePoint Workspace Audit Service - ok
13:28:30.0410 0x04f4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
13:28:30.0410 0x04f4  MMCSS - ok
13:28:30.0441 0x04f4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
13:28:30.0441 0x04f4  Modem - ok
13:28:30.0472 0x04f4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
13:28:30.0472 0x04f4  monitor - ok
13:28:30.0503 0x04f4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\drivers\mouclass.sys
13:28:30.0503 0x04f4  mouclass - ok
13:28:30.0550 0x04f4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
13:28:30.0550 0x04f4  mouhid - ok
13:28:30.0581 0x04f4  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
13:28:30.0581 0x04f4  mountmgr - ok
13:28:30.0628 0x04f4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
13:28:30.0644 0x04f4  mpio - ok
13:28:30.0722 0x04f4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
13:28:30.0722 0x04f4  mpsdrv - ok
13:28:30.0815 0x04f4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
13:28:30.0847 0x04f4  MpsSvc - ok
13:28:30.0893 0x04f4  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
13:28:30.0893 0x04f4  MRxDAV - ok
13:28:30.0925 0x04f4  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
13:28:30.0940 0x04f4  mrxsmb - ok
13:28:30.0956 0x04f4  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
13:28:30.0956 0x04f4  mrxsmb10 - ok
13:28:30.0987 0x04f4  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
13:28:30.0987 0x04f4  mrxsmb20 - ok
13:28:31.0034 0x04f4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
13:28:31.0034 0x04f4  msahci - ok
13:28:31.0065 0x04f4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
13:28:31.0065 0x04f4  msdsm - ok
13:28:31.0096 0x04f4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
13:28:31.0096 0x04f4  MSDTC - ok
13:28:31.0143 0x04f4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
13:28:31.0143 0x04f4  Msfs - ok
13:28:31.0205 0x04f4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
13:28:31.0205 0x04f4  mshidkmdf - ok
13:28:31.0237 0x04f4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
13:28:31.0237 0x04f4  msisadrv - ok
13:28:31.0283 0x04f4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
13:28:31.0283 0x04f4  MSiSCSI - ok
13:28:31.0283 0x04f4  msiserver - ok
13:28:31.0315 0x04f4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
13:28:31.0315 0x04f4  MSKSSRV - ok
13:28:31.0361 0x04f4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
13:28:31.0361 0x04f4  MSPCLOCK - ok
13:28:31.0377 0x04f4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
13:28:31.0377 0x04f4  MSPQM - ok
13:28:31.0424 0x04f4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
13:28:31.0439 0x04f4  MsRPC - ok
13:28:31.0471 0x04f4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
13:28:31.0471 0x04f4  mssmbios - ok
13:28:31.0502 0x04f4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
13:28:31.0502 0x04f4  MSTEE - ok
13:28:31.0533 0x04f4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
13:28:31.0533 0x04f4  MTConfig - ok
13:28:31.0549 0x04f4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
13:28:31.0564 0x04f4  Mup - ok
13:28:31.0627 0x04f4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
13:28:31.0642 0x04f4  napagent - ok
13:28:31.0705 0x04f4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
13:28:31.0720 0x04f4  NativeWifiP - ok
13:28:31.0783 0x04f4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
13:28:31.0814 0x04f4  NDIS - ok
13:28:31.0845 0x04f4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
13:28:31.0845 0x04f4  NdisCap - ok
13:28:31.0892 0x04f4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
13:28:31.0892 0x04f4  NdisTapi - ok
13:28:31.0923 0x04f4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
13:28:31.0923 0x04f4  Ndisuio - ok
13:28:31.0954 0x04f4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
13:28:31.0954 0x04f4  NdisWan - ok
13:28:31.0985 0x04f4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
13:28:31.0985 0x04f4  NDProxy - ok
13:28:32.0017 0x04f4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
13:28:32.0017 0x04f4  NetBIOS - ok
13:28:32.0063 0x04f4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
13:28:32.0063 0x04f4  NetBT - ok
13:28:32.0095 0x04f4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\windows\system32\lsass.exe
13:28:32.0095 0x04f4  Netlogon - ok
13:28:32.0157 0x04f4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
13:28:32.0157 0x04f4  Netman - ok
13:28:32.0204 0x04f4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:28:32.0282 0x04f4  NetMsmqActivator - ok
13:28:32.0282 0x04f4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:28:32.0282 0x04f4  NetPipeActivator - ok
13:28:32.0360 0x04f4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
13:28:32.0375 0x04f4  netprofm - ok
13:28:32.0407 0x04f4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:28:32.0407 0x04f4  NetTcpActivator - ok
13:28:32.0422 0x04f4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:28:32.0422 0x04f4  NetTcpPortSharing - ok
13:28:32.0485 0x04f4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
13:28:32.0485 0x04f4  nfrd960 - ok
13:28:32.0500 0x04f4  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\windows\System32\nlasvc.dll
13:28:32.0516 0x04f4  NlaSvc - ok
13:28:32.0547 0x04f4  Norton PC Checkup Application Launcher - ok
13:28:32.0578 0x04f4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
13:28:32.0578 0x04f4  Npfs - ok
13:28:32.0625 0x04f4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
13:28:32.0625 0x04f4  nsi - ok
13:28:32.0641 0x04f4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
13:28:32.0641 0x04f4  nsiproxy - ok
13:28:32.0812 0x04f4  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
13:28:32.0890 0x04f4  Ntfs - ok
13:28:32.0953 0x04f4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
13:28:32.0953 0x04f4  Null - ok
13:28:32.0984 0x04f4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
13:28:32.0984 0x04f4  nvraid - ok
13:28:33.0015 0x04f4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
13:28:33.0015 0x04f4  nvstor - ok
13:28:33.0077 0x04f4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
13:28:33.0077 0x04f4  nv_agp - ok
13:28:33.0109 0x04f4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
13:28:33.0109 0x04f4  ohci1394 - ok
13:28:33.0218 0x04f4  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:28:33.0218 0x04f4  ose - ok
13:28:33.0592 0x04f4  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:28:33.0873 0x04f4  osppsvc - ok
13:28:33.0967 0x04f4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
13:28:33.0982 0x04f4  p2pimsvc - ok
13:28:34.0060 0x04f4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
13:28:34.0091 0x04f4  p2psvc - ok
13:28:34.0185 0x04f4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\DRIVERS\parport.sys
13:28:34.0201 0x04f4  Parport - ok
13:28:34.0232 0x04f4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
13:28:34.0232 0x04f4  partmgr - ok
13:28:34.0279 0x04f4  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
13:28:34.0294 0x04f4  PcaSvc - ok
13:28:34.0372 0x04f4  [ 2F86BE1818C2D7AC90478E3323EE7FCB, CE721FCFFDC9D24483DEB6BB77DAFEBE79BA143CA2EE68BF28E2A9297AADB2D4 ] PCCUJobMgr      C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
13:28:34.0388 0x04f4  PCCUJobMgr - ok
13:28:34.0403 0x04f4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
13:28:34.0419 0x04f4  pci - ok
13:28:34.0513 0x04f4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
13:28:34.0513 0x04f4  pciide - ok
13:28:34.0575 0x04f4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
13:28:34.0575 0x04f4  pcmcia - ok
13:28:34.0591 0x04f4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
13:28:34.0591 0x04f4  pcw - ok
13:28:34.0669 0x04f4  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
13:28:34.0684 0x04f4  PEAUTH - ok
13:28:34.0809 0x04f4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
13:28:34.0825 0x04f4  PerfHost - ok
13:28:34.0918 0x04f4  [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
13:28:34.0918 0x04f4  PGEffect - ok
13:28:34.0981 0x04f4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
13:28:35.0043 0x04f4  pla - ok
13:28:35.0168 0x04f4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
13:28:35.0168 0x04f4  PlugPlay - ok
13:28:35.0199 0x04f4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
13:28:35.0215 0x04f4  PNRPAutoReg - ok
13:28:35.0277 0x04f4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
13:28:35.0293 0x04f4  PNRPsvc - ok
13:28:35.0339 0x04f4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
13:28:35.0355 0x04f4  PolicyAgent - ok
13:28:35.0402 0x04f4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
13:28:35.0402 0x04f4  Power - ok
13:28:35.0449 0x04f4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
13:28:35.0449 0x04f4  PptpMiniport - ok
13:28:35.0495 0x04f4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\DRIVERS\processr.sys
13:28:35.0511 0x04f4  Processor - ok
13:28:35.0527 0x04f4  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\windows\system32\profsvc.dll
13:28:35.0542 0x04f4  ProfSvc - ok
13:28:35.0589 0x04f4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\windows\system32\lsass.exe
13:28:35.0589 0x04f4  ProtectedStorage - ok
13:28:35.0620 0x04f4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
13:28:35.0620 0x04f4  Psched - ok
13:28:35.0761 0x04f4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
13:28:35.0823 0x04f4  ql2300 - ok
13:28:35.0854 0x04f4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
13:28:35.0854 0x04f4  ql40xx - ok
13:28:35.0885 0x04f4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
13:28:35.0901 0x04f4  QWAVE - ok
13:28:35.0932 0x04f4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
13:28:35.0932 0x04f4  QWAVEdrv - ok
13:28:35.0948 0x04f4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
13:28:35.0948 0x04f4  RasAcd - ok
13:28:36.0026 0x04f4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
13:28:36.0041 0x04f4  RasAgileVpn - ok
13:28:36.0073 0x04f4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
13:28:36.0088 0x04f4  RasAuto - ok
13:28:36.0151 0x04f4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
13:28:36.0166 0x04f4  Rasl2tp - ok
13:28:36.0197 0x04f4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
13:28:36.0197 0x04f4  RasMan - ok
13:28:36.0260 0x04f4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
13:28:36.0260 0x04f4  RasPppoe - ok
13:28:36.0291 0x04f4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
13:28:36.0291 0x04f4  RasSstp - ok
13:28:36.0400 0x04f4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
13:28:36.0400 0x04f4  rdbss - ok
13:28:36.0431 0x04f4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
13:28:36.0447 0x04f4  rdpbus - ok
13:28:36.0463 0x04f4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
13:28:36.0509 0x04f4  RDPCDD - ok
13:28:36.0525 0x04f4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
13:28:36.0525 0x04f4  RDPENCDD - ok
13:28:36.0556 0x04f4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
13:28:36.0556 0x04f4  RDPREFMP - ok
13:28:36.0603 0x04f4  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
13:28:36.0603 0x04f4  RDPWD - ok
13:28:36.0681 0x04f4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
13:28:36.0681 0x04f4  rdyboost - ok
13:28:36.0712 0x04f4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
13:28:36.0712 0x04f4  RemoteAccess - ok
13:28:36.0775 0x04f4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
13:28:36.0775 0x04f4  RemoteRegistry - ok
13:28:36.0806 0x04f4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
13:28:36.0806 0x04f4  RpcEptMapper - ok
13:28:36.0837 0x04f4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
13:28:36.0837 0x04f4  RpcLocator - ok
13:28:36.0946 0x04f4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
13:28:36.0962 0x04f4  RpcSs - ok
13:28:37.0055 0x04f4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
13:28:37.0071 0x04f4  rspndr - ok
13:28:37.0118 0x04f4  [ 907C4464381B5EBDFDC60F6C7D0DEDFC, A39EB4C0858A3CA2D8AFE6D52809EC41795FD7A2F3F157D9CBCCB84BE7958A89 ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
13:28:37.0118 0x04f4  RSUSBSTOR - ok
13:28:37.0133 0x04f4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\windows\system32\lsass.exe
13:28:37.0133 0x04f4  SamSs - ok
13:28:37.0196 0x04f4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
13:28:37.0196 0x04f4  sbp2port - ok
13:28:37.0243 0x04f4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
13:28:37.0243 0x04f4  SCardSvr - ok
13:28:37.0274 0x04f4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
13:28:37.0274 0x04f4  scfilter - ok
13:28:37.0414 0x04f4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
13:28:37.0461 0x04f4  Schedule - ok
13:28:37.0570 0x04f4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
13:28:37.0570 0x04f4  SCPolicySvc - ok
13:28:37.0586 0x04f4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
13:28:37.0601 0x04f4  SDRSVC - ok
13:28:37.0617 0x04f4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
13:28:37.0617 0x04f4  secdrv - ok
13:28:37.0648 0x04f4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
13:28:37.0648 0x04f4  seclogon - ok
13:28:37.0726 0x04f4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll
13:28:37.0726 0x04f4  SENS - ok
13:28:37.0742 0x04f4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
13:28:37.0757 0x04f4  SensrSvc - ok
13:28:37.0789 0x04f4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
13:28:37.0789 0x04f4  Serenum - ok
13:28:37.0867 0x04f4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\DRIVERS\serial.sys
13:28:37.0867 0x04f4  Serial - ok
13:28:37.0898 0x04f4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
13:28:37.0898 0x04f4  sermouse - ok
13:28:37.0945 0x04f4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
13:28:37.0945 0x04f4  SessionEnv - ok
13:28:37.0976 0x04f4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
13:28:37.0976 0x04f4  sffdisk - ok
13:28:38.0007 0x04f4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
13:28:38.0163 0x04f4  sffp_mmc - ok
13:28:38.0194 0x04f4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
13:28:38.0194 0x04f4  sffp_sd - ok
13:28:38.0225 0x04f4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
13:28:38.0225 0x04f4  sfloppy - ok
13:28:38.0257 0x04f4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
13:28:38.0272 0x04f4  SharedAccess - ok
13:28:38.0319 0x04f4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
13:28:38.0319 0x04f4  ShellHWDetection - ok
13:28:38.0413 0x04f4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
13:28:38.0413 0x04f4  SiSRaid2 - ok
13:28:38.0428 0x04f4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
13:28:38.0428 0x04f4  SiSRaid4 - ok
13:28:38.0522 0x04f4  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:28:38.0553 0x04f4  SkypeUpdate - ok
13:28:38.0756 0x04f4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
13:28:38.0771 0x04f4  Smb - ok
13:28:38.0787 0x04f4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
13:28:38.0803 0x04f4  SNMPTRAP - ok
13:28:38.0834 0x04f4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
13:28:38.0834 0x04f4  spldr - ok
13:28:38.0912 0x04f4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
13:28:38.0927 0x04f4  Spooler - ok
13:28:39.0224 0x04f4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
13:28:39.0364 0x04f4  sppsvc - ok
13:28:39.0395 0x04f4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
13:28:39.0395 0x04f4  sppuinotify - ok
13:28:39.0442 0x04f4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
13:28:39.0458 0x04f4  srv - ok
13:28:39.0520 0x04f4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
13:28:39.0520 0x04f4  srv2 - ok
13:28:39.0583 0x04f4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
13:28:39.0583 0x04f4  srvnet - ok
13:28:39.0676 0x04f4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
13:28:39.0692 0x04f4  SSDPSRV - ok
13:28:39.0692 0x04f4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
13:28:39.0707 0x04f4  SstpSvc - ok
13:28:39.0723 0x04f4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
13:28:39.0723 0x04f4  stexstor - ok
13:28:39.0770 0x04f4  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\windows\system32\DRIVERS\serscan.sys
13:28:39.0770 0x04f4  StillCam - ok
13:28:39.0879 0x04f4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
13:28:39.0895 0x04f4  stisvc - ok
13:28:39.0926 0x04f4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\drivers\swenum.sys
13:28:39.0926 0x04f4  swenum - ok
13:28:39.0988 0x04f4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
13:28:40.0051 0x04f4  swprv - ok
13:28:40.0129 0x04f4  [ 470C47DABA9CA3966F0AB3F835D7D135, BF98E48B05F37F8ABE264BF77355391A08955057E24AE456A5637D56BDFD40A5 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
13:28:40.0191 0x04f4  SynTP - ok
13:28:40.0300 0x04f4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
13:28:40.0347 0x04f4  SysMain - ok
13:28:40.0378 0x04f4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
13:28:40.0378 0x04f4  TabletInputService - ok
13:28:40.0409 0x04f4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
13:28:40.0409 0x04f4  TapiSrv - ok
13:28:40.0534 0x04f4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
13:28:40.0550 0x04f4  TBS - ok
13:28:40.0690 0x04f4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
13:28:40.0799 0x04f4  Tcpip - ok
13:28:41.0018 0x04f4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
13:28:41.0049 0x04f4  TCPIP6 - ok
13:28:41.0096 0x04f4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
13:28:41.0189 0x04f4  tcpipreg - ok
13:28:41.0267 0x04f4  [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
13:28:41.0267 0x04f4  tdcmdpst - ok
13:28:41.0299 0x04f4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
13:28:41.0299 0x04f4  TDPIPE - ok
13:28:41.0345 0x04f4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
13:28:41.0345 0x04f4  TDTCP - ok
13:28:41.0377 0x04f4  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\windows\system32\DRIVERS\tdx.sys
13:28:41.0377 0x04f4  tdx - ok
13:28:41.0704 0x04f4  [ 4ACFC5853A3F0C6C2F54E537C23EE90F, 47D81F471A250696A1A0D19294FC553EB88D813612A8351C89F65D7BF99C8532 ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
13:28:41.0969 0x04f4  TeamViewer9 - ok
13:28:42.0016 0x04f4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\drivers\termdd.sys
13:28:42.0016 0x04f4  TermDD - ok
13:28:42.0063 0x04f4  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\windows\System32\termsrv.dll
13:28:42.0079 0x04f4  TermService - ok
13:28:42.0110 0x04f4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
13:28:42.0110 0x04f4  Themes - ok
13:28:42.0235 0x04f4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
13:28:42.0235 0x04f4  THREADORDER - ok
13:28:42.0328 0x04f4  [ 28644B0523D64EFF2FC7312A2EE74B0A, 09A36DE0B2B90842BD5B8353CC34B7C71C0FBBF6DD5862720FCEE760849C4561 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
13:28:42.0328 0x04f4  TMachInfo - ok
13:28:42.0391 0x04f4  [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv         C:\windows\system32\TODDSrv.exe
13:28:42.0391 0x04f4  TODDSrv - ok
13:28:42.0515 0x04f4  [ DB9719688C08F42705FEB3F6A0C98B91, D8E837F2F5C3838312001CCDD37448ABAE3DD6452CE6DC26241678E0F3A584CE ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
13:28:42.0547 0x04f4  TosCoSrv - ok
13:28:42.0593 0x04f4  [ 74C2FA8C3765EE71A9C22182EC108457, A7073FAB6CE6FB9824544A9CDCCA441D08FD87D68EB564DCB1186FC257776221 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
13:28:42.0593 0x04f4  TOSHIBA HDD SSD Alert Service - ok
13:28:42.0656 0x04f4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
13:28:42.0656 0x04f4  TrkWks - ok
13:28:42.0718 0x04f4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
13:28:42.0718 0x04f4  TrustedInstaller - ok
13:28:42.0781 0x04f4  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
13:28:42.0781 0x04f4  tssecsrv - ok
13:28:42.0812 0x04f4  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
13:28:42.0812 0x04f4  TsUsbFlt - ok
13:28:42.0874 0x04f4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
13:28:42.0874 0x04f4  tunnel - ok
13:28:42.0905 0x04f4  [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
13:28:42.0905 0x04f4  TVALZ - ok
13:28:42.0968 0x04f4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
13:28:42.0968 0x04f4  uagp35 - ok
13:28:42.0999 0x04f4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
13:28:43.0015 0x04f4  udfs - ok
13:28:43.0061 0x04f4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
13:28:43.0077 0x04f4  UI0Detect - ok
13:28:43.0108 0x04f4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
13:28:43.0108 0x04f4  uliagpkx - ok
13:28:43.0155 0x04f4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\drivers\umbus.sys
13:28:43.0155 0x04f4  umbus - ok
13:28:43.0202 0x04f4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
13:28:43.0202 0x04f4  UmPass - ok
13:28:43.0545 0x04f4  [ 48E114762941941D5821EAAE29D75E9E, F04F1C25F22C660A1F5CE3A99B870CE8A4473EB3EE517834FAC73B9D2D8CB949 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:28:43.0654 0x04f4  UNS - ok
13:28:43.0701 0x04f4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
13:28:43.0717 0x04f4  upnphost - ok
13:28:43.0732 0x04f4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
13:28:43.0748 0x04f4  usbccgp - ok
13:28:43.0841 0x04f4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
13:28:43.0857 0x04f4  usbcir - ok
13:28:43.0873 0x04f4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\drivers\usbehci.sys
13:28:43.0888 0x04f4  usbehci - ok
13:28:43.0904 0x04f4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
13:28:43.0904 0x04f4  usbhub - ok
13:28:43.0935 0x04f4  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\drivers\usbohci.sys
13:28:43.0935 0x04f4  usbohci - ok
13:28:44.0044 0x04f4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
13:28:44.0044 0x04f4  usbprint - ok
13:28:44.0075 0x04f4  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
13:28:44.0075 0x04f4  usbscan - ok
13:28:44.0107 0x04f4  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
13:28:44.0107 0x04f4  USBSTOR - ok
13:28:44.0231 0x04f4  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
13:28:44.0247 0x04f4  usbuhci - ok
13:28:44.0294 0x04f4  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
13:28:44.0294 0x04f4  usbvideo - ok
13:28:44.0325 0x04f4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
13:28:44.0325 0x04f4  UxSms - ok
13:28:44.0450 0x04f4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\windows\system32\lsass.exe
13:28:44.0450 0x04f4  VaultSvc - ok
13:28:44.0481 0x04f4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
13:28:44.0481 0x04f4  vdrvroot - ok
13:28:44.0528 0x04f4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
13:28:44.0543 0x04f4  vds - ok
13:28:44.0606 0x04f4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
13:28:44.0699 0x04f4  vga - ok
13:28:44.0731 0x04f4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
13:28:44.0746 0x04f4  VgaSave - ok
13:28:44.0777 0x04f4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
13:28:44.0777 0x04f4  vhdmp - ok
13:28:44.0809 0x04f4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
13:28:44.0809 0x04f4  viaide - ok
13:28:44.0840 0x04f4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
13:28:44.0840 0x04f4  volmgr - ok
13:28:44.0887 0x04f4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
13:28:44.0887 0x04f4  volmgrx - ok
13:28:44.0918 0x04f4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\windows\system32\drivers\volsnap.sys
13:28:44.0933 0x04f4  volsnap - ok
13:28:44.0965 0x04f4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
13:28:44.0980 0x04f4  vsmraid - ok
13:28:45.0183 0x04f4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
13:28:45.0245 0x04f4  VSS - ok
13:28:45.0292 0x04f4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
13:28:45.0292 0x04f4  vwifibus - ok
13:28:45.0339 0x04f4  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
13:28:45.0339 0x04f4  vwififlt - ok
13:28:45.0386 0x04f4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
13:28:45.0386 0x04f4  W32Time - ok
13:28:45.0433 0x04f4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
13:28:45.0433 0x04f4  WacomPen - ok
13:28:45.0479 0x04f4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
13:28:45.0479 0x04f4  WANARP - ok
13:28:45.0495 0x04f4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
13:28:45.0495 0x04f4  Wanarpv6 - ok
13:28:45.0573 0x04f4  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
13:28:45.0620 0x04f4  WatAdminSvc - ok
13:28:45.0760 0x04f4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
13:28:45.0823 0x04f4  wbengine - ok
13:28:45.0854 0x04f4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
13:28:45.0854 0x04f4  WbioSrvc - ok
13:28:45.0885 0x04f4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
13:28:45.0901 0x04f4  wcncsvc - ok
13:28:45.0916 0x04f4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
13:28:45.0916 0x04f4  WcsPlugInService - ok
13:28:45.0932 0x04f4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\DRIVERS\wd.sys
13:28:45.0932 0x04f4  Wd - ok
13:28:45.0979 0x04f4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
13:28:45.0994 0x04f4  Wdf01000 - ok
13:28:46.0057 0x04f4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
13:28:46.0057 0x04f4  WdiServiceHost - ok
13:28:46.0057 0x04f4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
13:28:46.0072 0x04f4  WdiSystemHost - ok
13:28:46.0103 0x04f4  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll
13:28:46.0119 0x04f4  WebClient - ok
13:28:46.0135 0x04f4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
13:28:46.0150 0x04f4  Wecsvc - ok
13:28:46.0150 0x04f4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
13:28:46.0166 0x04f4  wercplsupport - ok
13:28:46.0181 0x04f4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
13:28:46.0181 0x04f4  WerSvc - ok
13:28:46.0213 0x04f4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
13:28:46.0213 0x04f4  WfpLwf - ok
13:28:46.0244 0x04f4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
13:28:46.0244 0x04f4  WIMMount - ok
13:28:46.0275 0x04f4  WinDefend - ok
13:28:46.0306 0x04f4  WinHttpAutoProxySvc - ok
13:28:46.0353 0x04f4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
13:28:46.0369 0x04f4  Winmgmt - ok
13:28:46.0462 0x04f4  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\windows\system32\WsmSvc.dll
13:28:46.0509 0x04f4  WinRM - ok
13:28:46.0571 0x04f4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
13:28:46.0587 0x04f4  WinUsb - ok
13:28:46.0634 0x04f4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
13:28:46.0665 0x04f4  Wlansvc - ok
13:28:46.0712 0x04f4  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:28:46.0712 0x04f4  wlcrasvc - ok
13:28:46.0961 0x04f4  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:28:47.0055 0x04f4  wlidsvc - ok
13:28:47.0086 0x04f4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
13:28:47.0086 0x04f4  WmiAcpi - ok
13:28:47.0117 0x04f4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
13:28:47.0117 0x04f4  wmiApSrv - ok
13:28:47.0164 0x04f4  WMPNetworkSvc - ok
13:28:47.0195 0x04f4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
13:28:47.0195 0x04f4  WPCSvc - ok
13:28:47.0227 0x04f4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
13:28:47.0227 0x04f4  WPDBusEnum - ok
13:28:47.0258 0x04f4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
13:28:47.0273 0x04f4  ws2ifsl - ok
13:28:47.0289 0x04f4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\System32\wscsvc.dll
13:28:47.0305 0x04f4  wscsvc - ok
13:28:47.0305 0x04f4  WSearch - ok
13:28:47.0445 0x04f4  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\windows\system32\wuaueng.dll
13:28:47.0523 0x04f4  wuauserv - ok
13:28:47.0617 0x04f4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
13:28:47.0632 0x04f4  WudfPf - ok
13:28:47.0679 0x04f4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
13:28:47.0695 0x04f4  WUDFRd - ok
13:28:47.0726 0x04f4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
13:28:47.0726 0x04f4  wudfsvc - ok
13:28:47.0773 0x04f4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
13:28:47.0773 0x04f4  WwanSvc - ok
13:28:47.0804 0x04f4  ================ Scan global ===============================
13:28:47.0819 0x04f4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
13:28:47.0851 0x04f4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
13:28:47.0866 0x04f4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
13:28:47.0913 0x04f4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
13:28:47.0944 0x04f4  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
13:28:47.0944 0x04f4  [ Global ] - ok
13:28:47.0944 0x04f4  ================ Scan MBR ==================================
13:28:47.0960 0x04f4  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
13:28:48.0428 0x04f4  \Device\Harddisk0\DR0 - ok
13:28:48.0428 0x04f4  ================ Scan VBR ==================================
13:28:48.0506 0x04f4  [ D453FCA667EB6154B4F958A9CAF3448A ] \Device\Harddisk0\DR0\Partition1
13:28:48.0506 0x04f4  \Device\Harddisk0\DR0\Partition1 - ok
13:28:48.0521 0x04f4  ================ Scan generic autorun ======================
13:28:48.0724 0x04f4  [ 67BD916F01424DEB8AB8CD9E0096F277, D1E4A7BA332DA229138E89E5C4550A58ADD896B85728DF6BA33F1DE57D586E77 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
13:28:48.0740 0x04f4  BCSSync - ok
13:28:48.0849 0x04f4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:28:48.0865 0x04f4  Sidebar - ok
13:28:48.0911 0x04f4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:28:48.0911 0x04f4  mctadmin - ok
13:28:48.0974 0x04f4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:28:49.0005 0x04f4  Sidebar - ok
13:28:49.0021 0x04f4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:28:49.0036 0x04f4  mctadmin - ok
13:28:49.0161 0x04f4  [ 9AFBB0F9CCFEB22E3079EF324AA3C89B, CF3A93246709E7311ABABD86B8057DBA446152B591022FE083E974EF8E2DF367 ] C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe
13:28:49.0239 0x04f4  SafeInCloud - ok
13:28:49.0613 0x04f4  [ 08DFA176E4FC0E63ACD8EC854449D2B0, B8CA204C3F318CD9D12F61CDDA5C66184A48D6206F019AD11DB2605FDBEB288D ] C:\Users\Tegrodamus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
13:28:49.0676 0x04f4  Spotify Web Helper - ok
13:28:49.0754 0x04f4  GoogleDriveSync - ok
13:28:50.0035 0x04f4  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe
13:28:50.0113 0x04f4  HP Deskjet 3050 J610 series (NET) - ok
13:28:50.0300 0x04f4  [ 44A9229022A519ED45294A1934C05EEC, 6DEF0DB5F9B50E9B0AFEE1CF50066BEB4FB7E15E2DC829A499509925660D6992 ] C:\Users\Tegrodamus\AppData\Local\FluxSoftware\Flux\flux.exe
13:28:50.0347 0x04f4  f.lux - ok
13:28:50.0581 0x04f4  [ 5F3587E344F2990B59C941FB405CAA0F, FECEC63F515EF66FAD84FF589E95B931574CA1F6BDFC9D6E016B0604AFF18498 ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
13:28:50.0596 0x04f4  GoogleChromeAutoLaunch_E7B268EE4A8BE80218F4023395E5BE05 - ok
13:28:50.0705 0x04f4  [ B22CB67919EBAD88B0E8BB9CDA446010, 2F744FEAC48EDE7D6B6D2727F7DDFA80B26D9E3B0009741B00992B19AD85E128 ] C:\Windows\System32\StikyNot.exe
13:28:50.0721 0x04f4  RESTART_STICKY_NOTES - ok
13:28:50.0721 0x04f4  Waiting for KSN requests completion. In queue: 54
13:28:51.0735 0x04f4  Waiting for KSN requests completion. In queue: 54
13:28:52.0749 0x04f4  Waiting for KSN requests completion. In queue: 54
13:28:53.0935 0x04f4  Win FW state via NFP2: enabled
13:28:56.0477 0x04f4  ============================================================
13:28:56.0477 0x04f4  Scan finished
13:28:56.0477 0x04f4  ============================================================
13:28:56.0477 0x0e88  Detected object count: 0
13:28:56.0477 0x0e88  Actual detected object count: 0


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:47 AM

Posted 06 January 2015 - 04:38 PM

How is your computer running?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 T1gT34gu3

T1gT34gu3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 06 January 2015 - 06:09 PM

it's running a bit faster, one thing i notice from running the adware cleaner, is the same process address's keep getting flagged. 

 

Specifically These:

 

[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN42011141632564516&ctid=CT3311875&UM=2
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN42011141632564516&ctid=CT3311875&UM=2
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_34_ch&cd=2XzuyEtN2Y1L1Qzu0Czz0DtA0AtAtD0CtDyDtAtA0C0C0FyDtN0D0Tzu0SzyyCyEtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0CzytDtAzzyB0CtGtByB0A0AtGyByEtCyBtG0ByBtBzytGyB0DyCzy0B0CyEtC0D0CyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtAtDtD0F0FtAtBtGtD0B0C0FtGyEyDyDyCtG0AtC0F0BtG0DyCyDzz0CtD0DyC0ByBtA0D2Q&cr=1018790794&ir=
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN33656360426255280&ctid=CT3289847&UM=2&sspv=CHNTI1
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN33656360426255280&ctid=CT3289847&UM=2&sspv=CHNTI1
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=hells+kitchen&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0Czz0DtA0AtAtD0CtDyDtAtA0C0C0FyDtN0D0Tzu0CyBzztDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1901088366&ir=
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20130410&user_guid=48B3468E4F85425CB14833BEB2693738&machine_id=228d95bb936298cd740fd8a2073ae7ef&browser=CR&os=win&os_version=6.1-x86-SP1
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0Czz0DtA0AtAtD0CtDyDtAtA0C0C0FyDtN0D0Tzu0CyBzztDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1901088366&ir=
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.facemoods.com/?a=fmtoby&s={searchTerms}&f=4
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.foxnews.com/search-results/search?q={searchTerms}&submit=Search&ss=fn
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.49ers.com/search-results?q={searchTerms}&Go.x=14&Go.y=7
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?searchfor={searchTerms}&ptb=&n=&tpr=hpsb&ts=1376338043551&st=hp
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?searchfor={searchTerms}&ptb=&n=&tpr=hpsb&ts=1376338043551&st=hp
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.startnow.com/s/?q={searchTerms}&submit=Search+&category=web&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20130410&user_guid=48B3468E4F85425CB14833BEB2693738&machine_id=228d95bb936298cd740fd8a2073ae7ef&browser=cr&os=win&os_version=6.1-x86-SP1&provider=vmn&provider_name=yahoo&provider_code=search.startnow.com&src=startpage
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://search.conduit.com/?ctid=CT3311875&SearchSource=48&CUI=UN42011141632564516&UM=2
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://search.conduit.com/?ctid=CT3311875&SearchSource=48&CUI=UN42011141632564516&UM=2
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://searchy.easylifeapp.com/
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://search.gboxapp.com/?aff=p
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0Czz0DtA0AtAtD0CtDyDtAtA0C0C0FyDtN0D0Tzu0CyBzztDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1901088366&ir=
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://www.searchnu.com/406?appid=707
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ch
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20130410&user_guid=48B3468E4F85425CB14833BEB2693738&machine_id=228d95bb936298cd740fd8a2073ae7ef&browser=CR&os=win&os_version=6.1-x86-SP1
[C:\Users\Tegrodamus\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://www.v9.com/?type=hp&ts=1403604771&from=ymb&uid=TOSHIBAXMK3265GSXV_60TBS6V7SXX60TBS6V7S&i=psd&t=3449d1761
 
Although i notice an increase in overall performance, faster boot times, faster webpages loads so on and so forth, i am worried the malicious software is just going to re install itself the moment i give it some room to breath. Which has happened MANY times in the past. 


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:47 AM

Posted 06 January 2015 - 06:24 PM

I understand,

Let's sort this out a bit. I know you computer is running better overall but we haven't addressed any system crashes since we started working together. Have you had any?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 T1gT34gu3

T1gT34gu3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 06 January 2015 - 06:45 PM

I haven't had any system crashes. 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:47 AM

Posted 06 January 2015 - 06:53 PM

Excellent.

A couple of things now. Prior to our work one of the boot partitions was corrupted. You can see it below as Partition 3. What tells us it is malicious is the part that says (Type=17). However, that will only directly affect you if that partition is set to Active and as you can see it is not. It most likely was at one point and the reason for many of your troubles. So what we are left with is an inactive malicious Partition and I want to deal with that. Basically we are going to modify it to make it a healthy partition. We will first run a report then put together a fix.
 

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 2AC57315)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=286.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.3 GB) - (Type=17)


Secondly, we need to reset Google Chrome to get rid of all those entries.

Please do the following.

===================================================

Resetting Google Chrome to Original Defaults

--------------------

  • Launch Chrome then review this page before following these steps to review what changes will take place
  • In the address bar type chrome://settings and press Enter
  • Click Show advanced settings... located at the bottom of the page
  • Under the Reset settings section click Reset settings
  • Uncheck Help make Google Chrome better by reporting the current settings if you don' t want to provide that information
  • Click Reset
  • Restart Chrome and check the performance
  • Rerun AdwCleaner and post the results

===================================================

ListParts by Farbar for 64 bit Systems

--------------------

  • Please download ListParts.exe (for 64 bit systems) and save it to your desktop
  • Double click the icon to launch the program
  • Select Run
  • Select Scan
  • Select OK and wait for a Result - Notepad document to open on your desktop
  • Please copy and paste the contents in your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • How is Chrome behaving?
  • AdwCleaneer log
  • ListParts report

Edited by Oh My!, 06 January 2015 - 06:56 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 T1gT34gu3

T1gT34gu3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 07 January 2015 - 06:20 PM

Chrome will:

Slight delay in load times between tabs. 

Sometimes my extensions will turn off on their own. 

================================================================================================================

================================================================================================================

================================================================================================================

# AdwCleaner v4.106 - Report created 07/01/2015 at 15:07:43
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tegrodamus - TEGRODAMUS-PC
# Running from : C:\Users\Tegrodamus\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [6659 octets] - [05/01/2015 15:09:43]
AdwCleaner[R1].txt - [6719 octets] - [05/01/2015 16:01:57]
AdwCleaner[R2].txt - [11476 octets] - [05/01/2015 16:03:59]
AdwCleaner[R3].txt - [7621 octets] - [06/01/2015 11:06:39]
AdwCleaner[R4].txt - [5816 octets] - [06/01/2015 13:34:59]
AdwCleaner[R5].txt - [1244 octets] - [06/01/2015 16:22:29]
AdwCleaner[R6].txt - [6054 octets] - [07/01/2015 15:00:35]
AdwCleaner[R7].txt - [1483 octets] - [07/01/2015 15:05:24]
AdwCleaner[S0].txt - [11742 octets] - [05/01/2015 16:06:30]
AdwCleaner[S1].txt - [7736 octets] - [06/01/2015 11:10:36]
AdwCleaner[S2].txt - [5913 octets] - [06/01/2015 13:37:03]
AdwCleaner[S3].txt - [1306 octets] - [06/01/2015 16:24:27]
AdwCleaner[S4].txt - [6151 octets] - [07/01/2015 15:02:18]
AdwCleaner[S5].txt - [1404 octets] - [07/01/2015 15:07:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1464 octets] ##########
================================================================================================================================================================================================================================================================================================================================================
ListParts by Farbar Version: 31-07-2014
Ran by Tegrodamus (administrator) on 07-01-2015 at 14:52:25
Windows 7 (X64)
Running From: C:\Users\Tegrodamus\Desktop
Language: English (United States)
************************************************************
 
========================= Memory info ====================== 
 
Percentage of memory in use: 72%
Total physical RAM: 3894.85 MB
Available physical RAM: 1058.77 MB
Total Pagefile: 7787.88 MB
Available Pagefile: 4073.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
 
======================= Partitions =========================
 
1 Drive c: (TI106049W0B) (Fixed) (Total:286.31 GB) (Free:236.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          298 GB      0 B         
 
Partitions of Disk 0:
===============
 
Disk ID: 2AC57315
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery          1500 MB  1024 KB
  Partition 2    Primary            286 GB  1501 MB
  Partition 3    Primary             10 GB   287 GB
 
======================================================================================================
 
Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2         System       NTFS   Partition   1500 MB  Healthy    Hidden  
 
======================================================================================================
 
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   TI106049W0B  NTFS   Partition    286 GB  Healthy    Boot    
 
======================================================================================================
 
Disk: 0
Partition 3
Type  : 17
Hidden: Yes
Active: No
 
There is no volume associated with this partition.
 
======================================================================================================
============================== MBR Partition Table ==================
 
==============================
Partitions of Disk 0:
===============
Disk ID: 2AC57315
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=286 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=17)
 
 
****** End Of Log ****** 


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:47 AM

Posted 07 January 2015 - 08:18 PM

You can delete and reinstall the extensions giving your problems. Please do this.

===================================================

Running a ListParts Fix

--------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type Notepad and press Enter
  • Copy and paste the below into Notepad.
Disk=0 Partition=3 type=07
  • Dave the document onto your Desktop as Fix.txt
  • Save as Fix.txt to the flash drive where ListParts is located.
  • Launch ListParts
  • Press the Fix button.
  • When finished please press the Scan button.
  • A log Result.txt will be saved to the flash drive.
  • Copy and paste the information in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did you reinstall Chome extensions?
  • ListParts report
  • Are there any other issues?

Edited by Oh My!, 07 January 2015 - 08:19 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 T1gT34gu3

T1gT34gu3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 08 January 2015 - 01:09 AM

I re-installed all of my extensions
 
================================================================================================================================================================================================================================
================================================================================================================
 
ListParts by Farbar Version: 31-07-2014
Ran by Tegrodamus (administrator) on 07-01-2015 at 21:41:40
Windows 7 (X64)
Running From: C:\Users\Tegrodamus\Desktop
Language: English (United States)
************************************************************
 
========================= Memory info ====================== 
 
Percentage of memory in use: 53%
Total physical RAM: 3894.85 MB
Available physical RAM: 1794.05 MB
Total Pagefile: 7787.88 MB
Available Pagefile: 5048.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
 
======================= Partitions =========================
 
1 Drive c: (TI106049W0B) (Fixed) (Total:286.31 GB) (Free:237.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (HDDRECOVERY) (Fixed) (Total:10.31 GB) (Free:0.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          298 GB      0 B         
 
Partitions of Disk 0:
===============
 
Disk ID: 2AC57315
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery          1500 MB  1024 KB
  Partition 2    Primary            286 GB  1501 MB
  Partition 3    Primary             10 GB   287 GB
 
======================================================================================================
 
Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3         System       NTFS   Partition   1500 MB  Healthy    Hidden  
 
======================================================================================================
 
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   TI106049W0B  NTFS   Partition    286 GB  Healthy    Boot    
 
======================================================================================================
 
Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     E   HDDRECOVERY  NTFS   Partition     10 GB  Healthy            
 
======================================================================================================
============================== MBR Partition Table ==================
 
==============================
Partitions of Disk 0:
===============
Disk ID: 2AC57315
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=286 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
 
 
****** End Of Log ****** 
 
================================================================================================================
================================================================================================================
================================================================================================================
 
I am HORRIBLE at showing gratitude online, but I appreciate everything you have done for me so far. My laptop is running like new as far as i can see; I will keep an eye out for any serious issues and post accordingly, UNLESS there's anything else you want me to run of course. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users