Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection: Malewarebytes Won't Finish Running


  • This topic is locked This topic is locked
13 replies to this topic

#1 Akari Blue

Akari Blue

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:07:26 PM

Posted 24 March 2015 - 11:08 AM

I don't know if my computer is infected or not. Both other times Malewarebytes anti-maleware program has trouble running, it has  been an infection. 
 
Malewarebytes hangs up either during or right before the heuristics scan, and it shows zero detections. I left it running overnight and it still wouldn't finish. 
 
I've also had a corrupted user profile, the computer occasionally boots up using a temp profile. That profile has been deleted and I have not had any trouble with the user profile I am using currently. I run Windows 7 64-bit, it is fully updated. Processor is an AMD Phenom II x4 920, I have 4gb of ram, and the video card is NVIDIA GeForce GTX 550, in case any of that makes a difference.
 
I don't see any other signs of infection. My computer isn't slow, I'm not getting pop-ups, and I don't see any unwanted programs running (using Sysinternals Program Explorer). I run zone alarm pro as firewall and anti-virus, it is fully updated and last scans (run nightly) shows nothing. I went through the "Am I infected" page, and ran CCleaner, and nothing there has fixed the problem. 
 
Below is the FRST.txt log that I just ran this morning. Attached is the Addition.txt log file of the same scan.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Sephyr (administrator) on DAYLIGHTIV on 24-03-2015 08:54:12
Running from C:\Users\Sephyr\Downloads
Loaded Profiles: Sephyr &  (Available profiles: Sephyr)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
(Sysinternals - www.sysinternals.com) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\procexp64.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(SanDisk Corporation) C:\Program Files (x86)\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ISW] => C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe [933496 2014-03-27] (Check Point Software Technologies LTD)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-04-25] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Users\Akari\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-23] (BitTorrent Inc.)
HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DW6] => [X]
HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [F.lux] => C:\Users\Akari\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Akari\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Wunderlist] => C:\Program Files (x86)\Wunderlist2\Wunderlist.exe [13021792 2013-12-02] (6 Wunderkinder GmbH)
HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {40112cbd-c399-11df-a894-002215d0f0ae} - J:\Setup.exe
HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-3950476251-2103889579-436239947-1010\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3950476251-2103889579-436239947-1010\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3950476251-2103889579-436239947-1010\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-3950476251-2103889579-436239947-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3950476251-2103889579-436239947-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-12] (Adobe Systems, Inc.)
Startup: C:\Users\Akari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
ShortcutTarget: Device Detector 3.lnk -> C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\procexp64.exe (Sysinternals - www.sysinternals.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SanDisk Media Manager.lnk
ShortcutTarget: SanDisk Media Manager.lnk ->  (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.1/htmlV_Generic/welcome1.asp
HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=PD
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-23] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-23] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-01-05] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.91 -> C:\Program Files (x86)\NOS\bin\np_gp.dll [2010-09-01] (NOS Microsystems Ltd.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 -> C:\Program Files (x86)\Sony Online Entertainment\npsoe.dll [2012-03-19] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @e-academy.com/Host SDM Plugin; version=1.0.0.0 -> C:\Users\Akari\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll No File
FF Plugin HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Akari\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Akari\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Akari\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-01-10] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-03-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-23]
CHR Extension: (Google Docs) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-23]
CHR Extension: (Google Drive) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-23]
CHR Extension: (YouTube) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-23]
CHR Extension: (Google Search) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-23]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-03-23]
CHR Extension: (Google Sheets) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-24]
CHR Extension: (Google Wallet) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-23]
CHR Extension: (Gmail) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-23]
CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Akari\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-01]
CHR HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3950476251-2103889579-436239947-1010\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3950476251-2103889579-436239947-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 IswSvc; C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe [1133176 2014-03-27] (Check Point Software Technologies LTD)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [66112 2010-09-01] (NOS Microsystems Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-04-25] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 icsak; C:\Program Files (x86)\CheckPoint\AKL\ak\icsak.sys [48512 2014-03-27] (Check Point Software Technologies LTD)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys [54144 2014-03-27] (Check Point Software Technologies LTD)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-03-19] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2010-10-14] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-03-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490592 2014-03-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-03-19] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2014-03-19] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177760 2014-03-19] (Kaspersky Lab ZAO)
R3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 VNUSB; C:\Windows\System32\Drivers\VNUSB.sys [22528 2009-09-29] (OLYMPUS IMAGING CORP.)
S3 VNUSB; C:\Windows\SysWOW64\Drivers\VNUSB.sys [38496 2006-04-07] (OLYMPUS IMAGING CORP.) [File not signed]
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450968 2014-04-24] (Check Point Software Technologies Ltd.)
U3 pwdoipod; \??\C:\Users\Sephyr\AppData\Local\Temp\pwdoipod.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-24 08:54 - 2015-03-24 08:55 - 00025336 _____ () C:\Users\Sephyr\Downloads\FRST.txt
2015-03-24 08:54 - 2015-03-24 08:54 - 00000000 ____D () C:\FRST
2015-03-24 08:39 - 2015-03-24 08:39 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-24 08:23 - 2015-03-24 08:23 - 02001540 _____ () C:\Users\Sephyr\Downloads\pc-decrapifier-3.0.0.exe
2015-03-24 08:23 - 2015-03-24 08:23 - 02001540 _____ () C:\Users\Sephyr\Downloads\pc-decrapifier-3.0.0 (1).exe
2015-03-24 08:22 - 2015-03-24 08:23 - 05325696 _____ (Piriform Ltd) C:\Users\Sephyr\Downloads\ccsetup503.exe
2015-03-23 22:51 - 2015-03-23 22:51 - 02095616 _____ (Farbar) C:\Users\Sephyr\Downloads\FRST64.exe
2015-03-23 22:49 - 2015-03-23 22:49 - 01388782 _____ (Thisisu) C:\Users\Sephyr\Downloads\JRT.exe
2015-03-23 22:49 - 2015-03-23 22:49 - 00380416 _____ () C:\Users\Sephyr\Downloads\pubmrvlh.exe
2015-03-23 22:44 - 2015-03-23 22:44 - 00380416 _____ () C:\Users\Sephyr\Downloads\tp9necnm.exe
2015-03-23 22:30 - 2015-03-23 22:33 - 00000000 ____D () C:\AdwCleaner
2015-03-23 22:25 - 2015-03-23 22:26 - 02168320 _____ () C:\Users\Sephyr\Downloads\adwcleaner_4.113.exe
2015-03-23 22:11 - 2015-03-23 22:11 - 00000000 ____D () C:\Users\Sephyr\Desktop\Akari
2015-03-23 22:09 - 2015-03-23 22:09 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\Logishrd
2015-03-23 22:04 - 2015-03-23 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-03-23 22:04 - 2015-03-23 22:04 - 00000000 ____D () C:\Program Files\Logitech
2015-03-23 21:53 - 2015-03-23 21:53 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Logishrd
2015-03-23 21:34 - 2015-03-23 21:34 - 00100360 _____ () C:\Users\Sephyr\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-23 21:33 - 2013-07-29 09:56 - 00000588 _____ () C:\Users\Sephyr\Documents\indexfile.txt
2015-03-23 21:24 - 2015-03-24 08:23 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\Adobe
2015-03-23 21:24 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Thunderbird
2015-03-23 21:24 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Mozilla
2015-03-23 21:24 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Apple Computer
2015-03-23 21:24 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Adobe
2015-03-23 21:24 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\Thunderbird
2015-03-23 21:23 - 2015-03-23 21:53 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Logitech
2015-03-23 21:23 - 2015-03-23 21:23 - 00001449 _____ () C:\Users\Sephyr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-23 21:23 - 2015-03-23 21:23 - 00001415 _____ () C:\Users\Sephyr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-03-23 21:21 - 2015-03-23 21:21 - 00000020 ___SH () C:\Users\Sephyr\ntuser.ini
2015-03-23 21:21 - 2015-03-23 21:21 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\CheckPoint
2015-03-23 21:20 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\Google
2015-03-23 21:20 - 2015-03-23 21:22 - 00000000 ____D () C:\Users\Sephyr
2015-03-23 21:20 - 2015-01-11 21:24 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\NVIDIA Corporation
2015-03-23 21:20 - 2015-01-11 16:02 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\NVIDIA
2015-03-23 21:20 - 2014-12-03 08:54 - 00000000 _____ () C:\Users\Sephyr\Sti_Trace.log
2015-03-23 21:20 - 2014-12-02 10:11 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\Apple
2015-03-23 21:20 - 2014-06-12 02:55 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Garmin
2015-03-23 21:20 - 2012-09-18 11:41 - 00000000 ____D () C:\Users\Sephyr\AppData\LocalGoogle
2015-03-23 21:20 - 2011-05-20 19:47 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Macromedia
2015-03-23 21:20 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Sephyr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-23 21:20 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Sephyr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-18 00:40 - 2015-03-13 08:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-18 00:34 - 2015-03-13 12:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-18 00:34 - 2015-03-13 12:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-16 16:21 - 2014-11-22 03:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-03-16 16:21 - 2014-11-22 03:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-03-13 14:46 - 2015-02-21 12:17 - 17882624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-13 14:46 - 2015-02-21 12:07 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-13 14:46 - 2015-02-21 12:02 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-13 14:46 - 2015-02-21 12:00 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-13 14:46 - 2015-02-21 11:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-13 14:46 - 2015-02-21 11:54 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-13 14:46 - 2015-02-21 11:53 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-13 14:46 - 2015-02-21 11:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-13 14:46 - 2015-02-21 11:52 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-13 14:46 - 2015-02-21 11:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-13 14:46 - 2015-02-21 11:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-13 14:46 - 2015-02-21 11:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-13 14:46 - 2015-02-21 11:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-13 14:46 - 2015-02-21 11:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-13 14:46 - 2015-02-21 10:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-13 14:46 - 2015-02-21 10:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-13 14:46 - 2015-02-21 10:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-13 14:46 - 2015-02-21 10:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-13 14:46 - 2015-02-21 10:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-13 14:46 - 2015-02-21 10:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-13 14:46 - 2015-02-21 10:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-13 14:46 - 2015-02-21 10:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-03-13 14:46 - 2015-02-21 10:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-13 14:46 - 2015-02-21 10:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-13 14:46 - 2015-02-21 10:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-13 14:46 - 2015-02-21 10:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-13 14:46 - 2015-02-21 10:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-13 14:46 - 2015-02-21 10:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-13 14:46 - 2015-02-21 10:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-13 14:46 - 2015-02-21 10:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-13 14:46 - 2015-02-21 10:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-13 14:46 - 2015-02-21 10:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-13 14:46 - 2015-02-21 10:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-03-13 14:46 - 2015-02-21 10:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-03-13 14:46 - 2015-02-21 10:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-03-13 14:46 - 2015-02-21 10:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-13 14:45 - 2015-02-02 20:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 14:45 - 2015-02-02 20:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-13 14:45 - 2015-02-02 20:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-13 14:45 - 2015-02-02 20:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-13 14:45 - 2015-02-02 20:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-13 14:45 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-13 14:45 - 2015-02-02 20:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-13 14:45 - 2015-02-02 20:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-13 14:45 - 2015-02-02 20:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-13 14:45 - 2015-02-02 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-13 14:45 - 2015-02-02 20:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-13 14:45 - 2015-02-02 20:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-13 14:45 - 2015-02-02 20:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-13 14:45 - 2015-02-02 20:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-13 14:45 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-13 14:45 - 2015-02-02 20:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-13 14:45 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-13 14:45 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-13 14:45 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-13 14:45 - 2015-02-02 20:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-13 14:45 - 2015-02-02 19:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-13 14:45 - 2014-10-31 15:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-13 14:45 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-13 14:45 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-13 14:43 - 2015-03-05 22:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-13 14:43 - 2015-03-05 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-13 14:43 - 2015-03-05 22:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-13 14:43 - 2015-03-05 22:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-13 14:43 - 2015-03-05 22:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-13 14:43 - 2015-03-05 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-13 14:43 - 2015-03-05 22:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-13 14:43 - 2015-03-05 22:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-13 14:43 - 2015-03-05 22:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-13 14:43 - 2015-03-05 22:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-13 14:43 - 2015-03-05 22:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-13 14:43 - 2015-03-05 22:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-13 14:43 - 2015-03-05 22:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-13 14:43 - 2015-02-25 20:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 14:43 - 2015-02-19 21:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-13 14:43 - 2015-02-19 21:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-13 14:43 - 2015-02-19 21:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 14:43 - 2015-02-19 21:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-13 14:43 - 2015-02-19 21:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-13 14:43 - 2015-02-19 21:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-13 14:43 - 2015-02-19 21:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-13 14:43 - 2015-02-19 21:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-13 14:43 - 2015-02-19 20:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 14:43 - 2015-02-19 20:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-13 14:43 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-13 14:43 - 2015-02-12 22:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-13 14:43 - 2015-02-03 20:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 14:43 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-13 14:43 - 2015-02-02 20:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 14:43 - 2015-02-02 20:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-13 14:43 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-13 14:43 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-13 14:43 - 2015-01-30 16:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-13 14:43 - 2015-01-16 19:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 14:43 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-13 14:22 - 2015-03-23 22:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-13 14:19 - 2015-03-13 14:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-13 14:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-13 14:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-13 14:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-01 16:05 - 2015-03-01 16:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-25 16:34 - 2015-01-08 16:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 16:34 - 2015-01-08 16:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 16:13 - 2015-02-25 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-25 16:11 - 2015-02-25 16:13 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-25 16:11 - 2015-02-25 16:13 - 00000000 ____D () C:\Program Files\iTunes
2015-02-25 16:11 - 2015-02-25 16:11 - 00000000 ____D () C:\Program Files\iPod
2015-02-25 16:11 - 2015-02-25 16:11 - 00000000 ____D () C:\Program Files (x86)\iTunes
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-24 08:49 - 2015-01-04 13:49 - 00003888 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-03-24 08:45 - 2010-09-18 20:43 - 00000000 ____D () C:\Windows\Panther
2015-03-24 08:38 - 2012-10-19 17:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-24 08:36 - 2010-09-18 20:53 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-24 08:17 - 2011-07-16 18:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-24 08:06 - 2012-02-05 10:05 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950476251-2103889579-436239947-1000UA.job
2015-03-24 05:23 - 2009-07-13 21:45 - 00013472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-24 05:23 - 2009-07-13 21:45 - 00013472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-24 05:19 - 2010-09-18 19:47 - 01355026 ____N () C:\Windows\WindowsUpdate.log
2015-03-23 22:39 - 2015-01-07 21:32 - 00000000 ___RD () C:\Data
2015-03-23 22:36 - 2011-07-16 18:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-23 22:35 - 2012-06-28 15:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-23 22:35 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-23 22:09 - 2010-09-18 20:21 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2015-03-23 22:07 - 2010-09-18 20:23 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-03-23 22:04 - 2010-09-18 20:22 - 00000000 ____D () C:\ProgramData\Logishrd
2015-03-23 21:45 - 2013-10-20 14:09 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-23 21:42 - 2014-10-14 21:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-23 21:42 - 2010-09-18 20:29 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-23 21:38 - 2010-09-19 08:47 - 00000426 _____ () C:\Windows\BRWMARK.INI
2015-03-23 21:38 - 2010-09-19 08:47 - 00000034 _____ () C:\Windows\SysWOW64\BD7420.DAT
2015-03-23 21:23 - 2014-11-30 10:55 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-23 11:05 - 2012-02-05 10:05 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950476251-2103889579-436239947-1000Core.job
2015-03-20 19:21 - 2014-11-30 12:13 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-18 22:40 - 2014-11-30 11:36 - 00003834 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1417372607
2015-03-18 22:40 - 2011-03-31 08:33 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-18 00:41 - 2014-11-30 12:04 - 00000000 ____D () C:\temp
2015-03-18 00:41 - 2014-03-28 09:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-18 00:41 - 2009-07-13 22:13 - 00795858 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-18 00:37 - 2012-06-28 15:05 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-15 14:41 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-03-15 13:38 - 2009-07-13 21:45 - 00364112 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-15 13:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-15 13:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-13 15:12 - 2013-07-12 22:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-13 14:50 - 2010-09-18 20:42 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-13 14:19 - 2010-09-29 14:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-13 14:19 - 2010-09-19 08:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System
2015-03-13 14:06 - 2012-10-19 17:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-13 12:41 - 2015-02-20 02:18 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-13 12:41 - 2014-11-30 11:59 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-13 12:41 - 2014-11-30 11:59 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 12:41 - 2014-03-20 23:03 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 12:41 - 2013-09-17 22:22 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 12:41 - 2012-06-28 15:07 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-13 12:41 - 2012-06-28 15:07 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 09:16 - 2011-01-16 17:13 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 09:16 - 2011-01-16 17:13 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 09:16 - 2011-01-16 17:13 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 09:16 - 2011-01-16 17:13 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 09:16 - 2011-01-16 17:13 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 09:16 - 2011-01-16 17:13 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-11 06:10 - 2013-03-06 11:32 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-09 22:23 - 2015-01-07 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-04 23:30 - 2013-08-14 00:04 - 00101369 ____H () C:\Windows\SysWOW64\BTImages.dat
2015-02-25 16:33 - 2012-06-28 15:17 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-25 16:11 - 2011-06-03 21:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-24 04:17 - 2010-09-18 20:22 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2011-07-03 19:41 - 2011-05-04 19:41 - 0000032 ____R () C:\ProgramData\hash.dat
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some content of TEMP:
====================
C:\Users\Akari\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Akari\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Akari\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Akari\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Akari\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Akari\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Akari\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Akari\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Akari\AppData\Local\Temp\nvStInst.exe
C:\Users\Akari\AppData\Local\Temp\Uninstall.exe
C:\Users\Akari\AppData\Local\Temp\utt1C0F.tmp.exe
C:\Users\Akari\AppData\Local\Temp\Wunderlist-Setup2.2.1.21.exe
C:\Users\Akari\AppData\Local\Temp\Wunderlist-Setup2.2.1.22.exe
C:\Users\Akari\AppData\Local\Temp\Wunderlist-Setup2.2.1.23.exe
C:\Users\Akari\AppData\Local\Temp\Wunderlist-Setup2.3.0.25.exe
C:\Users\Akari\AppData\Local\Temp\Wunderlist-Setup2.3.0.29.exe
C:\Users\Akari\AppData\Local\Temp\Wunderlist-Setup2.3.0.30.exe
C:\Users\Akari\AppData\Local\Temp\Wunderlist-Setup2.3.0.31.exe
C:\Users\Akari\AppData\Local\Temp\_is515B.exe
C:\Users\Akari\AppData\Local\Temp\_is5800.exe
C:\Users\Akari\AppData\Local\Temp\_is58E8.exe
C:\Users\Akari\AppData\Local\Temp\_isC8DA.exe
C:\Users\Sephyr\AppData\Local\Temp\Quarantine.exe
C:\Users\Sephyr\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-15 00:46
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Sephyr at 2015-03-24 08:57:05
Running from C:\Users\Sephyr\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ZoneAlarm Internet Security Suite Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Internet Security Suite Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Internet Security Suite Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.91 - NOS Microsystems Ltd.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced SystemCare 3 (HKLM-x32\...\Advanced SystemCare 3_is1) (Version: 3.7.0 - IObit)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
BatchPurifier (HKLM-x32\...\{F040E3D7-F81D-4A38-85AE-038F375198FC}) (Version: 4.0.0 - Digital Confidence)
Bejeweled 2 Deluxe (HKLM-x32\...\Bejeweled 2 Deluxe) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brain Workshop 4.8.1 (HKLM-x32\...\Brain Workshop_is1) (Version: 4.8.1 - Paul Hoskinson & Jonathan Toomim)
calibre (HKLM-x32\...\{72C56DB1-D0F9-4013-89CB-3C0095AD7ED5}) (Version: 0.9.39 - Kovid Goyal)
Cave Story Deluxe (HKLM-x32\...\Cave Story Deluxe) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CopyTrans Suite Remove Only (HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CopyTrans Suite) (Version: 2.27 - WindSolutions)
Darkout (HKLM-x32\...\Darkout_is1) (Version: 0.1.6 - )
Dropbox (HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 2.0.8 - Dropbox, Inc.)
Dungeons & Dragons Online ®:  Eberron Unlimited ™ v01.12.00.803 (HKLM-x32\...\15b35190-c6f9-11d9-9669-0800200c9a66_is1) (Version: 01.12.00.8032 - Atari, Inc.)
EasyGPS 4.29 (HKLM-x32\...\EasyGPS_is1) (Version: 4.29 - TopoGrafix)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
f.lux (HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Flux) (Version:  - )
FastStone Image Viewer 4.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.8 - FastStone Soft)
Flickr Uploadr 3.2.1 (HKLM-x32\...\Flickr Uploadr) (Version:  - )
Free MIDI to MP3 Converter 1.0 (HKLM-x32\...\{181E1175-1FF8-4EA5-BC08-A7CA39B85502}_is1) (Version:  - PolySoft Solutions)
Free MP3 WMA OGG Converter 8.1.2 (HKLM-x32\...\Free MP3 WMA OGG Converter_is1) (Version:  - CyberPower Tech, Inc.)
Free Realms (HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SOE-Free Realms) (Version:  - Sony Online Entertainment)
Freemake Video Converter version 3.0.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.0.2 - Ellora Assets Corporation)
Garmin City Navigator North America NT 2011.30 Update (HKLM-x32\...\{C505742A-0F8E-467B-8763-31588A777BC2}) (Version: 14.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2013.10 Update (HKLM-x32\...\{DE2E1909-12C2-4249-8003-7978BEA3A14F}) (Version: 16.10.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{17079027-EB8A-42C6-9BF8-825B78889F6A}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{EB418DDD-5365-4381-87F6-D8BBB21CC1CA}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapInstall (HKLM-x32\...\{D0A3275D-F67F-4C6B-AE4A-753170C2EAC8}) (Version: 3.13.2.0 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM-x32\...\{C4D26D60-7B43-4CE9-AE19-A380D9DF126B}) (Version: 6.15.7.0 - Garmin Ltd or its subsidiaries)
Garmin Training Center (HKLM-x32\...\{3D6878FF-FAF4-4C27-903C-0D07FBBB92F9}) (Version:  - )
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}) (Version: 2.5.5 - Garmin Ltd or its subsidiaries)
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Ginkgo_Game (HKLM\...\UDK-14ffedaf-b959-46de-b524-21e40dfe0f45) (Version:  - Epic Games, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Chrome (HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM-x32\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Jpg2Pdf version 1.2 (HKLM-x32\...\{533D415A-4151-4AC5-858E-4068524C8051}_is1) (Version: 1.2 - Office Necessities inc.)
KooBits 4.0 (HKLM-x32\...\koobits.koobits4.com) (Version: 4.0.1.9 - UNKNOWN)
KooBits 4.0 (x32 Version: 4.0.1 - UNKNOWN) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LockHunter version 1.0 beta 3, 64 bit edition (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich, Ltd)
Logitech SetPoint 6.65 (HKLM\...\SP6) (Version: 6.65.62 - Logitech)
Mage Faire Online (HKLM-x32\...\Mage Faire Online) (Version: 0.1.0.2 - Mage Faire Studios, LLC)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 en-US)) (Version: 31.5.0 - Mozilla)
Mp3tag v2.61a (HKLM-x32\...\Mp3tag) (Version: v2.61a - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nord (HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Nord) (Version:  - SLX Games)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Olympus Digital Wave Player (HKLM-x32\...\{FB91E774-867B-4567-ACE7-8144EF036068}) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 28.0.1750.48 (HKLM-x32\...\Opera 28.0.1750.48) (Version: 28.0.1750.48 - Opera Software ASA)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pictomio (HKLM-x32\...\Pictomio) (Version:  - Pictomio GmbH)
Puzzle Pirates (HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Puzzle Pirates) (Version:  - )
Python 2.4.1 (HKLM-x32\...\Python 2.4.1) (Version:  - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
SanDisk ® Media Manager (HKLM-x32\...\{8BAF591E-B0E0-4DF6-B73C-AD10826E0DB7}) (Version: 2.1.0.4 - SanDisk)
Secure Download Manager (HKLM-x32\...\{4AF9E60E-0C91-4E25-A264-6E47EB1CC25C}) (Version: 3.0.0 - e-academy Inc.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
SOE Web Installer (HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SOE Web Installer) (Version: 1.0.3.171 - Sony Online Entertainment)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.8.25 - Electronic Arts)
The Sims™ 3 Create a World Tool - Beta (HKLM-x32\...\{65761BAE-11E8-48FE-B30F-1F01011AB906}) (Version: 1.5.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.3.33 - Electronic Arts)
ThumbsPlus version 7.0 (HKLM-x32\...\ThumbsPlus7) (Version:  - )
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
UFRaw 0.18 (HKLM-x32\...\UFRaw_is1) (Version:  - Udi Fuchs)
Unity Web Player (HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unlocker 1.9.0 (HKLM-x32\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
VueMinder Pro (HKLM-x32\...\{2DCD765B-B6E5-4F71-97D5-2C03E7A80F87}) (Version: 9.1.3110 - VueSoft)
Weather Pulse 2.2.4.4 (HKLM-x32\...\Weather Pulse 2.2.4.4) (Version:  - Tropic Designs)
Win2PDF 7 (HKLM\...\Win2PDF_is1) (Version: 7.5.04 - Dane Prairie Systems, LLC.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices  (07/07/2009 1.12.2) (HKLM\...\24DA573F901348FFDFF7717497830D45BE0C362E) (Version: 07/07/2009 1.12.2 - Dynastream Innovations)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - OLYMPUS IMAGING CORP. (VNUSB) VNUSB  (09/29/2009 2.0.0.0) (HKLM\...\75BD84FDFF77342C2A347F729669CBD84CE11B04) (Version: 09/29/2009 2.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Wunderlist (HKLM-x32\...\{05005782-A2CD-4EF9-B838-C3B00FED2412}) (Version: 3.2.1.1 - 6 Wunderkinder GmbH)
Wunderlist (HKLM-x32\...\{1ca68332-4ba1-4943-9010-eaa1aa45b492}) (Version: 2.3.0.31 - 6 Wunderkinder GmbH)
Wunderlist (HKLM-x32\...\{3031A053-DC97-4D03-9179-BF6F98F63FA2}) (Version: 1.2.4 - None provided)
Wunderlist (x32 Version: 2.3.0.31 - 6 Wunderkinder GmbH) Hidden
ZoneAlarm Antivirus (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Internet Security Suite (HKLM-x32\...\ZoneAlarm Internet Security Suite) (Version: 13.1.211.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
01-02-2015 01:00:16 Scheduled Checkpoint
03-02-2015 23:45:11 Windows Update
07-02-2015 17:48:35 Windows Update
12-02-2015 10:34:30 Windows Update
13-02-2015 12:41:51 Windows Update
21-02-2015 01:00:10 Scheduled Checkpoint
22-02-2015 23:14:10 Windows Update
25-02-2015 16:23:58 Windows Update
04-03-2015 23:28:28 Windows Update
12-03-2015 00:00:12 Scheduled Checkpoint
13-03-2015 14:47:08 Windows Update
17-03-2015 09:55:39 Windows Update
21-03-2015 12:50:02 Windows Update
24-03-2015 08:20:43 Removed Adobe Acrobat 9 Pro Extended - English, Français, Deutsch.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2011-07-29 17:34 - 00000878 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {11272B70-23DF-48E6-A236-65D7F11820AB} - System32\Tasks\{2EA44214-FB0C-4B9A-BCF1-5AD81C32913B} => pcalua.exe -a "C:\Users\Akari\Desktop\Rar Saved\2_BeJeweled 2 Deluxe - FULL VERSION.exe" -d "C:\Users\Akari\Desktop\Rar Saved"
Task: {1C645B89-27D6-4820-8720-11C3438FFFF4} - System32\Tasks\{DBB92AC1-FEC7-462A-AE10-FBA8DE1FBCA1} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}\Setup.exe" -c  -runfromtemp -l0x0009 UNINSTALL Reg=AL-L -removeonly
Task: {28298B1F-788F-4D0C-B045-7467E1280D63} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {2C8CEDE9-390D-42BB-A1C3-79C52E48300E} - System32\Tasks\{D704A125-C179-4BFA-AAFD-3A5A2C34BD96} => pcalua.exe -a "G:\Programs\Electronic Arts\The Sims™ 3\2.The Sims™ 3 Patching Guides\3.Patches\Sims3_1.2.7.00002_from_1.0.631.00002.exe" -d "G:\Programs\Electronic Arts\The Sims™ 3\2.The Sims™ 3 Patching Guides\3.Patches"
Task: {315D1ADD-641C-4BEE-9DB3-EE299AE5EB28} - System32\Tasks\{2263A997-2890-45F3-8B12-1D306E016762} => pcalua.exe -a G:\Programs\Garmin\MapSource_6162.exe -d G:\Programs\Garmin
Task: {350EF1C1-8C1E-4283-A352-9CA18FFF33AC} - System32\Tasks\{B7794ED8-04EF-4B4A-8CF4-618AC0EEF4CC} => pcalua.exe -a "C:\Users\Akari\Desktop\Sims 3\FrameworkInstaller.exe" -d "C:\Users\Akari\Desktop\Sims 3"
Task: {354E9B8E-721A-4A79-94A1-52EAE225A96B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)
Task: {39E42041-A502-4B25-BDDC-73A8E253A4A3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {46D84D3A-EE68-4075-92DE-AFC8F0AB1BE9} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {4D5A80D1-9978-4480-B391-D6044CA0F581} - System32\Tasks\{CE966CD1-3DCD-49D0-83A6-123C5B0454E9} => pcalua.exe -a "D:\Program Files (x86)\Brother\Brinstck.exe" -d "D:\Program Files (x86)\Brother\" -c MFC-7420 USB
Task: {4FF4A7EB-C7AA-4484-9DEB-95B556442205} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {5219E4C5-2545-4A48-8C56-AC23ED40FAE1} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5F1027D5-1267-4340-A4F1-FF9F2B2A1DBF} - System32\Tasks\{FE25FE80-CFDF-497A-837B-8B356CD0CC0B} => C:\Program Files (x86)\Wunderlist\Wunderlist.exe
Task: {83EECFBD-7E44-425C-A991-1F1DB32EECD1} - System32\Tasks\{082EC28B-312D-456E-856F-C4A68E2440D6} => pcalua.exe -a "F:\Downloads\Garmin City Navigator N.A NT 2010.20 Full [GR420]\garmin_rmu_cnnant2010_20\Garmin Updates Latest Programs\MapSource_6157.exe" -d "F:\Downloads\Garmin City Navigator N.A NT 2010.20 Full [GR420]\garmin_rmu_cnnant2010_20\Garmin Updates Latest Programs"
Task: {8B1EEB34-E3FB-4F06-ADBF-A76DA1B5DF09} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {8EE0EEC6-71B9-4465-95C2-1841B9C4ED24} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {93EA834F-527B-461F-BED0-658A576D1322} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9446B09A-6C14-4843-83F7-AF52F6FCB541} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {9FC88B86-2CA7-4E70-A6F5-AADD4B0DD159} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3950476251-2103889579-436239947-1000UA => C:\Users\Akari\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {A0B6BD46-9769-4F30-B1E5-83C5ECD7CFB0} - System32\Tasks\Opera scheduled Autoupdate 1417372607 => C:\Program Files (x86)\Opera\launcher.exe [2015-03-16] (Opera Software)
Task: {A3809E8E-FA14-4F60-97D9-41CF2D1484D2} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {BAF517AE-B24C-4F79-83F8-22F77B39A576} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3950476251-2103889579-436239947-1000Core => C:\Users\Akari\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {C2734B47-B823-4B45-8AC4-E0F576114890} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)
Task: {C4908805-FC3B-4F98-9F16-E2F75059FA22} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {C52D9F7B-F89C-4056-9F86-D21DF75FDC3B} - System32\Tasks\{E6383831-AE45-4470-828B-6FCB80A847FF} => C:\Program Files (x86)\Wunderlist\Wunderlist.exe
Task: {E83B221D-8606-41EA-8966-8A5807D78D72} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F95C032E-4686-4CBB-B588-27471FBB1AF3} - System32\Tasks\{FF9E2197-BD8B-4F06-A89E-88CFDE46A781} => pcalua.exe -a C:\Users\Akari\Desktop\10007_QuickPwn.exe -d C:\Users\Akari\Desktop
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AWC Startup.job => C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950476251-2103889579-436239947-1000Core.job => C:\Users\Akari\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950476251-2103889579-436239947-1000UA.job => C:\Users\Akari\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-03-06 11:32 - 2015-03-13 09:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-09-18 22:56 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-01 13:39 - 2012-11-16 11:29 - 00075552 _____ () C:\Windows\System32\win2pdfm.dll
2015-03-23 22:36 - 2015-03-23 22:36 - 00098816 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\win32api.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00110080 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\pywintypes27.dll
2015-03-23 22:36 - 2015-03-23 22:36 - 00364544 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\pythoncom27.dll
2015-03-23 22:36 - 2015-03-23 22:36 - 00045568 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\_socket.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 01161216 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\_ssl.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00320512 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\win32com.shell.shell.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00713216 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\_hashlib.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 01175040 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\wx._core_.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00805888 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\wx._gdi_.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00811008 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\wx._windows_.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 01062400 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\wx._controls_.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00735232 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\wx._misc_.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00682496 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\pysqlite2._sqlite.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00128512 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\_elementtree.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00127488 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\pyexpat.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00087552 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\_ctypes.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00119808 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\win32file.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00108544 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\win32security.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00007168 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\hashobjs_ext.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00167936 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\win32gui.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00018432 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\win32event.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00038912 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\win32inet.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00011264 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\win32crypt.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00070656 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\wx._html2.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00027136 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\_multiprocessing.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00020480 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\_yappi.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00035840 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\win32process.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00686080 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\unicodedata.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00122368 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\wx._wizard.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00024064 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\win32pipe.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00010240 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\select.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00025600 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\win32pdh.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00525640 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\windows._lib_cacheinvalidation.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00017408 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\win32profile.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00022528 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\win32ts.pyd
2015-03-23 22:36 - 2015-03-23 22:36 - 00078336 _____ () C:\Users\Sephyr\AppData\Local\Temp\_MEI30562\wx._animate.pyd
2015-03-20 19:20 - 2015-03-14 03:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-20 19:20 - 2015-03-14 03:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-20 19:20 - 2015-03-14 03:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-01 16:05 - 2015-03-01 16:05 - 03348080 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-03-01 16:05 - 2015-03-01 16:05 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-03-01 16:05 - 2015-03-01 16:05 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-03-23 21:34 - 2012-11-21 07:26 - 00008704 _____ () C:\Users\Sephyr\AppData\Roaming\Thunderbird\Profiles\zchlg09y.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3950476251-2103889579-436239947-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Akari\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3950476251-2103889579-436239947-1010\Control Panel\Desktop\\Wallpaper -> C:\Users\Sephyr\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3950476251-2103889579-436239947-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Sephyr\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: googletalk => C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3950476251-2103889579-436239947-500 - Administrator - Disabled)
Guest (S-1-5-21-3950476251-2103889579-436239947-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3950476251-2103889579-436239947-1006 - Limited - Enabled)
Sephyr (S-1-5-21-3950476251-2103889579-436239947-1010 - Administrator - Enabled) => C:\Users\Sephyr
 
==================== Faulty Device Manager Devices =============
 
Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/24/2015 08:20:43 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3950476251-2103889579-436239947-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {0c892c30-eb69-424b-a4d8-ca8412951dbd}
 
Error: (03/24/2015 08:12:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tp9necnm.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: tp9necnm.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0xe78
Faulting application start time: 0xtp9necnm.exe0
Faulting application path: tp9necnm.exe1
Faulting module path: tp9necnm.exe2
Report Id: tp9necnm.exe3
 
Error: (03/24/2015 01:25:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/23/2015 10:46:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tp9necnm.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: tp9necnm.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0xfb8
Faulting application start time: 0xtp9necnm.exe0
Faulting application path: tp9necnm.exe1
Faulting module path: tp9necnm.exe2
Report Id: tp9necnm.exe3
 
Error: (03/23/2015 10:46:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tp9necnm.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: tp9necnm.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x34c
Faulting application start time: 0xtp9necnm.exe0
Faulting application path: tp9necnm.exe1
Faulting module path: tp9necnm.exe2
Report Id: tp9necnm.exe3
 
Error: (03/23/2015 10:46:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tp9necnm.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: tp9necnm.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x1658
Faulting application start time: 0xtp9necnm.exe0
Faulting application path: tp9necnm.exe1
Faulting module path: tp9necnm.exe2
Report Id: tp9necnm.exe3
 
Error: (03/23/2015 09:17:46 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: )
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (03/21/2015 00:50:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3950476251-2103889579-436239947-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {feef7885-30b9-49cb-bcd3-a7fd39978250}
 
Error: (03/18/2015 00:08:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/22D5D8DF8F0231D18DF79DB7CF8A2D64C93F6C3A.crt> with error: This operation returned because the timeout period expired.
.
 
Error: (03/17/2015 09:55:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3950476251-2103889579-436239947-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {d702ee11-413f-4bc0-9ad0-4863eba603e1}
 
 
System errors:
=============
Error: (03/24/2015 08:23:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/24/2015 08:23:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/23/2015 10:35:32 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (03/23/2015 10:34:32 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (03/23/2015 10:34:32 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (03/23/2015 10:33:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (03/23/2015 10:19:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/23/2015 10:19:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/23/2015 09:20:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (03/23/2015 09:20:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (03/24/2015 08:20:43 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-3950476251-2103889579-436239947-1000.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {0c892c30-eb69-424b-a4d8-ca8412951dbd}
 
Error: (03/24/2015 08:12:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: tp9necnm.exe2.1.19357.052e7ea83tp9necnm.exe2.1.19357.052e7ea83c0000005000011aae7801d06644de85763bC:\Users\Sephyr\Downloads\tp9necnm.exeC:\Users\Sephyr\Downloads\tp9necnm.exe218ab89d-d238-11e4-ac56-002215d0f0ae
 
Error: (03/24/2015 01:25:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe
 
Error: (03/23/2015 10:46:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: tp9necnm.exe2.1.19357.052e7ea83tp9necnm.exe2.1.19357.052e7ea83c0000005000011aafb801d065f5eca666d5C:\Users\Sephyr\Downloads\tp9necnm.exeC:\Users\Sephyr\Downloads\tp9necnm.exe2e5c0720-d1e9-11e4-ac56-002215d0f0ae
 
Error: (03/23/2015 10:46:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: tp9necnm.exe2.1.19357.052e7ea83tp9necnm.exe2.1.19357.052e7ea83c0000005000011aa34c01d065f5dd533c2cC:\Users\Sephyr\Downloads\tp9necnm.exeC:\Users\Sephyr\Downloads\tp9necnm.exe1f87538d-d1e9-11e4-ac56-002215d0f0ae
 
Error: (03/23/2015 10:46:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: tp9necnm.exe2.1.19357.052e7ea83tp9necnm.exe2.1.19357.052e7ea83c0000005000011aa165801d065f5b7297da3C:\Users\Sephyr\Downloads\tp9necnm.exeC:\Users\Sephyr\Downloads\tp9necnm.exe0efb012a-d1e9-11e4-ac56-002215d0f0ae
 
Error: (03/23/2015 09:17:46 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: )
Description: Access is denied.
 
Error: (03/21/2015 00:50:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-3950476251-2103889579-436239947-1000.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {feef7885-30b9-49cb-bcd3-a7fd39978250}
 
Error: (03/18/2015 00:08:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
 
Error: (03/17/2015 09:55:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-3950476251-2103889579-436239947-1000.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {d702ee11-413f-4bc0-9ad0-4863eba603e1}
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-06-12 23:19:20.893
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-12 23:19:20.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-12 23:19:20.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-12 23:19:16.166
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-12 23:19:16.135
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-12 23:19:16.120
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-23 12:37:19.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-23 12:37:19.885
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-23 12:37:19.883
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-23 12:37:19.880
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 920 Processor
Percentage of memory in use: 58%
Total physical RAM: 4095.11 MB
Available physical RAM: 1679.48 MB
Total Pagefile: 8188.41 MB
Available Pagefile: 5159.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (Kylana) (Fixed) (Total:698.54 GB) (Free:317.5 GB) NTFS
Drive d: (Cyll_boot) (Fixed) (Total:60 GB) (Free:38.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Cyll_Data) (Fixed) (Total:173.75 GB) (Free:38.82 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 80EB8ADD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233.8 GB) (Disk ID: 75017CFF)
Partition 1: (Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=173.7 GB) - (Type=OF Extended)
 
==================== End Of Log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:26 PM

Posted 25 March 2015 - 09:38 AM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Iconic_normal.png Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

The log is available throughout History ->Application logs. Please post it contents in your next reply.

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Edited by Machiavelli, 25 March 2015 - 09:39 AM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Akari Blue

Akari Blue
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:07:26 PM

Posted 25 March 2015 - 07:20 PM

Thank you for your help!
 
AdwCleaner log: 
# AdwCleaner v4.113 - Logfile created 25/03/2015 at 14:35:40
# Updated 22/03/2015 by Xplode
# Database : 2015-03-23.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Sephyr - DAYLIGHTIV
# Running from : C:\Users\Sephyr\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16633
 
 
-\\ Google Chrome v41.0.2272.101
 
 
*************************
 
AdwCleaner[R0].txt - [2337 bytes] - [23/03/2015 22:30:39]
AdwCleaner[R1].txt - [867 bytes] - [25/03/2015 14:27:52]
AdwCleaner[S0].txt - [2439 bytes] - [23/03/2015 22:32:56]
AdwCleaner[S1].txt - [795 bytes] - [25/03/2015 14:35:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [853  bytes] ##########
 
 
I ran Malewarebytes, but it was only able to finish the scan when I excluded the folder that it has continuously hung up on. The old profile that 
 
I had removed from my machine a while back. I can't delete the files, some say "permission denied", others say some process is locking them, and 
 
most say the file cannot be found. 
 
 
Malewarebytes log: 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/25/2015
Scan Time: 3:49:57 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.03.25.07
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sephyr
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 391638
Time Elapsed: 14 min, 47 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
The Junkware Removal Tool log: 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 7 Professional x64
Ran by Sephyr on Wed 03/25/2015 at 16:08:17.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\flexnet"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/25/2015 at 16:15:25.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
The FRST log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Sephyr (administrator) on DAYLIGHTIV on 25-03-2015 17:16:58
Running from C:\Users\Sephyr\Downloads
Loaded Profiles: Sephyr (Available profiles: Sephyr)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Sysinternals - www.sysinternals.com) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\procexp64.exe
(SanDisk Corporation) C:\Program Files (x86)\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Program Files (x86)\Google\Drive\nativeproxy.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\nacl64.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ISW] => C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe [933496 2014-03-27] (Check Point Software Technologies LTD)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-04-25] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3950476251-2103889579-436239947-1010\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3950476251-2103889579-436239947-1010\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3950476251-2103889579-436239947-1010\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-12] (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
ShortcutTarget: Device Detector 3.lnk -> C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\procexp64.exe (Sysinternals - www.sysinternals.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SanDisk Media Manager.lnk
ShortcutTarget: SanDisk Media Manager.lnk ->  (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-23] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-23] (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-01-05] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.91 -> C:\Program Files (x86)\NOS\bin\np_gp.dll [2010-09-01] (NOS Microsystems Ltd.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 -> C:\Program Files (x86)\Sony Online Entertainment\npsoe.dll [2012-03-19] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-03-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-23]
CHR Extension: (Google Docs) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-23]
CHR Extension: (Google Drive) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-23]
CHR Extension: (YouTube) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-23]
CHR Extension: (Google Search) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-23]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-03-23]
CHR Extension: (Google Sheets) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-24]
CHR Extension: (Google Wallet) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-23]
CHR Extension: (Gmail) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-23]
CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3950476251-2103889579-436239947-1010\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 IswSvc; C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe [1133176 2014-03-27] (Check Point Software Technologies LTD)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [66112 2010-09-01] (NOS Microsystems Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-04-25] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 icsak; C:\Program Files (x86)\CheckPoint\AKL\ak\icsak.sys [48512 2014-03-27] (Check Point Software Technologies LTD)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys [54144 2014-03-27] (Check Point Software Technologies LTD)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-03-19] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2010-10-14] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-03-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490592 2014-03-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-03-19] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2014-03-19] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177760 2014-03-19] (Kaspersky Lab ZAO)
R3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 VNUSB; C:\Windows\System32\Drivers\VNUSB.sys [22528 2009-09-29] (OLYMPUS IMAGING CORP.)
S3 VNUSB; C:\Windows\SysWOW64\Drivers\VNUSB.sys [38496 2006-04-07] (OLYMPUS IMAGING CORP.) [File not signed]
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450968 2014-04-24] (Check Point Software Technologies Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-25 17:16 - 2015-03-25 17:17 - 00019094 _____ () C:\Users\Sephyr\Downloads\FRST.txt
2015-03-25 16:15 - 2015-03-25 16:15 - 00000693 _____ () C:\Users\Sephyr\Desktop\JRT.txt
2015-03-25 14:49 - 2015-03-25 16:09 - 00002386 _____ () C:\Users\Sephyr\Desktop\bleeping computer reply.txt
2015-03-25 14:38 - 2015-03-25 14:39 - 00000168 _____ () C:\Windows\setupact.log
2015-03-25 14:38 - 2015-03-25 14:38 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-25 14:37 - 2015-03-25 14:37 - 00001890 _____ () C:\Windows\PFRO.log
2015-03-25 14:27 - 2015-03-25 14:27 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Sephyr\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-25 14:24 - 2015-03-25 14:24 - 01388782 _____ (Thisisu) C:\Users\Sephyr\Downloads\JRT (1).exe
2015-03-25 14:23 - 2015-03-25 14:23 - 02168320 _____ () C:\Users\Sephyr\Downloads\AdwCleaner.exe
2015-03-24 10:12 - 2015-03-24 10:12 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\LockHunter
2015-03-24 08:54 - 2015-03-25 17:17 - 00000000 ____D () C:\FRST
2015-03-24 08:39 - 2015-03-24 08:39 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-24 08:23 - 2015-03-24 08:23 - 02001540 _____ () C:\Users\Sephyr\Downloads\pc-decrapifier-3.0.0.exe
2015-03-24 08:22 - 2015-03-24 08:23 - 05325696 _____ (Piriform Ltd) C:\Users\Sephyr\Downloads\ccsetup503.exe
2015-03-23 22:51 - 2015-03-23 22:51 - 02095616 _____ (Farbar) C:\Users\Sephyr\Downloads\FRST64.exe
2015-03-23 22:30 - 2015-03-25 14:35 - 00000000 ____D () C:\AdwCleaner
2015-03-23 22:25 - 2015-03-23 22:26 - 02168320 _____ () C:\Users\Sephyr\Downloads\adwcleaner_4.113.exe
2015-03-23 22:09 - 2015-03-23 22:09 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\Logishrd
2015-03-23 22:04 - 2015-03-23 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-03-23 22:04 - 2015-03-23 22:04 - 00000000 ____D () C:\Program Files\Logitech
2015-03-23 21:53 - 2015-03-23 21:53 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Logishrd
2015-03-23 21:34 - 2015-03-25 14:48 - 00097000 _____ () C:\Users\Sephyr\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-23 21:33 - 2013-07-29 09:56 - 00000588 _____ () C:\Users\Sephyr\Documents\indexfile.txt
2015-03-23 21:24 - 2015-03-24 08:23 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\Adobe
2015-03-23 21:24 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Thunderbird
2015-03-23 21:24 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Mozilla
2015-03-23 21:24 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Apple Computer
2015-03-23 21:24 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Adobe
2015-03-23 21:24 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\Thunderbird
2015-03-23 21:23 - 2015-03-23 21:53 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Logitech
2015-03-23 21:23 - 2015-03-23 21:23 - 00001449 _____ () C:\Users\Sephyr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-23 21:23 - 2015-03-23 21:23 - 00001415 _____ () C:\Users\Sephyr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-03-23 21:21 - 2015-03-23 21:21 - 00000020 ___SH () C:\Users\Sephyr\ntuser.ini
2015-03-23 21:21 - 2015-03-23 21:21 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\CheckPoint
2015-03-23 21:20 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\Google
2015-03-23 21:20 - 2015-03-23 21:22 - 00000000 ____D () C:\Users\Sephyr
2015-03-23 21:20 - 2015-01-11 21:24 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\NVIDIA Corporation
2015-03-23 21:20 - 2015-01-11 16:02 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\NVIDIA
2015-03-23 21:20 - 2014-12-03 08:54 - 00000000 _____ () C:\Users\Sephyr\Sti_Trace.log
2015-03-23 21:20 - 2014-12-02 10:11 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\Apple
2015-03-23 21:20 - 2014-06-12 02:55 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Garmin
2015-03-23 21:20 - 2012-09-18 11:41 - 00000000 ____D () C:\Users\Sephyr\AppData\LocalGoogle
2015-03-23 21:20 - 2011-05-20 19:47 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Macromedia
2015-03-23 21:20 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Sephyr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-23 21:20 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Sephyr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-18 00:40 - 2015-03-13 08:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-18 00:34 - 2015-03-13 12:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-18 00:34 - 2015-03-13 12:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-16 16:21 - 2014-11-22 03:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-03-16 16:21 - 2014-11-22 03:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-03-13 14:46 - 2015-02-21 12:17 - 17882624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-13 14:46 - 2015-02-21 12:07 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-13 14:46 - 2015-02-21 12:02 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-13 14:46 - 2015-02-21 12:00 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-13 14:46 - 2015-02-21 11:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-13 14:46 - 2015-02-21 11:54 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-13 14:46 - 2015-02-21 11:53 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-13 14:46 - 2015-02-21 11:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-13 14:46 - 2015-02-21 11:52 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-13 14:46 - 2015-02-21 11:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-13 14:46 - 2015-02-21 11:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-13 14:46 - 2015-02-21 11:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-13 14:46 - 2015-02-21 11:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-13 14:46 - 2015-02-21 11:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-13 14:46 - 2015-02-21 10:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-13 14:46 - 2015-02-21 10:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-13 14:46 - 2015-02-21 10:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-13 14:46 - 2015-02-21 10:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-13 14:46 - 2015-02-21 10:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-13 14:46 - 2015-02-21 10:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-13 14:46 - 2015-02-21 10:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-13 14:46 - 2015-02-21 10:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-03-13 14:46 - 2015-02-21 10:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-13 14:46 - 2015-02-21 10:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-13 14:46 - 2015-02-21 10:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-13 14:46 - 2015-02-21 10:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-13 14:46 - 2015-02-21 10:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-13 14:46 - 2015-02-21 10:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-13 14:46 - 2015-02-21 10:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-13 14:46 - 2015-02-21 10:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-13 14:46 - 2015-02-21 10:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-13 14:46 - 2015-02-21 10:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-13 14:46 - 2015-02-21 10:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-03-13 14:46 - 2015-02-21 10:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-03-13 14:46 - 2015-02-21 10:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-03-13 14:46 - 2015-02-21 10:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-13 14:45 - 2015-02-02 20:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 14:45 - 2015-02-02 20:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-13 14:45 - 2015-02-02 20:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-13 14:45 - 2015-02-02 20:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-13 14:45 - 2015-02-02 20:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-13 14:45 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-13 14:45 - 2015-02-02 20:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-13 14:45 - 2015-02-02 20:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-13 14:45 - 2015-02-02 20:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-13 14:45 - 2015-02-02 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-13 14:45 - 2015-02-02 20:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-13 14:45 - 2015-02-02 20:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-13 14:45 - 2015-02-02 20:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-13 14:45 - 2015-02-02 20:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-13 14:45 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-13 14:45 - 2015-02-02 20:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-13 14:45 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-13 14:45 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-13 14:45 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-13 14:45 - 2015-02-02 20:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-13 14:45 - 2015-02-02 19:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-13 14:45 - 2014-10-31 15:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-13 14:45 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-13 14:45 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-13 14:43 - 2015-03-05 22:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-13 14:43 - 2015-03-05 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-13 14:43 - 2015-03-05 22:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-13 14:43 - 2015-03-05 22:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-13 14:43 - 2015-03-05 22:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-13 14:43 - 2015-03-05 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-13 14:43 - 2015-03-05 22:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-13 14:43 - 2015-03-05 22:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-13 14:43 - 2015-03-05 22:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-13 14:43 - 2015-03-05 22:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-13 14:43 - 2015-03-05 22:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-13 14:43 - 2015-03-05 22:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-13 14:43 - 2015-03-05 22:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-13 14:43 - 2015-02-25 20:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 14:43 - 2015-02-19 21:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-13 14:43 - 2015-02-19 21:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-13 14:43 - 2015-02-19 21:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 14:43 - 2015-02-19 21:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-13 14:43 - 2015-02-19 21:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-13 14:43 - 2015-02-19 21:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-13 14:43 - 2015-02-19 21:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-13 14:43 - 2015-02-19 21:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-13 14:43 - 2015-02-19 20:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 14:43 - 2015-02-19 20:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-13 14:43 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-13 14:43 - 2015-02-12 22:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-13 14:43 - 2015-02-03 20:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 14:43 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-13 14:43 - 2015-02-02 20:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 14:43 - 2015-02-02 20:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-13 14:43 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-13 14:43 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-13 14:43 - 2015-01-30 16:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-13 14:43 - 2015-01-16 19:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 14:43 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-13 14:22 - 2015-03-25 15:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-13 14:19 - 2015-03-13 14:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-13 14:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-13 14:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-13 14:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-01 16:05 - 2015-03-01 16:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-25 16:34 - 2015-01-08 16:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 16:34 - 2015-01-08 16:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 16:13 - 2015-02-25 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-25 16:11 - 2015-02-25 16:13 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-25 16:11 - 2015-02-25 16:13 - 00000000 ____D () C:\Program Files\iTunes
2015-02-25 16:11 - 2015-02-25 16:11 - 00000000 ____D () C:\Program Files\iPod
2015-02-25 16:11 - 2015-02-25 16:11 - 00000000 ____D () C:\Program Files (x86)\iTunes
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-25 17:17 - 2011-07-16 18:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-25 17:14 - 2010-09-18 19:47 - 01416149 _____ () C:\Windows\WindowsUpdate.log
2015-03-25 17:06 - 2012-02-05 10:05 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950476251-2103889579-436239947-1000UA.job
2015-03-25 16:38 - 2012-10-19 17:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-25 14:47 - 2009-07-13 21:45 - 00013472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-25 14:47 - 2009-07-13 21:45 - 00013472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-25 14:39 - 2015-01-07 21:32 - 00000000 ___RD () C:\Data
2015-03-25 14:39 - 2011-07-16 18:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-25 14:38 - 2012-06-28 15:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-25 14:38 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-25 14:38 - 2009-07-13 21:45 - 00365408 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-25 11:05 - 2012-02-05 10:05 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950476251-2103889579-436239947-1000Core.job
2015-03-24 10:46 - 2014-11-30 20:59 - 00000000 ____D () C:\Users\Akari\Desktop\Google Drive
2015-03-24 10:46 - 2010-09-18 19:58 - 00000000 ____D () C:\Users\Akari
2015-03-24 08:49 - 2015-01-04 13:49 - 00003888 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-03-24 08:45 - 2010-09-18 20:43 - 00000000 ____D () C:\Windows\Panther
2015-03-24 08:36 - 2010-09-18 20:53 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-23 22:09 - 2010-09-18 20:21 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2015-03-23 22:07 - 2010-09-18 20:23 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-03-23 22:04 - 2010-09-18 20:22 - 00000000 ____D () C:\ProgramData\Logishrd
2015-03-23 21:45 - 2013-10-20 14:09 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-23 21:42 - 2014-10-14 21:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-23 21:42 - 2010-09-18 20:29 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-23 21:38 - 2010-09-19 08:47 - 00000426 _____ () C:\Windows\BRWMARK.INI
2015-03-23 21:38 - 2010-09-19 08:47 - 00000034 _____ () C:\Windows\SysWOW64\BD7420.DAT
2015-03-23 21:23 - 2014-11-30 10:55 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-20 19:21 - 2014-11-30 12:13 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-18 22:40 - 2014-11-30 11:36 - 00003834 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1417372607
2015-03-18 22:40 - 2011-03-31 08:33 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-18 00:41 - 2014-11-30 12:04 - 00000000 ____D () C:\temp
2015-03-18 00:41 - 2014-03-28 09:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-18 00:41 - 2009-07-13 22:13 - 00795858 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-18 00:37 - 2012-06-28 15:05 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-15 14:41 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-03-15 13:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-15 13:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-13 15:12 - 2013-07-12 22:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-13 14:50 - 2010-09-18 20:42 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-13 14:19 - 2010-09-29 14:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-13 14:19 - 2010-09-19 08:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System
2015-03-13 14:06 - 2012-10-19 17:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-13 12:41 - 2015-02-20 02:18 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-13 12:41 - 2014-11-30 11:59 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-13 12:41 - 2014-11-30 11:59 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 12:41 - 2014-03-20 23:03 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 12:41 - 2013-09-17 22:22 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 12:41 - 2012-06-28 15:07 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-13 12:41 - 2012-06-28 15:07 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 09:16 - 2011-01-16 17:13 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 09:16 - 2011-01-16 17:13 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 09:16 - 2011-01-16 17:13 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 09:16 - 2011-01-16 17:13 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 09:16 - 2011-01-16 17:13 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 09:16 - 2011-01-16 17:13 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-11 06:10 - 2013-03-06 11:32 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-09 22:23 - 2015-01-07 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-04 23:30 - 2013-08-14 00:04 - 00101369 ____H () C:\Windows\SysWOW64\BTImages.dat
2015-02-25 16:33 - 2012-06-28 15:17 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-25 16:11 - 2011-06-03 21:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-24 04:17 - 2010-09-18 20:22 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2011-07-03 19:41 - 2011-05-04 19:41 - 0000032 ____R () C:\ProgramData\hash.dat
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some content of TEMP:
====================
C:\Users\Sephyr\AppData\Local\Temp\Quarantine.exe
C:\Users\Sephyr\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-25 00:01
 
==================== End Of Log ============================


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:26 PM

Posted 26 March 2015 - 12:44 PM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    ShortcutTarget: SanDisk Media Manager.lnk ->  (No File)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    C:\ProgramData\hash.dat
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Akari Blue

Akari Blue
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:07:26 PM

Posted 27 March 2015 - 03:17 PM

FixLog:
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 
 
11-03-2015
Ran by Sephyr at 2015-03-26 18:56:38 Run:1
Running from C:\Users\Sephyr\Desktop
Loaded Profiles: Sephyr (Available profiles: Sephyr)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
ShortcutTarget: SanDisk Media Manager.lnk ->  (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-
 
CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-
 
CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-
 
CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-
 
CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-
 
CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-
 
CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-
 
CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-
 
CDD82E34AF8B} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-
 
E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-
 
E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-
 
E1416B8B2E3A} URL = 
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
C:\ProgramData\hash.dat
EmptyTemp:
*****************
 
ShortcutTarget: SanDisk Media Manager.lnk ->  (No File) not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer
 
\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer
 
\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer
 
\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer
 
\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer
 
\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not 
 
found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer
 
\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not 
 
found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer
 
\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not 
 
found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer
 
\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not 
 
found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope 
 
=> value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope 
 
=> value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope 
 
=> value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted 
 
successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key 
 
deleted successfully.
C:\ProgramData\hash.dat => Moved successfully.
EmptyTemp: => Removed 736.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 18:57:12 ====
 
Computer was rebooted as frst program asked.
 
FRST log: 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-
 
2015
Ran by Sephyr (administrator) on DAYLIGHTIV on 26-03-2015 19:07:01
Running from C:\Users\Sephyr\Desktop
Loaded Profiles: Sephyr (Available profiles: Sephyr)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English 
 
(United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: 
 
 
farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The 
 
file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision
 
\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint
 
\ZoneAlarm\vsmon.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display
 
\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint
 
\AKL\AkSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support
 
\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update 
 
Service\Garmin.Cartography.MapUpdate.CoreService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience 
 
Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware
 
\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware
 
\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService
 
\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv
 
\nvstreamsvc.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint
 
\ZoneAlarm\ZAPrivacyService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv
 
\nvstreamsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint
 
\AKL\AkSA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware
 
\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core
 
\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv
 
\nvstreamsvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard 
 
Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard 
 
Center\ipoint.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\Olympus\DeviceDetector
 
\DevDtct2.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes
 
\VirtualCloneDrive\VCDDaemon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint
 
\ZoneAlarm\zatray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird
 
\thunderbird.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Sysinternals - www.sysinternals.com) C:\ProgramData\Microsoft\Windows\Start 
 
Menu\Programs\Startup\procexp64.exe
(SanDisk Corporation) C:\Program Files (x86)\SanDisk\SanDisk Media Manager
 
\SanDiskMediaManager-Launcher.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update
 
\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update
 
\1.3.26.9\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink
 
\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored 
 
to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows
 
\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation
 
\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ISW] => C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe 
 
[933496 2014-03-27] (Check Point Software Technologies LTD)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe 
 
[169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe 
 
[3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate 
 
Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes 
 
AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple
 
\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime
 
\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint
 
\ZoneAlarm\zatray.exe [137352 2014-04-25] (Check Point Software Technologies 
 
Ltd.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe 
 
[74752 2011-12-09] (Nullsoft, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth
 
\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3950476251-2103889579-436239947-1010\...\Run: [GoogleDriveSync] 
 
=> C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-
 
02-19] (Google)
HKU\S-1-5-21-3950476251-2103889579-436239947-1010\...\Run: [CCleaner 
 
Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] 
 
(Piriform Ltd)
HKU\S-1-5-21-3950476251-2103889579-436239947-1010\Control Panel\Desktop\
 
\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] 
 
(Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files 
 
(x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or 
 
its subsidiaries)
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 
 
2008-06-12] (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device 
 
Detector 3.lnk
ShortcutTarget: Device Detector 3.lnk -> C:\Program Files (x86)\Olympus
 
\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
 
\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla 
 
Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
 
\procexp64.exe (Sysinternals - www.sysinternals.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
 
\SanDisk Media Manager.lnk
ShortcutTarget: SanDisk Media Manager.lnk ->  (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be 
 
removed or restored to default.)
 
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:
 
\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, 
 
Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-
 
D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-
 
03-23] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:
 
\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] 
 
(Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-
 
9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll 
 
[2015-03-23] (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} 
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash
 
\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash
 
\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files 
 
(x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS 
 
Plugin\npGarmin.dll [2012-01-05] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files 
 
(x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files 
 
(x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files 
 
(x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-23] (Oracle 
 
Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files 
 
(x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-23] (Oracle 
 
Corporation)
FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.91 -> C:\Program Files 
 
(x86)\NOS\bin\np_gp.dll [2010-09-01] (NOS Microsystems Ltd.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA 
 
Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files 
 
(x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA 
 
Corporation)
FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 -> C:\Program Files 
 
(x86)\Sony Online Entertainment\npsoe.dll [2012-03-19] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files 
 
(x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files 
 
(x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 
 
11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] 
 
- C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] 
 
- C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP
 
\LogiSmoothFirefoxExt [2015-03-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sephyr\AppData\Local\Google
 
\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015
 
-03-23]
CHR Extension: (Google Docs) - C:\Users\Sephyr\AppData\Local\Google\Chrome
 
\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-23]
CHR Extension: (Google Drive) - C:\Users\Sephyr\AppData\Local\Google\Chrome
 
\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-23]
CHR Extension: (YouTube) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User 
 
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-23]
CHR Extension: (Google Search) - C:\Users\Sephyr\AppData\Local\Google
 
\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015
 
-03-23]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Sephyr\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk 
 
[2015-03-23]
CHR Extension: (Google Sheets) - C:\Users\Sephyr\AppData\Local\Google
 
\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015
 
-03-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sephyr\AppData
 
\Local\Google\Chrome\User Data\Default\Extensions
 
\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users
 
\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-24]
CHR Extension: (Google Wallet) - C:\Users\Sephyr\AppData\Local\Google
 
\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015
 
-03-23]
CHR Extension: (Gmail) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User 
 
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-23]
CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: 
 
[lmjegmlicamnimmfhcmpkclmigmmcbeh] - 
 
CHR HKU\S-1-5-21-3950476251-2103889579-436239947-1010\SOFTWARE\Google
 
\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] 
 
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from 
 
the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile 
 
Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update 
 
Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] 
 
(Garmin Ltd or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce 
 
Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA 
 
Corporation)
R2 IswSvc; C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe [1133176 2014-03
 
-27] (Check Point Software Technologies LTD)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware
 
\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware
 
\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll 
 
[66112 2010-09-01] (NOS Microsystems Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService
 
\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv
 
\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 
 
2014-04-25] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-
 
26] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm
 
\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, 
 
Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from 
 
the registry. The file will not be moved unless listed separately.)
 
R3 icsak; C:\Program Files (x86)\CheckPoint\AKL\ak\icsak.sys [48512 2014-03
 
-27] (Check Point Software Technologies LTD)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys [54144 2014-03-27] 
 
(Check Point Software Technologies LTD)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-03-19] (Kaspersky 
 
Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2010-10-14] (Kaspersky 
 
Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-03-19] 
 
(Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490592 2014-03-19] (Kaspersky 
 
Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-03-19] 
 
(Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2014-03-19] 
 
(Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177760 2014-03-19] 
 
(Kaspersky Lab ZAO)
R3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] 
 
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014
 
-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] 
 
(Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 
 
2015-03-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-
 
11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv
 
\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 
 
2014-11-22] (NVIDIA Corporation)
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys 
 
[4096 2010-07-04] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] 
 
(Apple, Inc.) [File not signed]
S3 VNUSB; C:\Windows\System32\Drivers\VNUSB.sys [22528 2009-09-29] (OLYMPUS 
 
IMAGING CORP.)
S3 VNUSB; C:\Windows\SysWOW64\Drivers\VNUSB.sys [38496 2006-04-07] (OLYMPUS 
 
IMAGING CORP.) [File not signed]
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450968 2014-04-24] 
 
(Check Point Software Technologies Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the 
 
registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-26 19:07 - 2015-03-26 19:12 - 00017942 _____ () C:\Users\Sephyr
 
\Desktop\FRST.txt
2015-03-25 16:15 - 2015-03-25 16:15 - 00000693 _____ () C:\Users\Sephyr
 
\Desktop\JRT.txt
2015-03-25 14:49 - 2015-03-26 19:08 - 00004125 _____ () C:\Users\Sephyr
 
\Desktop\bleeping computer reply.txt
2015-03-25 14:38 - 2015-03-26 19:00 - 00000336 _____ () C:\Windows
 
\setupact.log
2015-03-25 14:38 - 2015-03-25 14:38 - 00000000 _____ () C:\Windows
 
\setuperr.log
2015-03-25 14:37 - 2015-03-26 18:59 - 00002194 _____ () C:\Windows\PFRO.log
2015-03-25 14:27 - 2015-03-25 14:27 - 21540440 _____ (Malwarebytes 
 
Corporation ) C:\Users\Sephyr\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-25 14:24 - 2015-03-25 14:24 - 01388782 _____ (Thisisu) C:\Users
 
\Sephyr\Desktop\JRT.exe
2015-03-25 14:23 - 2015-03-25 14:23 - 02168320 _____ () C:\Users\Sephyr
 
\Desktop\AdwCleaner.exe
2015-03-24 10:12 - 2015-03-24 10:12 - 00000000 ____D () C:\Users\Sephyr
 
\AppData\Roaming\LockHunter
2015-03-24 08:54 - 2015-03-26 19:07 - 00000000 ____D () C:\FRST
2015-03-24 08:39 - 2015-03-24 08:39 - 00002774 _____ () C:\Windows
 
\System32\Tasks\CCleanerSkipUAC
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Program Files
 
\CCleaner
2015-03-24 08:23 - 2015-03-24 08:23 - 02001540 _____ () C:\Users\Sephyr
 
\Desktop\pc-decrapifier-3.0.0.exe
2015-03-24 08:22 - 2015-03-24 08:23 - 05325696 _____ (Piriform Ltd) C:
 
\Users\Sephyr\Desktop\ccsetup503.exe
2015-03-23 22:51 - 2015-03-23 22:51 - 02095616 _____ (Farbar) C:\Users
 
\Sephyr\Desktop\FRST64.exe
2015-03-23 22:30 - 2015-03-25 14:35 - 00000000 ____D () C:\AdwCleaner
2015-03-23 22:25 - 2015-03-23 22:26 - 02168320 _____ () C:\Users\Sephyr
 
\Desktop\adwcleaner_4.113.exe
2015-03-23 22:09 - 2015-03-23 22:09 - 00000000 ____D () C:\Users\Sephyr
 
\AppData\Local\Logishrd
2015-03-23 22:04 - 2015-03-23 22:09 - 00000000 ____D () C:\ProgramData
 
\Microsoft\Windows\Start Menu\Programs\Logitech
2015-03-23 22:04 - 2015-03-23 22:04 - 00000000 ____D () C:\Program Files
 
\Logitech
2015-03-23 21:53 - 2015-03-23 21:53 - 00000000 ____D () C:\Users\Sephyr
 
\AppData\Roaming\Logishrd
2015-03-23 21:34 - 2015-03-25 14:48 - 00097000 _____ () C:\Users\Sephyr
 
\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-23 21:33 - 2013-07-29 09:56 - 00000588 _____ () C:\Users\Sephyr
 
\Documents\indexfile.txt
2015-03-23 21:24 - 2015-03-26 10:10 - 00000000 ____D () C:\Users\Sephyr
 
\AppData\Roaming\Adobe
2015-03-23 21:24 - 2015-03-24 08:23 - 00000000 ____D () C:\Users\Sephyr
 
\AppData\Local\Adobe
2015-03-23 21:24 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr
 
\AppData\Roaming\Thunderbird
2015-03-23 21:24 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr
 
\AppData\Roaming\Mozilla
2015-03-23 21:24 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr
 
\AppData\Roaming\Apple Computer
2015-03-23 21:24 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr
 
\AppData\Local\Thunderbird
2015-03-23 21:23 - 2015-03-23 21:53 - 00000000 ____D () C:\Users\Sephyr
 
\AppData\Roaming\Logitech
2015-03-23 21:23 - 2015-03-23 21:23 - 00001449 _____ () C:\Users\Sephyr
 
\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-23 21:23 - 2015-03-23 21:23 - 00001415 _____ () C:\Users\Sephyr
 
\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer 
 
(64-bit).lnk
2015-03-23 21:21 - 2015-03-23 21:21 - 00000020 ___SH () C:\Users\Sephyr
 
\ntuser.ini
2015-03-23 21:21 - 2015-03-23 21:21 - 00000000 ____D () C:\Users\Sephyr
 
\AppData\Roaming\CheckPoint
2015-03-23 21:20 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr
 
\AppData\Local\Google
2015-03-23 21:20 - 2015-03-23 21:22 - 00000000 ____D () C:\Users\Sephyr
2015-03-23 21:20 - 2015-01-11 21:24 - 00000000 ____D () C:\Users\Sephyr
 
\AppData\Local\NVIDIA Corporation
2015-03-23 21:20 - 2015-01-11 16:02 - 00000000 ____D () C:\Users\Sephyr
 
\AppData\Local\NVIDIA
2015-03-23 21:20 - 2014-12-03 08:54 - 00000000 _____ () C:\Users\Sephyr
 
\Sti_Trace.log
2015-03-23 21:20 - 2014-12-02 10:11 - 00000000 ____D () C:\Users\Sephyr
 
\AppData\Local\Apple
2015-03-23 21:20 - 2014-06-12 02:55 - 00000000 ____D () C:\Users\Sephyr
 
\AppData\Roaming\Garmin
2015-03-23 21:20 - 2012-09-18 11:41 - 00000000 ____D () C:\Users\Sephyr
 
\AppData\LocalGoogle
2015-03-23 21:20 - 2011-05-20 19:47 - 00000000 ____D () C:\Users\Sephyr
 
\AppData\Roaming\Macromedia
2015-03-23 21:20 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Sephyr
 
\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-23 21:20 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Sephyr
 
\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-18 00:40 - 2015-03-13 08:38 - 00622224 _____ (NVIDIA Corporation) 
 
C:\Windows\SysWOW64\nvStreaming.exe
2015-03-18 00:34 - 2015-03-13 12:41 - 32114888 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\nvoglv64.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 25460880 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\nvcompiler.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 24775368 _____ (NVIDIA Corporation) 
 
C:\Windows\SysWOW64\nvoglv32.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 20466376 _____ (NVIDIA Corporation) 
 
C:\Windows\SysWOW64\nvcompiler.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 13297144 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\nvopencl.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 13210080 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\nvcuda.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 10775080 _____ (NVIDIA Corporation) 
 
C:\Windows\SysWOW64\nvopencl.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 10715864 _____ (NVIDIA Corporation) 
 
C:\Windows\SysWOW64\nvcuda.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 10262160 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-18 00:34 - 2015-03-13 12:41 - 03611792 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\nvcuvid.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 03249352 _____ (NVIDIA Corporation) 
 
C:\Windows\SysWOW64\nvcuvid.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 01896136 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\nvdispco6434788.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 01557648 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\nvdispgenco6434788.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00997856 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\nvumdshimx.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00970384 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\NvIFR64.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00944784 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\NvFBC64.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00930448 _____ (NVIDIA Corporation) 
 
C:\Windows\SysWOW64\NvIFR.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00909512 _____ (NVIDIA Corporation) 
 
C:\Windows\SysWOW64\NvFBC.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00878328 _____ (NVIDIA Corporation) 
 
C:\Windows\SysWOW64\nvumdshim.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00354112 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\nvoglshim64.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00306208 _____ (NVIDIA Corporation) 
 
C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00178512 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\nvinitx.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00164568 _____ (NVIDIA Corporation) 
 
C:\Windows\SysWOW64\nvinit.dll
2015-03-16 16:21 - 2014-11-22 03:46 - 00038032 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\Drivers\nvvad64v.sys
2015-03-16 16:21 - 2014-11-22 03:46 - 00032400 _____ (NVIDIA Corporation) 
 
C:\Windows\SysWOW64\nvaudcap32v.dll
2015-03-13 14:46 - 2015-02-21 12:17 - 17882624 _____ (Microsoft Corporation) 
 
C:\Windows\system32\mshtml.dll
2015-03-13 14:46 - 2015-02-21 12:07 - 00448512 _____ (Microsoft Corporation) 
 
C:\Windows\system32\html.iec
2015-03-13 14:46 - 2015-02-21 12:02 - 10931200 _____ (Microsoft Corporation) 
 
C:\Windows\system32\ieframe.dll
2015-03-13 14:46 - 2015-02-21 12:00 - 02339840 _____ (Microsoft Corporation) 
 
C:\Windows\system32\jscript9.dll
2015-03-13 14:46 - 2015-02-21 11:54 - 01392128 _____ (Microsoft Corporation) 
 
C:\Windows\system32\wininet.dll
2015-03-13 14:46 - 2015-02-21 11:54 - 01388032 _____ (Microsoft Corporation) 
 
C:\Windows\system32\urlmon.dll
2015-03-13 14:46 - 2015-02-21 11:53 - 01494016 _____ (Microsoft Corporation) 
 
C:\Windows\system32\inetcpl.cpl
2015-03-13 14:46 - 2015-02-21 11:52 - 00237056 _____ (Microsoft Corporation) 
 
C:\Windows\system32\url.dll
2015-03-13 14:46 - 2015-02-21 11:52 - 00173056 _____ (Microsoft Corporation) 
 
C:\Windows\system32\ieUnatt.exe
2015-03-13 14:46 - 2015-02-21 11:52 - 00086016 _____ (Microsoft Corporation) 
 
C:\Windows\system32\jsproxy.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 02157568 _____ (Microsoft Corporation) 
 
C:\Windows\system32\iertutil.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00816640 _____ (Microsoft Corporation) 
 
C:\Windows\system32\jscript.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00729088 _____ (Microsoft Corporation) 
 
C:\Windows\system32\msfeeds.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00598528 _____ (Microsoft Corporation) 
 
C:\Windows\system32\vbscript.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00453120 _____ (Microsoft Corporation) 
 
C:\Windows\system32\dxtmsft.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00282112 _____ (Microsoft Corporation) 
 
C:\Windows\system32\dxtrans.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00055296 _____ (Microsoft Corporation) 
 
C:\Windows\system32\msfeedsbs.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00011264 _____ (Microsoft Corporation) 
 
C:\Windows\system32\msfeedssync.exe
2015-03-13 14:46 - 2015-02-21 11:50 - 02382848 _____ (Microsoft Corporation) 
 
C:\Windows\system32\mshtml.tlb
2015-03-13 14:46 - 2015-02-21 11:50 - 00248320 _____ (Microsoft Corporation) 
 
C:\Windows\system32\ieui.dll
2015-03-13 14:46 - 2015-02-21 11:50 - 00096768 _____ (Microsoft Corporation) 
 
C:\Windows\system32\mshtmled.dll
2015-03-13 14:46 - 2015-02-21 11:50 - 00012800 _____ (Microsoft Corporation) 
 
C:\Windows\system32\mshta.exe
2015-03-13 14:46 - 2015-02-21 10:37 - 12375040 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\mshtml.dll
2015-03-13 14:46 - 2015-02-21 10:34 - 00367104 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\html.iec
2015-03-13 14:46 - 2015-02-21 10:29 - 09747968 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\ieframe.dll
2015-03-13 14:46 - 2015-02-21 10:28 - 01810944 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\jscript9.dll
2015-03-13 14:46 - 2015-02-21 10:22 - 01139200 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\urlmon.dll
2015-03-13 14:46 - 2015-02-21 10:21 - 01427968 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\inetcpl.cpl
2015-03-13 14:46 - 2015-02-21 10:21 - 01129472 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\wininet.dll
2015-03-13 14:46 - 2015-02-21 10:20 - 00231936 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\url.dll
2015-03-13 14:46 - 2015-02-21 10:20 - 00065536 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\jsproxy.dll
2015-03-13 14:46 - 2015-02-21 10:19 - 01803264 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\iertutil.dll
2015-03-13 14:46 - 2015-02-21 10:19 - 00717824 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\jscript.dll
2015-03-13 14:46 - 2015-02-21 10:19 - 00607744 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\msfeeds.dll
2015-03-13 14:46 - 2015-02-21 10:19 - 00421376 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\vbscript.dll
2015-03-13 14:46 - 2015-02-21 10:19 - 00142848 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\ieUnatt.exe
2015-03-13 14:46 - 2015-02-21 10:18 - 02382848 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\mshtml.tlb
2015-03-13 14:46 - 2015-02-21 10:18 - 00353792 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\dxtmsft.dll
2015-03-13 14:46 - 2015-02-21 10:18 - 00223232 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\dxtrans.dll
2015-03-13 14:46 - 2015-02-21 10:18 - 00073216 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\mshtmled.dll
2015-03-13 14:46 - 2015-02-21 10:18 - 00041472 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\msfeedsbs.dll
2015-03-13 14:46 - 2015-02-21 10:18 - 00011776 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\mshta.exe
2015-03-13 14:46 - 2015-02-21 10:18 - 00010752 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\msfeedssync.exe
2015-03-13 14:46 - 2015-02-21 10:17 - 00176640 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\ieui.dll
2015-03-13 14:45 - 2015-02-02 20:34 - 05554104 _____ (Microsoft Corporation) 
 
C:\Windows\system32\ntoskrnl.exe
2015-03-13 14:45 - 2015-02-02 20:34 - 00693176 _____ (Microsoft Corporation) 
 
C:\Windows\system32\winload.efi
2015-03-13 14:45 - 2015-02-02 20:34 - 00094656 _____ (Microsoft Corporation) 
 
C:\Windows\system32\Drivers\mountmgr.sys
2015-03-13 14:45 - 2015-02-02 20:33 - 00616360 _____ (Microsoft Corporation) 
 
C:\Windows\system32\winresume.efi
2015-03-13 14:45 - 2015-02-02 20:31 - 14632960 _____ (Microsoft Corporation) 
 
C:\Windows\system32\wmp.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 04121600 _____ (Microsoft Corporation) 
 
C:\Windows\system32\mf.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 01574400 _____ (Microsoft Corporation) 
 
C:\Windows\system32\quartz.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00782848 _____ (Microsoft Corporation) 
 
C:\Windows\system32\wmdrmsdk.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00641024 _____ (Microsoft Corporation) 
 
C:\Windows\system32\msscp.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00503808 _____ (Microsoft Corporation) 
 
C:\Windows\system32\srcore.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00500224 _____ (Microsoft Corporation) 
 
C:\Windows\system32\AUDIOKSE.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00432128 _____ (Microsoft Corporation) 
 
C:\Windows\system32\mfplat.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00371712 _____ (Microsoft Corporation) 
 
C:\Windows\system32\qdvd.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00325632 _____ (Microsoft Corporation) 
 
C:\Windows\system32\msnetobj.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00229376 _____ (Microsoft Corporation) 
 
C:\Windows\system32\wintrust.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00206848 _____ (Microsoft Corporation) 
 
C:\Windows\system32\mfps.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00188416 _____ (Microsoft Corporation) 
 
C:\Windows\system32\pcasvc.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00063488 _____ (Microsoft Corporation) 
 
C:\Windows\system32\setbcdlocale.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00050176 _____ (Microsoft Corporation) 
 
C:\Windows\system32\srclient.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00037376 _____ (Microsoft Corporation) 
 
C:\Windows\system32\pcadm.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00011264 _____ (Microsoft Corporation) 
 
C:\Windows\system32\msmmsp.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00009728 _____ (Microsoft Corporation) 
 
C:\Windows\system32\spwmp.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) 
 
C:\Windows\system32\msdxm.ocx
2015-03-13 14:45 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) 
 
C:\Windows\system32\dxmasf.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 12625920 _____ (Microsoft Corporation) 
 
C:\Windows\system32\wmploc.DLL
2015-03-13 14:45 - 2015-02-02 20:30 - 01480192 _____ (Microsoft Corporation) 
 
C:\Windows\system32\crypt32.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 01202176 _____ (Microsoft Corporation) 
 
C:\Windows\system32\drmv2clt.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 01069056 _____ (Microsoft Corporation) 
 
C:\Windows\system32\cryptui.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00842240 _____ (Microsoft Corporation) 
 
C:\Windows\system32\blackbox.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00680960 _____ (Microsoft Corporation) 
 
C:\Windows\system32\audiosrv.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00631808 _____ (Microsoft Corporation) 
 
C:\Windows\system32\evr.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00497664 _____ (Microsoft Corporation) 
 
C:\Windows\system32\drmmgrtn.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00440832 _____ (Microsoft Corporation) 
 
C:\Windows\system32\AudioEng.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00296960 _____ (Microsoft Corporation) 
 
C:\Windows\system32\rstrui.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00296448 _____ (Microsoft Corporation) 
 
C:\Windows\system32\AudioSes.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00284672 _____ (Microsoft Corporation) 
 
C:\Windows\system32\EncDump.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00187904 _____ (Microsoft Corporation) 
 
C:\Windows\system32\cryptsvc.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00146944 _____ (Microsoft Corporation) 
 
C:\Windows\system32\appidpolicyconverter.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00140288 _____ (Microsoft Corporation) 
 
C:\Windows\system32\cryptnet.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00126464 _____ (Microsoft Corporation) 
 
C:\Windows\system32\audiodg.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00112640 _____ (Microsoft Corporation) 
 
C:\Windows\system32\smss.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00082432 _____ (Microsoft Corporation) 
 
C:\Windows\system32\cryptsp.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00058880 _____ (Microsoft Corporation) 
 
C:\Windows\system32\appidapi.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00055808 _____ (Microsoft Corporation) 
 
C:\Windows\system32\rrinstaller.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00043520 _____ (Microsoft Corporation) 
 
C:\Windows\system32\csrsrv.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00032256 _____ (Microsoft Corporation) 
 
C:\Windows\system32\appidsvc.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00024576 _____ (Microsoft Corporation) 
 
C:\Windows\system32\mfpmp.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00017920 _____ (Microsoft Corporation) 
 
C:\Windows\system32\appidcertstorecheck.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00011264 _____ (Microsoft Corporation) 
 
C:\Windows\system32\pcawrk.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00009728 _____ (Microsoft Corporation) 
 
C:\Windows\system32\pcalua.exe
2015-03-13 14:45 - 2015-02-02 20:29 - 00008704 _____ (Microsoft Corporation) 
 
C:\Windows\system32\pcaevts.dll
2015-03-13 14:45 - 2015-02-02 20:28 - 00006656 _____ (Microsoft Corporation) 
 
C:\Windows\system32\apisetschema.dll
2015-03-13 14:45 - 2015-02-02 20:28 - 00002048 _____ (Microsoft Corporation) 
 
C:\Windows\system32\mferror.dll
2015-03-13 14:45 - 2015-02-02 20:19 - 00663552 _____ (Microsoft Corporation) 
 
C:\Windows\system32\Drivers\PEAuth.sys
2015-03-13 14:45 - 2015-02-02 20:16 - 03973048 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-13 14:45 - 2015-02-02 20:16 - 03917760 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-13 14:45 - 2015-02-02 20:12 - 11411968 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\wmp.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\mf.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\quartz.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\crypt32.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\cryptui.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\drmv2clt.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\blackbox.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\qdvd.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\msscp.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\evr.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\AudioEng.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\mfplat.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\msnetobj.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\AudioSes.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\wintrust.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\cryptsvc.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\cryptnet.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\mfps.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\cryptsp.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\appidapi.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00043008 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\srclient.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00008192 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\spwmp.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\msdxm.ocx
2015-03-13 14:45 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\dxmasf.dll
2015-03-13 14:45 - 2015-02-02 20:11 - 12625408 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\wmploc.DLL
2015-03-13 14:45 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\rrinstaller.exe
2015-03-13 14:45 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\mfpmp.exe
2015-03-13 14:45 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\mferror.dll
2015-03-13 14:45 - 2015-02-02 20:08 - 00006656 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\apisetschema.dll
2015-03-13 14:45 - 2015-02-02 19:32 - 00061440 _____ (Microsoft Corporation) 
 
C:\Windows\system32\Drivers\appid.sys
2015-03-13 14:45 - 2014-10-31 15:24 - 00619056 _____ (Microsoft Corporation) 
 
C:\Windows\system32\winload.exe
2015-03-13 14:45 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) 
 
C:\Windows\system32\winresume.exe
2015-03-13 14:45 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) 
 
C:\Windows\system32\ci.dll
2015-03-13 14:43 - 2015-03-05 22:56 - 00155576 _____ (Microsoft Corporation) 
 
C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-13 14:43 - 2015-03-05 22:56 - 00095680 _____ (Microsoft Corporation) 
 
C:\Windows\system32\Drivers\ksecdd.sys
2015-03-13 14:43 - 2015-03-05 22:42 - 01461760 _____ (Microsoft Corporation) 
 
C:\Windows\system32\lsasrv.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00728064 _____ (Microsoft Corporation) 
 
C:\Windows\system32\kerberos.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00341504 _____ (Microsoft Corporation) 
 
C:\Windows\system32\schannel.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00314880 _____ (Microsoft Corporation) 
 
C:\Windows\system32\msv1_0.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00309760 _____ (Microsoft Corporation) 
 
C:\Windows\system32\ncrypt.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00210944 _____ (Microsoft Corporation) 
 
C:\Windows\system32\wdigest.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00136192 _____ (Microsoft Corporation) 
 
C:\Windows\system32\sspicli.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00086528 _____ (Microsoft Corporation) 
 
C:\Windows\system32\TSpkg.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00029184 _____ (Microsoft Corporation) 
 
C:\Windows\system32\sspisrv.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00028160 _____ (Microsoft Corporation) 
 
C:\Windows\system32\secur32.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00022016 _____ (Microsoft Corporation) 
 
C:\Windows\system32\credssp.dll
2015-03-13 14:43 - 2015-03-05 22:41 - 00064000 _____ (Microsoft Corporation) 
 
C:\Windows\system32\auditpol.exe
2015-03-13 14:43 - 2015-03-05 22:41 - 00031232 _____ (Microsoft Corporation) 
 
C:\Windows\system32\lsass.exe
2015-03-13 14:43 - 2015-03-05 22:39 - 00060416 _____ (Microsoft Corporation) 
 
C:\Windows\system32\msobjs.dll
2015-03-13 14:43 - 2015-03-05 22:38 - 00146432 _____ (Microsoft Corporation) 
 
C:\Windows\system32\msaudite.dll
2015-03-13 14:43 - 2015-03-05 22:36 - 00686080 _____ (Microsoft Corporation) 
 
C:\Windows\system32\adtschema.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00550912 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\kerberos.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00259584 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\msv1_0.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00248832 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\schannel.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00221184 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\ncrypt.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00172032 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\wdigest.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00065536 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\TSpkg.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00022016 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\secur32.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00017408 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\credssp.dll
2015-03-13 14:43 - 2015-03-05 22:09 - 00096768 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\sspicli.dll
2015-03-13 14:43 - 2015-03-05 22:09 - 00050176 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\auditpol.exe
2015-03-13 14:43 - 2015-03-05 22:07 - 00146432 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\msaudite.dll
2015-03-13 14:43 - 2015-03-05 22:07 - 00060416 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\msobjs.dll
2015-03-13 14:43 - 2015-03-05 22:06 - 00686080 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\adtschema.dll
2015-03-13 14:43 - 2015-02-25 20:25 - 03204096 _____ (Microsoft Corporation) 
 
C:\Windows\system32\win32k.sys
2015-03-13 14:43 - 2015-02-19 21:41 - 00041984 _____ (Microsoft Corporation) 
 
C:\Windows\system32\lpk.dll
2015-03-13 14:43 - 2015-02-19 21:40 - 00100864 _____ (Microsoft Corporation) 
 
C:\Windows\system32\fontsub.dll
2015-03-13 14:43 - 2015-02-19 21:40 - 00046080 _____ (Adobe Systems) C:
 
\Windows\system32\atmlib.dll
2015-03-13 14:43 - 2015-02-19 21:40 - 00014336 _____ (Microsoft Corporation) 
 
C:\Windows\system32\dciman32.dll
2015-03-13 14:43 - 2015-02-19 21:13 - 00070656 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\fontsub.dll
2015-03-13 14:43 - 2015-02-19 21:13 - 00034304 _____ (Adobe Systems) C:
 
\Windows\SysWOW64\atmlib.dll
2015-03-13 14:43 - 2015-02-19 21:13 - 00010240 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\dciman32.dll
2015-03-13 14:43 - 2015-02-19 21:12 - 00025600 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\lpk.dll
2015-03-13 14:43 - 2015-02-19 20:29 - 00372224 _____ (Adobe Systems 
 
Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 14:43 - 2015-02-19 20:09 - 00299008 _____ (Adobe Systems 
 
Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-13 14:43 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\shell32.dll
2015-03-13 14:43 - 2015-02-12 22:22 - 14177280 _____ (Microsoft Corporation) 
 
C:\Windows\system32\shell32.dll
2015-03-13 14:43 - 2015-02-03 20:16 - 00465920 _____ (Microsoft Corporation) 
 
C:\Windows\system32\WMPhoto.dll
2015-03-13 14:43 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\WMPhoto.dll
2015-03-13 14:43 - 2015-02-02 20:31 - 01424896 _____ (Microsoft Corporation) 
 
C:\Windows\system32\WindowsCodecs.dll
2015-03-13 14:43 - 2015-02-02 20:31 - 00215552 _____ (Microsoft Corporation) 
 
C:\Windows\system32\ubpm.dll
2015-03-13 14:43 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-13 14:43 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\ubpm.dll
2015-03-13 14:43 - 2015-01-30 16:56 - 00459336 _____ (Microsoft Corporation) 
 
C:\Windows\system32\Drivers\cng.sys
2015-03-13 14:43 - 2015-01-16 19:48 - 01067520 _____ (Microsoft Corporation) 
 
C:\Windows\system32\msctf.dll
2015-03-13 14:43 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) 
 
C:\Windows\SysWOW64\msctf.dll
2015-03-13 14:22 - 2015-03-26 19:02 - 00129752 _____ (Malwarebytes 
 
Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-13 14:19 - 2015-03-13 14:19 - 00000000 ____D () C:\Program Files 
 
(x86)\Malwarebytes Anti-Malware
2015-03-13 14:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes 
 
Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-13 14:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes 
 
Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-13 14:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes 
 
Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-01 16:05 - 2015-03-01 16:06 - 00000000 ____D () C:\Program Files 
 
(x86)\Mozilla Thunderbird
2015-02-25 16:34 - 2015-01-08 16:44 - 00419936 _____ () C:\Windows
 
\SysWOW64\locale.nls
2015-02-25 16:34 - 2015-01-08 16:43 - 00419936 _____ () C:\Windows
 
\system32\locale.nls
2015-02-25 16:13 - 2015-02-25 16:13 - 00000000 ____D () C:\ProgramData
 
\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-25 16:11 - 2015-02-25 16:13 - 00000000 ____D () C:\ProgramData
 
\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-25 16:11 - 2015-02-25 16:13 - 00000000 ____D () C:\Program Files
 
\iTunes
2015-02-25 16:11 - 2015-02-25 16:11 - 00000000 ____D () C:\Program Files
 
\iPod
2015-02-25 16:11 - 2015-02-25 16:11 - 00000000 ____D () C:\Program Files 
 
(x86)\iTunes
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-26 19:07 - 2009-07-13 21:45 - 00013472 ____H () C:\Windows
 
\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115
 
-601632D005A0
2015-03-26 19:07 - 2009-07-13 21:45 - 00013472 ____H () C:\Windows
 
\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115
 
-601632D005A0
2015-03-26 19:06 - 2012-02-05 10:05 - 00000908 _____ () C:\Windows\Tasks
 
\GoogleUpdateTaskUserS-1-5-21-3950476251-2103889579-436239947-1000UA.job
2015-03-26 19:05 - 2010-09-18 19:47 - 01439830 _____ () C:\Windows
 
\WindowsUpdate.log
2015-03-26 19:02 - 2015-01-07 21:32 - 00000000 ___RD () C:\Data
2015-03-26 19:02 - 2011-07-16 18:03 - 00000894 _____ () C:\Windows\Tasks
 
\GoogleUpdateTaskMachineCore.job
2015-03-26 18:59 - 2012-06-28 15:21 - 00000000 ____D () C:\ProgramData
 
\NVIDIA
2015-03-26 18:59 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks
 
\SA.DAT
2015-03-26 18:38 - 2012-10-19 17:50 - 00000830 _____ () C:\Windows\Tasks
 
\Adobe Flash Player Updater.job
2015-03-26 18:17 - 2011-07-16 18:03 - 00000898 _____ () C:\Windows\Tasks
 
\GoogleUpdateTaskMachineUA.job
2015-03-26 11:05 - 2012-02-05 10:05 - 00000856 _____ () C:\Windows\Tasks
 
\GoogleUpdateTaskUserS-1-5-21-3950476251-2103889579-436239947-1000Core.job
2015-03-25 14:38 - 2009-07-13 21:45 - 00365408 _____ () C:\Windows
 
\system32\FNTCACHE.DAT
2015-03-24 10:46 - 2014-11-30 20:59 - 00000000 ____D () C:\Users\Akari
 
\Desktop\Google Drive
2015-03-24 10:46 - 2010-09-18 19:58 - 00000000 ____D () C:\Users\Akari
2015-03-24 08:49 - 2015-01-04 13:49 - 00003888 _____ () C:\Windows
 
\System32\Tasks\Adobe Acrobat Update Task
2015-03-24 08:45 - 2010-09-18 20:43 - 00000000 ____D () C:\Windows\Panther
2015-03-24 08:36 - 2010-09-18 20:53 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-23 22:09 - 2010-09-18 20:21 - 00000000 ____D () C:\Program Files
 
\Common Files\LogiShrd
2015-03-23 22:07 - 2010-09-18 20:23 - 00018960 _____ (Logitech, Inc.) C:
 
\Windows\system32\Drivers\LNonPnP.sys
2015-03-23 22:04 - 2010-09-18 20:22 - 00000000 ____D () C:\ProgramData
 
\Logishrd
2015-03-23 21:45 - 2013-10-20 14:09 - 00000000 ____D () C:\ProgramData
 
\Oracle
2015-03-23 21:42 - 2014-10-14 21:44 - 00098216 _____ (Oracle Corporation) 
 
C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-23 21:42 - 2010-09-18 20:29 - 00000000 ____D () C:\Program Files 
 
(x86)\Java
2015-03-23 21:38 - 2010-09-19 08:47 - 00000426 _____ () C:\Windows
 
\BRWMARK.INI
2015-03-23 21:38 - 2010-09-19 08:47 - 00000034 _____ () C:\Windows
 
\SysWOW64\BD7420.DAT
2015-03-23 21:23 - 2014-11-30 10:55 - 00001547 _____ () C:\ProgramData
 
\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-20 19:21 - 2014-11-30 12:13 - 00002189 _____ () C:\Users\Public
 
\Desktop\Google Chrome.lnk
2015-03-18 22:40 - 2014-11-30 11:36 - 00003834 _____ () C:\Windows
 
\System32\Tasks\Opera scheduled Autoupdate 1417372607
2015-03-18 22:40 - 2011-03-31 08:33 - 00000000 ____D () C:\Program Files 
 
(x86)\Opera
2015-03-18 00:41 - 2014-11-30 12:04 - 00000000 ____D () C:\temp
2015-03-18 00:41 - 2014-03-28 09:43 - 00000000 ____D () C:\ProgramData
 
\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-18 00:41 - 2009-07-13 22:13 - 00795858 _____ () C:\Windows
 
\system32\PerfStringBackup.INI
2015-03-18 00:37 - 2012-06-28 15:05 - 00000000 ____D () C:\Program Files
 
\NVIDIA Corporation
2015-03-15 14:41 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-03-15 13:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows
 
\SysWOW64\Dism
2015-03-15 13:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows
 
\system32\Dism
2015-03-13 15:12 - 2013-07-12 22:46 - 00000000 ____D () C:\Windows
 
\system32\MRT
2015-03-13 14:50 - 2010-09-18 20:42 - 122905848 _____ (Microsoft 
 
Corporation) C:\Windows\system32\MRT.exe
2015-03-13 14:19 - 2010-09-29 14:05 - 00000000 ____D () C:\ProgramData
 
\Malwarebytes
2015-03-13 14:19 - 2010-09-19 08:25 - 00000000 ____D () C:\ProgramData
 
\Microsoft\Windows\Start Menu\Programs\System
2015-03-13 14:06 - 2012-10-19 17:48 - 00000000 ____D () C:\Program Files 
 
(x86)\Mozilla Maintenance Service
2015-03-13 12:41 - 2015-02-20 02:18 - 17258024 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\nvd3dumx.dll
2015-03-13 12:41 - 2014-11-30 11:59 - 02906928 _____ (NVIDIA Corporation) 
 
C:\Windows\SysWOW64\nvapi.dll
2015-03-13 12:41 - 2014-11-30 11:59 - 00027441 _____ () C:\Windows
 
\system32\nvinfo.pb
2015-03-13 12:41 - 2014-03-20 23:03 - 16022016 _____ (NVIDIA Corporation) 
 
C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 12:41 - 2013-09-17 22:22 - 14121624 _____ (NVIDIA Corporation) 
 
C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 12:41 - 2012-06-28 15:07 - 18580512 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\nvwgf2umx.dll
2015-03-13 12:41 - 2012-06-28 15:07 - 03303448 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\nvapi64.dll
2015-03-13 09:16 - 2011-01-16 17:13 - 06861968 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\nvcpl.dll
2015-03-13 09:16 - 2011-01-16 17:13 - 03526856 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\nvsvc64.dll
2015-03-13 09:16 - 2011-01-16 17:13 - 02559808 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\nvsvcr.dll
2015-03-13 09:16 - 2011-01-16 17:13 - 00935056 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\nvvsvc.exe
2015-03-13 09:16 - 2011-01-16 17:13 - 00386248 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\nvmctray.dll
2015-03-13 09:16 - 2011-01-16 17:13 - 00062608 _____ (NVIDIA Corporation) 
 
C:\Windows\system32\nvshext.dll
2015-03-11 06:10 - 2013-03-06 11:32 - 04246327 _____ () C:\Windows
 
\system32\nvcoproc.bin
2015-03-09 22:23 - 2015-01-07 17:40 - 00000000 ____D () C:\ProgramData
 
\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-04 23:30 - 2013-08-14 00:04 - 00101369 ____H () C:\Windows
 
\SysWOW64\BTImages.dat
2015-02-25 16:33 - 2012-06-28 15:17 - 00000000 ____D () C:\Program Files 
 
(x86)\NVIDIA Corporation
2015-02-25 16:11 - 2011-06-03 21:34 - 00000000 ____D () C:\Program Files
 
\Common Files\Apple
2015-02-24 04:17 - 2010-09-18 20:22 - 00295552 ____N (Microsoft Corporation) 
 
C:\Windows\system32\MpSigStub.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-25 00:01
 
==================== End Of Log ============================
 
ESET Online Scanner Log:
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts
 
\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
 
deleted - quarantined
C:\Program Files (x86)\CheckPoint\Install\CUninstaller.exe
 
Win32/Toolbar.Conduit potentially unwanted application deleted - 
 
quarantined
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe
 
Win32/Toolbar.Conduit potentially unwanted application deleted - 
 
quarantined
C:\Program Files (x86)\CheckPoint\Install\zatb.exe
 
Win32/Toolbar.Montiera.I potentially unwanted application deleted - 
 
quarantined
G:\Programs\Chrome_Setup.exe a variant of Win32/InstallCore.QB 
 
potentially unwanted application deleted - quarantined
G:\Programs\FreeMIDIToMP3Converter.exe Win32/Spigot.A potentially unwanted 
 
application deleted - quarantined
G:\Programs\zaSuiteSetupWeb_101_065_000.exe Win32/Toolbar.Conduit 
 
potentially unwanted application deleted - quarantined
G:\Programs\zaSuiteSetupWeb_120_104_000.exe Win32/Toolbar.Conduit 
 
potentially unwanted application deleted - quarantined
G:\Programs\zaSuiteSetupWeb_131_211_000.exe Win32/Toolbar.Conduit 
 
potentially unwanted application deleted - quarantined
 
 
 
Step 4: Question

How is your PC running?
 
 
Not sure. Running malewarebytes without exclusions still stalls at the filesystem objects scan. However, I have not had any further problems with corrupted Windows user profile.


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:26 PM

Posted 27 March 2015 - 03:27 PM

Can you repost your logs without these spaces? It is unreadable.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Akari Blue

Akari Blue
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:07:26 PM

Posted 27 March 2015 - 03:35 PM

Sorry, hopefully this is better? 
 
FixLog:
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Sephyr at 2015-03-26 18:56:38 Run:1
Running from C:\Users\Sephyr\Desktop
Loaded Profiles: Sephyr (Available profiles: Sephyr)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
ShortcutTarget: SanDisk Media Manager.lnk ->  (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
C:\ProgramData\hash.dat
EmptyTemp:
*****************
 
ShortcutTarget: SanDisk Media Manager.lnk ->  (No File) not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\ProgramData\hash.dat => Moved successfully.
EmptyTemp: => Removed 736.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 18:57:12 ====
 
Computer was rebooted as frst program asked.
 
FRST log: 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Sephyr (administrator) on DAYLIGHTIV on 26-03-2015 19:07:01
Running from C:\Users\Sephyr\Desktop
Loaded Profiles: Sephyr (Available profiles: Sephyr)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Sysinternals - www.sysinternals.com) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\procexp64.exe
(SanDisk Corporation) C:\Program Files (x86)\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ISW] => C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe [933496 2014-03-27] (Check Point Software Technologies LTD)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-04-25] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3950476251-2103889579-436239947-1010\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3950476251-2103889579-436239947-1010\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3950476251-2103889579-436239947-1010\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-12] (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
ShortcutTarget: Device Detector 3.lnk -> C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\procexp64.exe (Sysinternals - www.sysinternals.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SanDisk Media Manager.lnk
ShortcutTarget: SanDisk Media Manager.lnk ->  (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-23] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-23] (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-01-05] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-23] (Oracle Corporation)
FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.91 -> C:\Program Files (x86)\NOS\bin\np_gp.dll [2010-09-01] (NOS Microsystems Ltd.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 -> C:\Program Files (x86)\Sony Online Entertainment\npsoe.dll [2012-03-19] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-03-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-23]
CHR Extension: (Google Docs) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-23]
CHR Extension: (Google Drive) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-23]
CHR Extension: (YouTube) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-23]
CHR Extension: (Google Search) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-23]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-03-23]
CHR Extension: (Google Sheets) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-24]
CHR Extension: (Google Wallet) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-23]
CHR Extension: (Gmail) - C:\Users\Sephyr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-23]
CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3950476251-2103889579-436239947-1010\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 IswSvc; C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe [1133176 2014-03-27] (Check Point Software Technologies LTD)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [66112 2010-09-01] (NOS Microsystems Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-04-25] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 icsak; C:\Program Files (x86)\CheckPoint\AKL\ak\icsak.sys [48512 2014-03-27] (Check Point Software Technologies LTD)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys [54144 2014-03-27] (Check Point Software Technologies LTD)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-03-19] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2010-10-14] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-03-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490592 2014-03-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-03-19] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2014-03-19] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177760 2014-03-19] (Kaspersky Lab ZAO)
R3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 VNUSB; C:\Windows\System32\Drivers\VNUSB.sys [22528 2009-09-29] (OLYMPUS IMAGING CORP.)
S3 VNUSB; C:\Windows\SysWOW64\Drivers\VNUSB.sys [38496 2006-04-07] (OLYMPUS IMAGING CORP.) [File not signed]
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450968 2014-04-24] (Check Point Software Technologies Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-26 19:07 - 2015-03-26 19:12 - 00017942 _____ () C:\Users\Sephyr\Desktop\FRST.txt
2015-03-25 16:15 - 2015-03-25 16:15 - 00000693 _____ () C:\Users\Sephyr\Desktop\JRT.txt
2015-03-25 14:49 - 2015-03-26 19:08 - 00004125 _____ () C:\Users\Sephyr\Desktop\bleeping computer reply.txt
2015-03-25 14:38 - 2015-03-26 19:00 - 00000336 _____ () C:\Windows\setupact.log
2015-03-25 14:38 - 2015-03-25 14:38 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-25 14:37 - 2015-03-26 18:59 - 00002194 _____ () C:\Windows\PFRO.log
2015-03-25 14:27 - 2015-03-25 14:27 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Sephyr\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-25 14:24 - 2015-03-25 14:24 - 01388782 _____ (Thisisu) C:\Users\Sephyr\Desktop\JRT.exe
2015-03-25 14:23 - 2015-03-25 14:23 - 02168320 _____ () C:\Users\Sephyr\Desktop\AdwCleaner.exe
2015-03-24 10:12 - 2015-03-24 10:12 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\LockHunter
2015-03-24 08:54 - 2015-03-26 19:07 - 00000000 ____D () C:\FRST
2015-03-24 08:39 - 2015-03-24 08:39 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-24 08:23 - 2015-03-24 08:23 - 02001540 _____ () C:\Users\Sephyr\Desktop\pc-decrapifier-3.0.0.exe
2015-03-24 08:22 - 2015-03-24 08:23 - 05325696 _____ (Piriform Ltd) C:\Users\Sephyr\Desktop\ccsetup503.exe
2015-03-23 22:51 - 2015-03-23 22:51 - 02095616 _____ (Farbar) C:\Users\Sephyr\Desktop\FRST64.exe
2015-03-23 22:30 - 2015-03-25 14:35 - 00000000 ____D () C:\AdwCleaner
2015-03-23 22:25 - 2015-03-23 22:26 - 02168320 _____ () C:\Users\Sephyr\Desktop\adwcleaner_4.113.exe
2015-03-23 22:09 - 2015-03-23 22:09 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\Logishrd
2015-03-23 22:04 - 2015-03-23 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-03-23 22:04 - 2015-03-23 22:04 - 00000000 ____D () C:\Program Files\Logitech
2015-03-23 21:53 - 2015-03-23 21:53 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Logishrd
2015-03-23 21:34 - 2015-03-25 14:48 - 00097000 _____ () C:\Users\Sephyr\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-23 21:33 - 2013-07-29 09:56 - 00000588 _____ () C:\Users\Sephyr\Documents\indexfile.txt
2015-03-23 21:24 - 2015-03-26 10:10 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Adobe
2015-03-23 21:24 - 2015-03-24 08:23 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\Adobe
2015-03-23 21:24 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Thunderbird
2015-03-23 21:24 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Mozilla
2015-03-23 21:24 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Apple Computer
2015-03-23 21:24 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\Thunderbird
2015-03-23 21:23 - 2015-03-23 21:53 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Logitech
2015-03-23 21:23 - 2015-03-23 21:23 - 00001449 _____ () C:\Users\Sephyr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-23 21:23 - 2015-03-23 21:23 - 00001415 _____ () C:\Users\Sephyr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-03-23 21:21 - 2015-03-23 21:21 - 00000020 ___SH () C:\Users\Sephyr\ntuser.ini
2015-03-23 21:21 - 2015-03-23 21:21 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\CheckPoint
2015-03-23 21:20 - 2015-03-23 21:24 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\Google
2015-03-23 21:20 - 2015-03-23 21:22 - 00000000 ____D () C:\Users\Sephyr
2015-03-23 21:20 - 2015-01-11 21:24 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\NVIDIA Corporation
2015-03-23 21:20 - 2015-01-11 16:02 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\NVIDIA
2015-03-23 21:20 - 2014-12-03 08:54 - 00000000 _____ () C:\Users\Sephyr\Sti_Trace.log
2015-03-23 21:20 - 2014-12-02 10:11 - 00000000 ____D () C:\Users\Sephyr\AppData\Local\Apple
2015-03-23 21:20 - 2014-06-12 02:55 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Garmin
2015-03-23 21:20 - 2012-09-18 11:41 - 00000000 ____D () C:\Users\Sephyr\AppData\LocalGoogle
2015-03-23 21:20 - 2011-05-20 19:47 - 00000000 ____D () C:\Users\Sephyr\AppData\Roaming\Macromedia
2015-03-23 21:20 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Sephyr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-23 21:20 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Sephyr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-18 00:40 - 2015-03-13 08:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-18 00:34 - 2015-03-13 12:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-18 00:34 - 2015-03-13 12:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-18 00:34 - 2015-03-13 12:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-16 16:21 - 2014-11-22 03:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-03-16 16:21 - 2014-11-22 03:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-03-13 14:46 - 2015-02-21 12:17 - 17882624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-13 14:46 - 2015-02-21 12:07 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-13 14:46 - 2015-02-21 12:02 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-13 14:46 - 2015-02-21 12:00 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-13 14:46 - 2015-02-21 11:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-13 14:46 - 2015-02-21 11:54 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-13 14:46 - 2015-02-21 11:53 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-13 14:46 - 2015-02-21 11:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-13 14:46 - 2015-02-21 11:52 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-13 14:46 - 2015-02-21 11:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-13 14:46 - 2015-02-21 11:51 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-13 14:46 - 2015-02-21 11:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-13 14:46 - 2015-02-21 11:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-13 14:46 - 2015-02-21 11:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-13 14:46 - 2015-02-21 11:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-13 14:46 - 2015-02-21 10:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-13 14:46 - 2015-02-21 10:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-13 14:46 - 2015-02-21 10:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-13 14:46 - 2015-02-21 10:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-13 14:46 - 2015-02-21 10:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-13 14:46 - 2015-02-21 10:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-13 14:46 - 2015-02-21 10:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-13 14:46 - 2015-02-21 10:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-03-13 14:46 - 2015-02-21 10:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-13 14:46 - 2015-02-21 10:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-13 14:46 - 2015-02-21 10:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-13 14:46 - 2015-02-21 10:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-13 14:46 - 2015-02-21 10:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-13 14:46 - 2015-02-21 10:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-13 14:46 - 2015-02-21 10:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-13 14:46 - 2015-02-21 10:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-13 14:46 - 2015-02-21 10:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-13 14:46 - 2015-02-21 10:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-13 14:46 - 2015-02-21 10:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-03-13 14:46 - 2015-02-21 10:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-03-13 14:46 - 2015-02-21 10:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-03-13 14:46 - 2015-02-21 10:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-13 14:45 - 2015-02-02 20:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 14:45 - 2015-02-02 20:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-13 14:45 - 2015-02-02 20:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-13 14:45 - 2015-02-02 20:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-13 14:45 - 2015-02-02 20:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-13 14:45 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-13 14:45 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-13 14:45 - 2015-02-02 20:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-13 14:45 - 2015-02-02 20:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-13 14:45 - 2015-02-02 20:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-13 14:45 - 2015-02-02 20:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-13 14:45 - 2015-02-02 20:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-13 14:45 - 2015-02-02 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-13 14:45 - 2015-02-02 20:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-13 14:45 - 2015-02-02 20:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-13 14:45 - 2015-02-02 20:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-13 14:45 - 2015-02-02 20:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-13 14:45 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-13 14:45 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-13 14:45 - 2015-02-02 20:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-13 14:45 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-13 14:45 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-13 14:45 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-13 14:45 - 2015-02-02 20:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-13 14:45 - 2015-02-02 19:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-13 14:45 - 2014-10-31 15:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-13 14:45 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-13 14:45 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-13 14:43 - 2015-03-05 22:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-13 14:43 - 2015-03-05 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-13 14:43 - 2015-03-05 22:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-13 14:43 - 2015-03-05 22:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-13 14:43 - 2015-03-05 22:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-13 14:43 - 2015-03-05 22:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-13 14:43 - 2015-03-05 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-13 14:43 - 2015-03-05 22:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-13 14:43 - 2015-03-05 22:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-13 14:43 - 2015-03-05 22:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-13 14:43 - 2015-03-05 22:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-13 14:43 - 2015-03-05 22:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-13 14:43 - 2015-03-05 22:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-13 14:43 - 2015-03-05 22:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-13 14:43 - 2015-03-05 22:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-13 14:43 - 2015-02-25 20:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 14:43 - 2015-02-19 21:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-13 14:43 - 2015-02-19 21:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-13 14:43 - 2015-02-19 21:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 14:43 - 2015-02-19 21:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-13 14:43 - 2015-02-19 21:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-13 14:43 - 2015-02-19 21:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-13 14:43 - 2015-02-19 21:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-13 14:43 - 2015-02-19 21:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-13 14:43 - 2015-02-19 20:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 14:43 - 2015-02-19 20:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-13 14:43 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-13 14:43 - 2015-02-12 22:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-13 14:43 - 2015-02-03 20:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 14:43 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-13 14:43 - 2015-02-02 20:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 14:43 - 2015-02-02 20:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-13 14:43 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-13 14:43 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-13 14:43 - 2015-01-30 16:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-13 14:43 - 2015-01-16 19:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 14:43 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-13 14:22 - 2015-03-26 19:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-13 14:19 - 2015-03-13 14:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-13 14:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-13 14:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-13 14:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-01 16:05 - 2015-03-01 16:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-25 16:34 - 2015-01-08 16:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 16:34 - 2015-01-08 16:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 16:13 - 2015-02-25 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-25 16:11 - 2015-02-25 16:13 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-25 16:11 - 2015-02-25 16:13 - 00000000 ____D () C:\Program Files\iTunes
2015-02-25 16:11 - 2015-02-25 16:11 - 00000000 ____D () C:\Program Files\iPod
2015-02-25 16:11 - 2015-02-25 16:11 - 00000000 ____D () C:\Program Files (x86)\iTunes
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-26 19:07 - 2009-07-13 21:45 - 00013472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 19:07 - 2009-07-13 21:45 - 00013472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 19:06 - 2012-02-05 10:05 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950476251-2103889579-436239947-1000UA.job
2015-03-26 19:05 - 2010-09-18 19:47 - 01439830 _____ () C:\Windows\WindowsUpdate.log
2015-03-26 19:02 - 2015-01-07 21:32 - 00000000 ___RD () C:\Data
2015-03-26 19:02 - 2011-07-16 18:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-26 18:59 - 2012-06-28 15:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-26 18:59 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-26 18:38 - 2012-10-19 17:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-26 18:17 - 2011-07-16 18:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-26 11:05 - 2012-02-05 10:05 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950476251-2103889579-436239947-1000Core.job
2015-03-25 14:38 - 2009-07-13 21:45 - 00365408 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-24 10:46 - 2014-11-30 20:59 - 00000000 ____D () C:\Users\Akari\Desktop\Google Drive
2015-03-24 10:46 - 2010-09-18 19:58 - 00000000 ____D () C:\Users\Akari
2015-03-24 08:49 - 2015-01-04 13:49 - 00003888 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-03-24 08:45 - 2010-09-18 20:43 - 00000000 ____D () C:\Windows\Panther
2015-03-24 08:36 - 2010-09-18 20:53 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-23 22:09 - 2010-09-18 20:21 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2015-03-23 22:07 - 2010-09-18 20:23 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-03-23 22:04 - 2010-09-18 20:22 - 00000000 ____D () C:\ProgramData\Logishrd
2015-03-23 21:45 - 2013-10-20 14:09 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-23 21:42 - 2014-10-14 21:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-23 21:42 - 2010-09-18 20:29 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-23 21:38 - 2010-09-19 08:47 - 00000426 _____ () C:\Windows\BRWMARK.INI
2015-03-23 21:38 - 2010-09-19 08:47 - 00000034 _____ () C:\Windows\SysWOW64\BD7420.DAT
2015-03-23 21:23 - 2014-11-30 10:55 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-20 19:21 - 2014-11-30 12:13 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-18 22:40 - 2014-11-30 11:36 - 00003834 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1417372607
2015-03-18 22:40 - 2011-03-31 08:33 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-18 00:41 - 2014-11-30 12:04 - 00000000 ____D () C:\temp
2015-03-18 00:41 - 2014-03-28 09:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-18 00:41 - 2009-07-13 22:13 - 00795858 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-18 00:37 - 2012-06-28 15:05 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-15 14:41 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-03-15 13:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-15 13:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-13 15:12 - 2013-07-12 22:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-13 14:50 - 2010-09-18 20:42 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-13 14:19 - 2010-09-29 14:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-13 14:19 - 2010-09-19 08:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System
2015-03-13 14:06 - 2012-10-19 17:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-13 12:41 - 2015-02-20 02:18 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-13 12:41 - 2014-11-30 11:59 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-13 12:41 - 2014-11-30 11:59 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 12:41 - 2014-03-20 23:03 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 12:41 - 2013-09-17 22:22 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 12:41 - 2012-06-28 15:07 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-13 12:41 - 2012-06-28 15:07 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 09:16 - 2011-01-16 17:13 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 09:16 - 2011-01-16 17:13 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 09:16 - 2011-01-16 17:13 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 09:16 - 2011-01-16 17:13 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 09:16 - 2011-01-16 17:13 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 09:16 - 2011-01-16 17:13 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-11 06:10 - 2013-03-06 11:32 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-09 22:23 - 2015-01-07 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-04 23:30 - 2013-08-14 00:04 - 00101369 ____H () C:\Windows\SysWOW64\BTImages.dat
2015-02-25 16:33 - 2012-06-28 15:17 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-25 16:11 - 2011-06-03 21:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-24 04:17 - 2010-09-18 20:22 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-25 00:01
 
==================== End Of Log ============================
 
ESET Online Scanner Log:
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\Program Files (x86)\CheckPoint\Install\CUninstaller.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Program Files (x86)\CheckPoint\Install\zatb.exe Win32/Toolbar.Montiera.I potentially unwanted application deleted - quarantined
G:\Programs\Chrome_Setup.exe a variant of Win32/InstallCore.QB potentially unwanted application deleted - quarantined
G:\Programs\FreeMIDIToMP3Converter.exe Win32/Spigot.A potentially unwanted application deleted - quarantined
G:\Programs\zaSuiteSetupWeb_101_065_000.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
G:\Programs\zaSuiteSetupWeb_120_104_000.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
G:\Programs\zaSuiteSetupWeb_131_211_000.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
 
 
 
Step 4: Question
 
How is your PC running?
 
 
Not sure. Running malewarebytes without exclusions still stalls at the filesystem objects scan. However, I have not had any further problems with corrupted Windows user profile.


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:26 PM

Posted 28 March 2015 - 07:37 AM

MBAM released a new version, so this may cause it.

To be sure there is no RootKit we will run a short RootKit Scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants. Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process. Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Akari Blue

Akari Blue
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:07:26 PM

Posted 28 March 2015 - 12:30 PM

Every time I've booted my computer yesterday and today, it has had no trouble loading my profile. So maybe that and the malewarebytes problem were separate issues.
 
TDSS Rootkit Removing Tool log: 
 
09:23:31.0719 0x11a8  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
09:23:40.0346 0x11a8  ============================================================
09:23:40.0346 0x11a8  Current date / time: 2015/03/28 09:23:40.0346
09:23:40.0346 0x11a8  SystemInfo:
09:23:40.0346 0x11a8  
09:23:40.0346 0x11a8  OS Version: 6.1.7601 ServicePack: 1.0
09:23:40.0346 0x11a8  Product type: Workstation
09:23:40.0346 0x11a8  ComputerName: DAYLIGHTIV
09:23:40.0346 0x11a8  UserName: Sephyr
09:23:40.0346 0x11a8  Windows directory: C:\Windows
09:23:40.0346 0x11a8  System windows directory: C:\Windows
09:23:40.0346 0x11a8  Running under WOW64
09:23:40.0346 0x11a8  Processor architecture: Intel x64
09:23:40.0346 0x11a8  Number of processors: 4
09:23:40.0346 0x11a8  Page size: 0x1000
09:23:40.0346 0x11a8  Boot type: Normal boot
09:23:40.0346 0x11a8  ============================================================
09:23:45.0307 0x11a8  KLMD registered as C:\Windows\system32\drivers\11926231.sys
09:23:46.0961 0x11a8  System UUID: {84705F87-2252-3270-ECFB-A24220AE2714}
09:23:51.0361 0x11a8  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x540BE, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
09:23:51.0376 0x11a8  Drive \Device\Harddisk1\DR1 - Size: 0x3A70C70000 ( 233.76 Gb ), SectorSize: 0x200, Cylinders: 0x7733, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:23:51.0392 0x11a8  ============================================================
09:23:51.0392 0x11a8  \Device\Harddisk0\DR0:
09:23:51.0392 0x11a8  MBR partitions:
09:23:51.0392 0x11a8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:23:51.0392 0x11a8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000
09:23:51.0392 0x11a8  \Device\Harddisk1\DR1:
09:23:51.0408 0x11a8  MBR partitions:
09:23:51.0408 0x11a8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7801F1A
09:23:51.0408 0x11a8  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x7801F98, BlocksNum 0x15B7D91A
09:23:51.0408 0x11a8  ============================================================
09:23:51.0439 0x11a8  C: <-> \Device\Harddisk0\DR0\Partition2
09:23:51.0454 0x11a8  D: <-> \Device\Harddisk1\DR1\Partition1
09:23:51.0470 0x11a8  E: <-> \Device\Harddisk0\DR0\Partition1
09:23:51.0486 0x11a8  G: <-> \Device\Harddisk1\DR1\Partition2
09:23:51.0486 0x11a8  ============================================================
09:23:51.0486 0x11a8  Initialize success
09:23:51.0486 0x11a8  ============================================================
09:24:27.0855 0x1aec  ============================================================
09:24:27.0855 0x1aec  Scan started
09:24:27.0855 0x1aec  Mode: Manual; 
09:24:27.0855 0x1aec  ============================================================
09:24:27.0855 0x1aec  KSN ping started
09:24:41.0864 0x1aec  KSN ping finished: true
09:24:43.0003 0x1aec  ================ Scan system memory ========================
09:24:43.0003 0x1aec  System memory - ok
09:24:43.0003 0x1aec  ================ Scan services =============================
09:24:43.0268 0x1aec  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:24:43.0299 0x1aec  1394ohci - ok
09:24:43.0393 0x1aec  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:24:43.0424 0x1aec  ACPI - ok
09:24:43.0439 0x1aec  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:24:43.0455 0x1aec  AcpiPmi - ok
09:24:43.0564 0x1aec  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:24:43.0627 0x1aec  AdobeARMservice - ok
09:24:43.0798 0x1aec  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:24:43.0814 0x1aec  AdobeFlashPlayerUpdateSvc - ok
09:24:43.0892 0x1aec  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
09:24:43.0923 0x1aec  adp94xx - ok
09:24:43.0954 0x1aec  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
09:24:43.0970 0x1aec  adpahci - ok
09:24:44.0001 0x1aec  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
09:24:44.0017 0x1aec  adpu320 - ok
09:24:44.0048 0x1aec  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:24:44.0048 0x1aec  AeLookupSvc - ok
09:24:44.0110 0x1aec  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
09:24:44.0157 0x1aec  AFD - ok
09:24:44.0173 0x1aec  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
09:24:44.0188 0x1aec  agp440 - ok
09:24:44.0204 0x1aec  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
09:24:44.0204 0x1aec  ALG - ok
09:24:44.0235 0x1aec  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:24:44.0266 0x1aec  aliide - ok
09:24:44.0313 0x1aec  [ A359974EAAC83A435497C52F62A2E590, 7A7AFFE1CCE8732C478AE3EA630AA46C94DE0DBFE19EE63E3FB99B0D3338F038 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:24:44.0344 0x1aec  AMD External Events Utility - ok
09:24:44.0391 0x1aec  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
09:24:44.0407 0x1aec  amdide - ok
09:24:44.0422 0x1aec  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
09:24:44.0453 0x1aec  AmdK8 - ok
09:24:44.0765 0x1aec  [ 60216B0E704584DE6D5A9F59E9C34C47, CC3E9F09FB28E50FDFCC5E6A996E28CB4E721DDDD50E23710DC74C5B0F7CE3E3 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
09:24:45.0124 0x1aec  amdkmdag - ok
09:24:45.0155 0x1aec  [ 6B4E9261B613B047A9A145F328889968, E5C6611E88381A9D40AD1CE80BFDDBDA733F4A8D3602AAE25A155D2C39B3B7FD ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
09:24:45.0171 0x1aec  amdkmdap - ok
09:24:45.0187 0x1aec  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
09:24:45.0202 0x1aec  AmdPPM - ok
09:24:45.0233 0x1aec  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:24:45.0265 0x1aec  amdsata - ok
09:24:45.0280 0x1aec  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
09:24:45.0296 0x1aec  amdsbs - ok
09:24:45.0311 0x1aec  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:24:45.0327 0x1aec  amdxata - ok
09:24:45.0374 0x1aec  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
09:24:45.0779 0x1aec  AppID - ok
09:24:45.0795 0x1aec  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:24:46.0216 0x1aec  AppIDSvc - ok
09:24:46.0247 0x1aec  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
09:24:46.0279 0x1aec  Appinfo - ok
09:24:46.0419 0x1aec  [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:24:46.0450 0x1aec  Apple Mobile Device Service - ok
09:24:46.0497 0x1aec  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
09:24:46.0544 0x1aec  AppMgmt - ok
09:24:46.0559 0x1aec  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
09:24:46.0591 0x1aec  arc - ok
09:24:46.0606 0x1aec  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
09:24:46.0622 0x1aec  arcsas - ok
09:24:46.0809 0x1aec  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:24:46.0825 0x1aec  aspnet_state - ok
09:24:46.0856 0x1aec  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:24:46.0871 0x1aec  AsyncMac - ok
09:24:46.0887 0x1aec  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
09:24:46.0887 0x1aec  atapi - ok
09:24:46.0934 0x1aec  [ CBE5F8B3E54198F5DFE403A55A95DE08, A0A67A277CAEE39E401BFBE5EA51643EB67A0B5B742B30F24EFC1558BE8999E8 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
09:24:46.0949 0x1aec  AtiHDAudioService - ok
09:24:47.0246 0x1aec  [ 60216B0E704584DE6D5A9F59E9C34C47, CC3E9F09FB28E50FDFCC5E6A996E28CB4E721DDDD50E23710DC74C5B0F7CE3E3 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
09:24:47.0417 0x1aec  atikmdag - ok
09:24:47.0464 0x1aec  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:24:47.0495 0x1aec  AudioEndpointBuilder - ok
09:24:47.0511 0x1aec  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:24:47.0527 0x1aec  AudioSrv - ok
09:24:47.0573 0x1aec  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:24:47.0605 0x1aec  AxInstSV - ok
09:24:47.0636 0x1aec  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
09:24:47.0683 0x1aec  b06bdrv - ok
09:24:47.0698 0x1aec  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:24:47.0729 0x1aec  b57nd60a - ok
09:24:47.0761 0x1aec  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:24:47.0776 0x1aec  BDESVC - ok
09:24:47.0807 0x1aec  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:24:47.0823 0x1aec  Beep - ok
09:24:47.0917 0x1aec  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
09:24:47.0963 0x1aec  BFE - ok
09:24:48.0026 0x1aec  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
09:24:48.0073 0x1aec  BITS - ok
09:24:48.0088 0x1aec  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:24:48.0088 0x1aec  blbdrive - ok
09:24:48.0151 0x1aec  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:24:48.0166 0x1aec  Bonjour Service - ok
09:24:48.0197 0x1aec  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:24:48.0197 0x1aec  bowser - ok
09:24:48.0213 0x1aec  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:24:48.0213 0x1aec  BrFiltLo - ok
09:24:48.0229 0x1aec  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:24:48.0229 0x1aec  BrFiltUp - ok
09:24:48.0275 0x1aec  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
09:24:48.0307 0x1aec  Browser - ok
09:24:48.0322 0x1aec  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\system32\DRIVERS\BrSerId.sys
09:24:48.0338 0x1aec  Brserid - ok
09:24:48.0353 0x1aec  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:24:48.0369 0x1aec  BrSerWdm - ok
09:24:48.0385 0x1aec  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:24:48.0385 0x1aec  BrUsbMdm - ok
09:24:48.0400 0x1aec  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\system32\DRIVERS\BrUsbSer.sys
09:24:48.0400 0x1aec  BrUsbSer - ok
09:24:48.0416 0x1aec  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
09:24:48.0431 0x1aec  BTHMODEM - ok
09:24:48.0447 0x1aec  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
09:24:48.0463 0x1aec  bthserv - ok
09:24:48.0478 0x1aec  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:24:48.0494 0x1aec  cdfs - ok
09:24:48.0509 0x1aec  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:24:48.0525 0x1aec  cdrom - ok
09:24:48.0556 0x1aec  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
09:24:48.0587 0x1aec  CertPropSvc - ok
09:24:48.0603 0x1aec  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
09:24:48.0619 0x1aec  circlass - ok
09:24:48.0681 0x1aec  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
09:24:48.0743 0x1aec  CLFS - ok
09:24:48.0821 0x1aec  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:24:48.0868 0x1aec  clr_optimization_v2.0.50727_32 - ok
09:24:48.0915 0x1aec  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:24:48.0931 0x1aec  clr_optimization_v2.0.50727_64 - ok
09:24:49.0009 0x1aec  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:24:49.0055 0x1aec  clr_optimization_v4.0.30319_32 - ok
09:24:49.0071 0x1aec  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:24:49.0087 0x1aec  clr_optimization_v4.0.30319_64 - ok
09:24:49.0087 0x1aec  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:24:49.0102 0x1aec  CmBatt - ok
09:24:49.0133 0x1aec  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:24:49.0165 0x1aec  cmdide - ok
09:24:49.0211 0x1aec  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
09:24:49.0664 0x1aec  CNG - ok
09:24:49.0679 0x1aec  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
09:24:49.0679 0x1aec  Compbatt - ok
09:24:49.0711 0x1aec  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
09:24:49.0711 0x1aec  CompositeBus - ok
09:24:49.0726 0x1aec  COMSysApp - ok
09:24:49.0742 0x1aec  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
09:24:49.0742 0x1aec  crcdisk - ok
09:24:49.0789 0x1aec  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:24:50.0225 0x1aec  CryptSvc - ok
09:24:50.0272 0x1aec  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
09:24:50.0319 0x1aec  CSC - ok
09:24:50.0381 0x1aec  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
09:24:50.0413 0x1aec  CscService - ok
09:24:50.0428 0x1aec  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:24:50.0444 0x1aec  DcomLaunch - ok
09:24:50.0475 0x1aec  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
09:24:50.0491 0x1aec  defragsvc - ok
09:24:50.0537 0x1aec  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:24:50.0537 0x1aec  DfsC - ok
09:24:50.0553 0x1aec  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:24:50.0569 0x1aec  Dhcp - ok
09:24:50.0584 0x1aec  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
09:24:50.0584 0x1aec  discache - ok
09:24:50.0600 0x1aec  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
09:24:50.0600 0x1aec  Disk - ok
09:24:50.0631 0x1aec  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:24:50.0647 0x1aec  Dnscache - ok
09:24:50.0678 0x1aec  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:24:50.0693 0x1aec  dot3svc - ok
09:24:50.0725 0x1aec  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
09:24:50.0725 0x1aec  DPS - ok
09:24:50.0771 0x1aec  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:24:50.0771 0x1aec  drmkaud - ok
09:24:50.0849 0x1aec  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:24:50.0912 0x1aec  DXGKrnl - ok
09:24:50.0959 0x1aec  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
09:24:50.0990 0x1aec  EapHost - ok
09:24:51.0130 0x1aec  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
09:24:51.0239 0x1aec  ebdrv - ok
09:24:51.0286 0x1aec  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS             C:\Windows\System32\lsass.exe
09:24:51.0676 0x1aec  EFS - ok
09:24:51.0754 0x1aec  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:24:51.0801 0x1aec  ehRecvr - ok
09:24:51.0832 0x1aec  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
09:24:51.0863 0x1aec  ehSched - ok
09:24:51.0926 0x1aec  [ 9A47AC3DFCF81D30922CDAAF1C2D579F, 8CE5EC7C515D99928E701186DDDF80DC0BE6B98CE6E41509D2002ADA638609A5 ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
09:24:51.0941 0x1aec  ElbyCDIO - ok
09:24:51.0973 0x1aec  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
09:24:52.0019 0x1aec  elxstor - ok
09:24:52.0051 0x1aec  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:24:52.0051 0x1aec  ErrDev - ok
09:24:52.0082 0x1aec  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
09:24:52.0097 0x1aec  EventSystem - ok
09:24:52.0113 0x1aec  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
09:24:52.0129 0x1aec  exfat - ok
09:24:52.0144 0x1aec  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:24:52.0160 0x1aec  fastfat - ok
09:24:52.0238 0x1aec  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
09:24:52.0285 0x1aec  Fax - ok
09:24:52.0300 0x1aec  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:24:52.0300 0x1aec  fdc - ok
09:24:52.0316 0x1aec  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
09:24:52.0331 0x1aec  fdPHost - ok
09:24:52.0347 0x1aec  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:24:52.0347 0x1aec  FDResPub - ok
09:24:52.0363 0x1aec  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:24:52.0378 0x1aec  FileInfo - ok
09:24:52.0394 0x1aec  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:24:52.0394 0x1aec  Filetrace - ok
09:24:52.0409 0x1aec  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:24:52.0425 0x1aec  flpydisk - ok
09:24:52.0456 0x1aec  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:24:52.0487 0x1aec  FltMgr - ok
09:24:52.0597 0x1aec  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
09:24:52.0659 0x1aec  FontCache - ok
09:24:52.0706 0x1aec  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:24:52.0737 0x1aec  FontCache3.0.0.0 - ok
09:24:52.0753 0x1aec  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:24:52.0784 0x1aec  FsDepends - ok
09:24:52.0831 0x1aec  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:24:52.0846 0x1aec  Fs_Rec - ok
09:24:52.0877 0x1aec  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:24:52.0893 0x1aec  fvevol - ok
09:24:52.0909 0x1aec  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
09:24:52.0924 0x1aec  gagp30kx - ok
09:24:53.0080 0x1aec  [ DA3E277F51F300CCAB335D5382148E27, AE3DE9CA0B70DE4D157BCEB5D84B30D53A14E7DF445B3DC70768FCDC955226DB ] Garmin Core Update Service C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
09:24:53.0143 0x1aec  Garmin Core Update Service - ok
09:24:53.0174 0x1aec  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:24:53.0189 0x1aec  GEARAspiWDM - ok
09:24:53.0330 0x1aec  [ 0C52567F023D0F05F4EFC26F607D415B, 168D2AAB2F9CF8DE4A894DE3B2A5C67F1DAD758DBEC95FCFF4D752645BB37C38 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
09:24:53.0361 0x1aec  GfExperienceService - ok
09:24:53.0423 0x1aec  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
09:24:53.0455 0x1aec  gpsvc - ok
09:24:53.0548 0x1aec  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:24:53.0564 0x1aec  gupdate - ok
09:24:53.0579 0x1aec  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:24:53.0579 0x1aec  gupdatem - ok
09:24:53.0642 0x1aec  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:24:53.0845 0x1aec  gusvc - ok
09:24:53.0876 0x1aec  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:24:53.0876 0x1aec  hcw85cir - ok
09:24:53.0907 0x1aec  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:24:53.0923 0x1aec  HdAudAddService - ok
09:24:53.0938 0x1aec  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:24:53.0954 0x1aec  HDAudBus - ok
09:24:53.0954 0x1aec  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
09:24:53.0954 0x1aec  HidBatt - ok
09:24:53.0969 0x1aec  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
09:24:53.0985 0x1aec  HidBth - ok
09:24:54.0001 0x1aec  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
09:24:54.0001 0x1aec  HidIr - ok
09:24:54.0032 0x1aec  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
09:24:54.0047 0x1aec  hidserv - ok
09:24:54.0063 0x1aec  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:24:54.0079 0x1aec  HidUsb - ok
09:24:54.0110 0x1aec  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:24:54.0125 0x1aec  hkmsvc - ok
09:24:54.0172 0x1aec  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:24:54.0203 0x1aec  HomeGroupListener - ok
09:24:54.0250 0x1aec  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:24:54.0266 0x1aec  HomeGroupProvider - ok
09:24:54.0281 0x1aec  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:24:54.0281 0x1aec  HpSAMD - ok
09:24:54.0344 0x1aec  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:24:54.0375 0x1aec  HTTP - ok
09:24:54.0406 0x1aec  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:24:54.0437 0x1aec  hwpolicy - ok
09:24:54.0469 0x1aec  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
09:24:54.0484 0x1aec  i8042prt - ok
09:24:54.0562 0x1aec  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:24:54.0593 0x1aec  iaStorV - ok
09:24:54.0703 0x1aec  [ 00C88D0BB6262BD2959799268847ED82, E8A51D4723C7814CB6C3805F026341BD061A5AB61150A600D18640A46F1C2BEF ] icsak           C:\Program Files (x86)\CheckPoint\AKL\ak\icsak.sys
09:24:54.0718 0x1aec  icsak - ok
09:24:54.0827 0x1aec  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:24:54.0890 0x1aec  idsvc - ok
09:24:54.0905 0x1aec  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
09:24:54.0921 0x1aec  iirsp - ok
09:24:54.0968 0x1aec  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
09:24:54.0999 0x1aec  IKEEXT - ok
09:24:55.0030 0x1aec  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:24:55.0046 0x1aec  intelide - ok
09:24:55.0061 0x1aec  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:24:55.0061 0x1aec  intelppm - ok
09:24:55.0093 0x1aec  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:24:55.0124 0x1aec  IPBusEnum - ok
09:24:55.0171 0x1aec  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:24:55.0202 0x1aec  IpFilterDriver - ok
09:24:55.0249 0x1aec  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:24:55.0295 0x1aec  iphlpsvc - ok
09:24:55.0311 0x1aec  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:24:55.0327 0x1aec  IPMIDRV - ok
09:24:55.0342 0x1aec  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:24:55.0358 0x1aec  IPNAT - ok
09:24:55.0467 0x1aec  [ A4857E8B1DEB9740FB5ADEDF05ED69E0, 24FC7A188D32B08CE4F10EEEF17F37C45DB5433158A7A97A07D43F6BEE58DFFC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:24:55.0919 0x1aec  iPod Service - ok
09:24:55.0935 0x1aec  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:24:55.0935 0x1aec  IRENUM - ok
09:24:55.0951 0x1aec  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:24:55.0966 0x1aec  isapnp - ok
09:24:55.0997 0x1aec  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:24:56.0029 0x1aec  iScsiPrt - ok
09:24:56.0075 0x1aec  [ D11E307BDE6842600B5D57363B9FCA3B, 9FA300D39D09DD12421C3EFB7EA533DA7E56C8BDFC698C218DDEECCE12D12A30 ] ISWKL           C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys
09:24:56.0091 0x1aec  ISWKL - ok
09:24:56.0185 0x1aec  [ 8C9041AFDB026362AA6F93B07F46AF4B, 14529CA8C7C01C908C95BE8E9E270B4E7FD20B67E3BB18F42FCEA0E804286C3E ] IswSvc          C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe
09:24:56.0231 0x1aec  IswSvc - ok
09:24:56.0278 0x1aec  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:24:56.0309 0x1aec  kbdclass - ok
09:24:56.0325 0x1aec  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:24:56.0356 0x1aec  kbdhid - ok
09:24:56.0372 0x1aec  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso          C:\Windows\system32\lsass.exe
09:24:56.0372 0x1aec  KeyIso - ok
09:24:56.0653 0x1aec  [ 1C6256096A341051509D36AD724830BE, 025F7E1E979DC8C4794FC7D3581D6BCF6E0F6DC327C6FCB925B6A8EDBE999A68 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
09:24:56.0980 0x1aec  KL1 - ok
09:24:57.0011 0x1aec  [ CD146D8E525D6EEBDCAF24120A8AB9CE, ABA62BC21894D7DB0B63C0B5D7DB2BE9686F919F3167135151BE4F1C3CAB9E04 ] kl2             C:\Windows\system32\DRIVERS\kl2.sys
09:24:57.0011 0x1aec  kl2 - ok
09:24:57.0089 0x1aec  [ 33730023A37E259AB26F25C164BC2471, D9CE760D633821D7A7C06EFA76A95ECDA82ACABA44B4855610F77B63CC76473D ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
09:24:57.0105 0x1aec  KLIF - ok
09:24:57.0136 0x1aec  [ 31B69BFF28348503E4BD10C2A4F66D05, 891318C2DDF85E43DFCEE73717AEFCE79BC3DCD83FCD58E6F794AB6BF1739688 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
09:24:57.0152 0x1aec  KLIM6 - ok
09:24:57.0152 0x1aec  [ 26D563FB5E56332C60032BBDCE4C752F, 2E31F443F007B73F8BD0AD7FD5963DEBA053C79BFA6A86061790E00A7E6E994C ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
09:24:57.0167 0x1aec  kltdi - ok
09:24:57.0199 0x1aec  [ 4954376B8B18F7F8AA479AF9DB3D2921, CD477FF63FADFCCDC5FB5906EBB1C3D7783736C481552C1DE61FF1FC26C21E3F ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
09:24:57.0214 0x1aec  kneps - ok
09:24:57.0245 0x1aec  [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:24:57.0667 0x1aec  KSecDD - ok
09:24:57.0682 0x1aec  [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:24:58.0119 0x1aec  KSecPkg - ok
09:24:58.0135 0x1aec  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:24:58.0150 0x1aec  ksthunk - ok
09:24:58.0213 0x1aec  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:24:58.0259 0x1aec  KtmRm - ok
09:24:58.0306 0x1aec  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:24:58.0337 0x1aec  LanmanServer - ok
09:24:58.0369 0x1aec  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:24:58.0384 0x1aec  LanmanWorkstation - ok
09:24:58.0525 0x1aec  [ 1D5C6790425CB6DBB1B3C2722C34E199, D8BCC31A443B77711A7CA468E754A73137C1CC47D6F3DA5BEE3735B654327B0C ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
09:24:58.0571 0x1aec  LBTServ - ok
09:24:58.0587 0x1aec  [ 5EA1731968F2FD0E950DDCE6D36C5134, 16C47AA60CB62F206DBF3B4FAF99FCA667E7193178D1B7ECB162FA87C008BAA3 ] LEqdUsb         C:\Windows\system32\DRIVERS\LEqdUsb.Sys
09:24:58.0603 0x1aec  LEqdUsb - ok
09:24:58.0634 0x1aec  [ 50AC0930F05DFB996F085B49E112E5C9, C5147E92656506981705AFCAA97B7BDAD0929FF39C1666E774BE1BD32FB08387 ] LHidEqd         C:\Windows\system32\DRIVERS\LHidEqd.Sys
09:24:58.0634 0x1aec  LHidEqd - ok
09:24:58.0649 0x1aec  [ 96EB043E2843B5A87A486D0BC6921094, 0B339A18B2F536F12B2C1B4FEDEB3A815DC7F8E7B082144EE084B3E6ED067FBC ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
09:24:58.0665 0x1aec  LHidFilt - ok
09:24:58.0696 0x1aec  [ 02538E602280C07438C94489DCBE77D5, 2E2B60E5FB7A274F4945444D5EDB058E62CAC268C5336FF8F4B9E82245095211 ] libusb0         C:\Windows\system32\DRIVERS\libusb0.sys
09:24:58.0727 0x1aec  libusb0 - ok
09:24:58.0743 0x1aec  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:24:58.0774 0x1aec  lltdio - ok
09:24:58.0805 0x1aec  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:24:58.0821 0x1aec  lltdsvc - ok
09:24:58.0837 0x1aec  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:24:58.0852 0x1aec  lmhosts - ok
09:24:58.0852 0x1aec  [ A5C1DA229B3B660BBF3BDC30ADBFBB61, B657092424C6BF418A6FA56353370C195D9CA67999B355E8EDD6AFCFD9FEF8E5 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
09:24:58.0868 0x1aec  LMouFilt - ok
09:24:58.0883 0x1aec  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
09:24:58.0899 0x1aec  LSI_FC - ok
09:24:58.0899 0x1aec  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
09:24:58.0915 0x1aec  LSI_SAS - ok
09:24:58.0915 0x1aec  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:24:58.0930 0x1aec  LSI_SAS2 - ok
09:24:58.0946 0x1aec  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:24:58.0946 0x1aec  LSI_SCSI - ok
09:24:58.0961 0x1aec  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
09:24:58.0977 0x1aec  luafv - ok
09:24:59.0039 0x1aec  [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
09:24:59.0071 0x1aec  MBAMSwissArmy - ok
09:24:59.0117 0x1aec  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:24:59.0149 0x1aec  Mcx2Svc - ok
09:24:59.0164 0x1aec  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
09:24:59.0180 0x1aec  megasas - ok
09:24:59.0195 0x1aec  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
09:24:59.0211 0x1aec  MegaSR - ok
09:24:59.0227 0x1aec  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
09:24:59.0242 0x1aec  MMCSS - ok
09:24:59.0258 0x1aec  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
09:24:59.0273 0x1aec  Modem - ok
09:24:59.0305 0x1aec  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:24:59.0305 0x1aec  monitor - ok
09:24:59.0336 0x1aec  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:24:59.0351 0x1aec  mouclass - ok
09:24:59.0351 0x1aec  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:24:59.0367 0x1aec  mouhid - ok
09:24:59.0398 0x1aec  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:24:59.0819 0x1aec  mountmgr - ok
09:24:59.0897 0x1aec  [ AE7DAFFEC2CDF695C95925C4C1F8EC02, 9F6F4FDE4678FD506CEBB4BAC29A4B30CDD391F1554B33530009F69F5EE8DB3A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:24:59.0960 0x1aec  MozillaMaintenance - ok
09:24:59.0991 0x1aec  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:25:00.0007 0x1aec  mpio - ok
09:25:00.0038 0x1aec  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:25:00.0053 0x1aec  mpsdrv - ok
09:25:00.0116 0x1aec  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:25:00.0178 0x1aec  MpsSvc - ok
09:25:00.0209 0x1aec  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:25:00.0241 0x1aec  MRxDAV - ok
09:25:00.0272 0x1aec  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:25:00.0303 0x1aec  mrxsmb - ok
09:25:00.0350 0x1aec  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:25:00.0381 0x1aec  mrxsmb10 - ok
09:25:00.0412 0x1aec  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:25:00.0428 0x1aec  mrxsmb20 - ok
09:25:00.0475 0x1aec  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:25:00.0490 0x1aec  msahci - ok
09:25:00.0521 0x1aec  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:25:00.0537 0x1aec  msdsm - ok
09:25:00.0553 0x1aec  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
09:25:00.0584 0x1aec  MSDTC - ok
09:25:00.0599 0x1aec  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:25:00.0599 0x1aec  Msfs - ok
09:25:00.0631 0x1aec  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:25:00.0646 0x1aec  mshidkmdf - ok
09:25:00.0662 0x1aec  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:25:00.0677 0x1aec  msisadrv - ok
09:25:00.0709 0x1aec  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:25:00.0724 0x1aec  MSiSCSI - ok
09:25:00.0740 0x1aec  msiserver - ok
09:25:00.0755 0x1aec  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:25:00.0755 0x1aec  MSKSSRV - ok
09:25:00.0771 0x1aec  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:25:00.0771 0x1aec  MSPCLOCK - ok
09:25:00.0771 0x1aec  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:25:00.0787 0x1aec  MSPQM - ok
09:25:00.0818 0x1aec  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:25:00.0849 0x1aec  MsRPC - ok
09:25:00.0865 0x1aec  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
09:25:00.0865 0x1aec  mssmbios - ok
09:25:00.0880 0x1aec  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:25:00.0880 0x1aec  MSTEE - ok
09:25:00.0896 0x1aec  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
09:25:00.0896 0x1aec  MTConfig - ok
09:25:00.0943 0x1aec  [ 03B7145C889603537E9FFEABB1AD1089, B3CD93B893D4A2370CBF382366C6F596372857F8711EF6FFF83BFE2B449F424E ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
09:25:00.0943 0x1aec  MTsensor - ok
09:25:00.0958 0x1aec  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
09:25:00.0974 0x1aec  Mup - ok
09:25:01.0021 0x1aec  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
09:25:01.0036 0x1aec  napagent - ok
09:25:01.0067 0x1aec  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:25:01.0083 0x1aec  NativeWifiP - ok
09:25:01.0130 0x1aec  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:25:01.0177 0x1aec  NDIS - ok
09:25:01.0192 0x1aec  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:25:01.0208 0x1aec  NdisCap - ok
09:25:01.0223 0x1aec  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:25:01.0223 0x1aec  NdisTapi - ok
09:25:01.0255 0x1aec  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:25:01.0270 0x1aec  Ndisuio - ok
09:25:01.0317 0x1aec  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:25:01.0364 0x1aec  NdisWan - ok
09:25:01.0411 0x1aec  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:25:01.0442 0x1aec  NDProxy - ok
09:25:01.0442 0x1aec  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:25:01.0473 0x1aec  NetBIOS - ok
09:25:01.0520 0x1aec  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:25:01.0535 0x1aec  NetBT - ok
09:25:01.0551 0x1aec  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon        C:\Windows\system32\lsass.exe
09:25:01.0551 0x1aec  Netlogon - ok
09:25:01.0598 0x1aec  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
09:25:01.0629 0x1aec  Netman - ok
09:25:01.0676 0x1aec  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:25:01.0707 0x1aec  NetMsmqActivator - ok
09:25:01.0738 0x1aec  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:25:01.0754 0x1aec  NetPipeActivator - ok
09:25:01.0785 0x1aec  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
09:25:01.0816 0x1aec  netprofm - ok
09:25:01.0832 0x1aec  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:25:01.0832 0x1aec  NetTcpActivator - ok
09:25:01.0847 0x1aec  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:25:01.0847 0x1aec  NetTcpPortSharing - ok
09:25:01.0863 0x1aec  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
09:25:01.0863 0x1aec  nfrd960 - ok
09:25:01.0910 0x1aec  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:25:01.0925 0x1aec  NlaSvc - ok
09:25:01.0972 0x1aec  [ F44ADDBF29905CB19F52FC9FE6A0EFA1, 49AB6C779E41BF3208ADF637FC35B7AFC447211AE4BE88AAA54F043C30C23B55 ] nosGetPlusHelper C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll
09:25:02.0003 0x1aec  nosGetPlusHelper - ok
09:25:02.0019 0x1aec  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:25:02.0035 0x1aec  Npfs - ok
09:25:02.0050 0x1aec  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
09:25:02.0066 0x1aec  nsi - ok
09:25:02.0081 0x1aec  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:25:02.0081 0x1aec  nsiproxy - ok
09:25:02.0191 0x1aec  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:25:02.0253 0x1aec  Ntfs - ok
09:25:02.0269 0x1aec  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
09:25:02.0269 0x1aec  Null - ok
09:25:02.0331 0x1aec  [ 7E4355930B28C2798D9F09AB9F81151F, 941C730F3B75BDF99639E76350031EDD15F18D8D860F3B1282C28B62096E7717 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
09:25:02.0378 0x1aec  NVHDA - ok
09:25:02.0768 0x1aec  [ ECC732D5185408FCC323E56D30170848, 7A7A6C410B65DBB1D59653598D7E5414054588BB88505BE68BFFF0378FD555F3 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:25:03.0158 0x1aec  nvlddmkm - ok
09:25:03.0283 0x1aec  [ DDF6920EBE96B0304279834F2EE2193E, F631974EE3659EC01863C2502FD26A45A237A59B9B005E5B1F9F78357CCBB974 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
09:25:03.0595 0x1aec  NvNetworkService - ok
09:25:03.0610 0x1aec  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:25:03.0626 0x1aec  nvraid - ok
09:25:03.0657 0x1aec  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:25:03.0673 0x1aec  nvstor - ok
09:25:03.0751 0x1aec  [ 0C4A0D577A6EF1B9D353851668779944, 70E866AD50809CC80F167796C516190918A542F7767A8841948E656F36877AFE ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
09:25:03.0766 0x1aec  NvStreamKms - ok
09:25:04.0359 0x1aec  [ BC00A5B3A9F759F7B1DD0A5868C4492F, 23058E56016B836339AACDB0D42E074FB4EF560C27831F6228A455D70585D1EE ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
09:25:05.0045 0x1aec  NvStreamSvc - ok
09:25:05.0123 0x1aec  [ 2AF7D8BCD8912FC16AA15268CDCF2454, 3A2E5ADFC6213A6EA83F78026518EC7EE0DD4BBA7C210CB7A41007BB57DC0636 ] NVSvc           C:\Windows\system32\nvvsvc.exe
09:25:05.0576 0x1aec  NVSvc - ok
09:25:05.0591 0x1aec  [ DBFE7B2DF103F74AE51840B3C5F25FE9, 436CAA417FD24BA870F117FA4BABA2AB694825795508BCFCC8C927CC2D5BBC5E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
09:25:05.0607 0x1aec  nvvad_WaveExtensible - ok
09:25:05.0623 0x1aec  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:25:05.0638 0x1aec  nv_agp - ok
09:25:05.0654 0x1aec  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:25:05.0669 0x1aec  ohci1394 - ok
09:25:05.0716 0x1aec  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:25:05.0732 0x1aec  p2pimsvc - ok
09:25:05.0779 0x1aec  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
09:25:05.0810 0x1aec  p2psvc - ok
09:25:05.0857 0x1aec  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
09:25:05.0888 0x1aec  Parport - ok
09:25:05.0919 0x1aec  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:25:05.0935 0x1aec  partmgr - ok
09:25:05.0981 0x1aec  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:25:06.0403 0x1aec  PcaSvc - ok
09:25:06.0418 0x1aec  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
09:25:06.0449 0x1aec  pci - ok
09:25:06.0481 0x1aec  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
09:25:06.0496 0x1aec  pciide - ok
09:25:06.0512 0x1aec  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
09:25:06.0527 0x1aec  pcmcia - ok
09:25:06.0559 0x1aec  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:25:06.0559 0x1aec  pcw - ok
09:25:06.0605 0x1aec  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:25:07.0042 0x1aec  PEAUTH - ok
09:25:07.0120 0x1aec  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
09:25:07.0183 0x1aec  PeerDistSvc - ok
09:25:07.0323 0x1aec  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:25:07.0354 0x1aec  PerfHost - ok
09:25:07.0463 0x1aec  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
09:25:07.0526 0x1aec  pla - ok
09:25:07.0573 0x1aec  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:25:07.0604 0x1aec  PlugPlay - ok
09:25:07.0619 0x1aec  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:25:07.0619 0x1aec  PNRPAutoReg - ok
09:25:07.0651 0x1aec  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:25:07.0651 0x1aec  PNRPsvc - ok
09:25:07.0666 0x1aec  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:25:07.0697 0x1aec  PolicyAgent - ok
09:25:07.0729 0x1aec  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
09:25:07.0760 0x1aec  Power - ok
09:25:07.0822 0x1aec  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:25:07.0838 0x1aec  PptpMiniport - ok
09:25:07.0869 0x1aec  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
09:25:07.0885 0x1aec  Processor - ok
09:25:07.0931 0x1aec  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:25:07.0947 0x1aec  ProfSvc - ok
09:25:07.0963 0x1aec  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:25:07.0978 0x1aec  ProtectedStorage - ok
09:25:08.0009 0x1aec  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:25:08.0041 0x1aec  Psched - ok
09:25:08.0103 0x1aec  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
09:25:08.0181 0x1aec  ql2300 - ok
09:25:08.0197 0x1aec  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
09:25:08.0212 0x1aec  ql40xx - ok
09:25:08.0259 0x1aec  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
09:25:08.0306 0x1aec  QWAVE - ok
09:25:08.0321 0x1aec  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:25:08.0337 0x1aec  QWAVEdrv - ok
09:25:08.0353 0x1aec  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:25:08.0353 0x1aec  RasAcd - ok
09:25:08.0399 0x1aec  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:25:08.0415 0x1aec  RasAgileVpn - ok
09:25:08.0431 0x1aec  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
09:25:08.0446 0x1aec  RasAuto - ok
09:25:08.0477 0x1aec  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:25:08.0524 0x1aec  Rasl2tp - ok
09:25:08.0555 0x1aec  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
09:25:08.0602 0x1aec  RasMan - ok
09:25:08.0618 0x1aec  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:25:08.0633 0x1aec  RasPppoe - ok
09:25:08.0649 0x1aec  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:25:08.0680 0x1aec  RasSstp - ok
09:25:08.0696 0x1aec  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:25:08.0711 0x1aec  rdbss - ok
09:25:08.0727 0x1aec  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:25:08.0727 0x1aec  rdpbus - ok
09:25:08.0743 0x1aec  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:25:08.0758 0x1aec  RDPCDD - ok
09:25:08.0789 0x1aec  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
09:25:08.0805 0x1aec  RDPDR - ok
09:25:08.0805 0x1aec  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:25:08.0821 0x1aec  RDPENCDD - ok
09:25:08.0821 0x1aec  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:25:08.0836 0x1aec  RDPREFMP - ok
09:25:08.0867 0x1aec  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:25:08.0914 0x1aec  RDPWD - ok
09:25:08.0945 0x1aec  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:25:08.0992 0x1aec  rdyboost - ok
09:25:09.0039 0x1aec  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:25:09.0070 0x1aec  RemoteAccess - ok
09:25:09.0086 0x1aec  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:25:09.0101 0x1aec  RemoteRegistry - ok
09:25:09.0179 0x1aec  [ CAF88D6573D21CD2AA27001DDBFDC74D, 8256B93E586953F1B594BFFA1F005DB08325CAF1729A93820B09F60DAA998C97 ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
09:25:09.0211 0x1aec  RMCAST - ok
09:25:09.0226 0x1aec  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:25:09.0242 0x1aec  RpcEptMapper - ok
09:25:09.0289 0x1aec  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
09:25:09.0304 0x1aec  RpcLocator - ok
09:25:09.0367 0x1aec  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
09:25:09.0382 0x1aec  RpcSs - ok
09:25:09.0413 0x1aec  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:25:09.0445 0x1aec  rspndr - ok
09:25:09.0538 0x1aec  [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
09:25:09.0569 0x1aec  RTL8167 - ok
09:25:09.0585 0x1aec  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
09:25:09.0601 0x1aec  s3cap - ok
09:25:09.0601 0x1aec  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs           C:\Windows\system32\lsass.exe
09:25:09.0601 0x1aec  SamSs - ok
09:25:09.0616 0x1aec  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:25:09.0632 0x1aec  sbp2port - ok
09:25:09.0679 0x1aec  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:25:09.0694 0x1aec  SCardSvr - ok
09:25:09.0725 0x1aec  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:25:09.0725 0x1aec  scfilter - ok
09:25:09.0803 0x1aec  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
09:25:09.0850 0x1aec  Schedule - ok
09:25:09.0897 0x1aec  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:25:09.0897 0x1aec  SCPolicySvc - ok
09:25:09.0959 0x1aec  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:25:09.0991 0x1aec  SDRSVC - ok
09:25:10.0006 0x1aec  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:25:10.0022 0x1aec  secdrv - ok
09:25:10.0037 0x1aec  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
09:25:10.0053 0x1aec  seclogon - ok
09:25:10.0069 0x1aec  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
09:25:10.0084 0x1aec  SENS - ok
09:25:10.0100 0x1aec  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:25:10.0115 0x1aec  SensrSvc - ok
09:25:10.0131 0x1aec  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:25:10.0147 0x1aec  Serenum - ok
09:25:10.0162 0x1aec  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:25:10.0178 0x1aec  Serial - ok
09:25:10.0193 0x1aec  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
09:25:10.0209 0x1aec  sermouse - ok
09:25:10.0256 0x1aec  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
09:25:10.0287 0x1aec  SessionEnv - ok
09:25:10.0303 0x1aec  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:25:10.0318 0x1aec  sffdisk - ok
09:25:10.0334 0x1aec  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:25:10.0334 0x1aec  sffp_mmc - ok
09:25:10.0349 0x1aec  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:25:10.0365 0x1aec  sffp_sd - ok
09:25:10.0381 0x1aec  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
09:25:10.0396 0x1aec  sfloppy - ok
09:25:10.0443 0x1aec  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:25:10.0474 0x1aec  SharedAccess - ok
09:25:10.0521 0x1aec  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:25:10.0552 0x1aec  ShellHWDetection - ok
09:25:10.0568 0x1aec  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:25:10.0583 0x1aec  SiSRaid2 - ok
09:25:10.0583 0x1aec  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
09:25:10.0599 0x1aec  SiSRaid4 - ok
09:25:10.0630 0x1aec  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:25:10.0646 0x1aec  Smb - ok
09:25:10.0677 0x1aec  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:25:10.0693 0x1aec  SNMPTRAP - ok
09:25:10.0708 0x1aec  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:25:10.0724 0x1aec  spldr - ok
09:25:10.0786 0x1aec  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
09:25:10.0864 0x1aec  Spooler - ok
09:25:11.0020 0x1aec  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
09:25:11.0192 0x1aec  sppsvc - ok
09:25:11.0207 0x1aec  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:25:11.0223 0x1aec  sppuinotify - ok
09:25:11.0285 0x1aec  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:25:11.0317 0x1aec  srv - ok
09:25:11.0395 0x1aec  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:25:11.0426 0x1aec  srv2 - ok
09:25:11.0441 0x1aec  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:25:11.0457 0x1aec  srvnet - ok
09:25:11.0473 0x1aec  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:25:11.0504 0x1aec  SSDPSRV - ok
09:25:11.0519 0x1aec  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:25:11.0535 0x1aec  SstpSvc - ok
09:25:11.0644 0x1aec  [ 6213F20854FB987119503F9F91C70B9F, E1683753D192B154DBFE1FD03625A2A56F8576CE2A7619B41159B1C718C73B88 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
09:25:12.0128 0x1aec  Stereo Service - ok
09:25:12.0128 0x1aec  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
09:25:12.0143 0x1aec  stexstor - ok
09:25:12.0221 0x1aec  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
09:25:12.0253 0x1aec  stisvc - ok
09:25:12.0284 0x1aec  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
09:25:12.0284 0x1aec  storflt - ok
09:25:12.0331 0x1aec  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
09:25:12.0346 0x1aec  StorSvc - ok
09:25:12.0377 0x1aec  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
09:25:12.0393 0x1aec  storvsc - ok
09:25:12.0409 0x1aec  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
09:25:12.0440 0x1aec  swenum - ok
09:25:12.0487 0x1aec  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
09:25:12.0518 0x1aec  swprv - ok
09:25:12.0611 0x1aec  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
09:25:12.0674 0x1aec  SysMain - ok
09:25:12.0705 0x1aec  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:25:12.0736 0x1aec  TabletInputService - ok
09:25:12.0783 0x1aec  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:25:12.0845 0x1aec  TapiSrv - ok
09:25:12.0892 0x1aec  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
09:25:12.0908 0x1aec  TBS - ok
09:25:13.0033 0x1aec  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:25:13.0126 0x1aec  Tcpip - ok
09:25:13.0173 0x1aec  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:25:13.0204 0x1aec  TCPIP6 - ok
09:25:13.0251 0x1aec  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:25:13.0251 0x1aec  tcpipreg - ok
09:25:13.0267 0x1aec  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:25:13.0282 0x1aec  TDPIPE - ok
09:25:13.0313 0x1aec  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:25:13.0345 0x1aec  TDTCP - ok
09:25:13.0391 0x1aec  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:25:13.0438 0x1aec  tdx - ok
09:25:13.0454 0x1aec  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
09:25:13.0454 0x1aec  TermDD - ok
09:25:13.0532 0x1aec  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
09:25:13.0579 0x1aec  TermService - ok
09:25:13.0594 0x1aec  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
09:25:13.0594 0x1aec  Themes - ok
09:25:13.0625 0x1aec  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
09:25:13.0641 0x1aec  THREADORDER - ok
09:25:13.0641 0x1aec  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
09:25:13.0657 0x1aec  TrkWks - ok
09:25:13.0719 0x1aec  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:25:13.0766 0x1aec  TrustedInstaller - ok
09:25:13.0797 0x1aec  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:25:13.0813 0x1aec  tssecsrv - ok
09:25:13.0859 0x1aec  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:25:13.0875 0x1aec  TsUsbFlt - ok
09:25:13.0937 0x1aec  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:25:13.0984 0x1aec  tunnel - ok
09:25:14.0015 0x1aec  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
09:25:14.0031 0x1aec  uagp35 - ok
09:25:14.0062 0x1aec  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:25:14.0093 0x1aec  udfs - ok
09:25:14.0109 0x1aec  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:25:14.0125 0x1aec  UI0Detect - ok
09:25:14.0125 0x1aec  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:25:14.0140 0x1aec  uliagpkx - ok
09:25:14.0171 0x1aec  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
09:25:14.0171 0x1aec  umbus - ok
09:25:14.0187 0x1aec  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
09:25:14.0187 0x1aec  UmPass - ok
09:25:14.0234 0x1aec  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
09:25:14.0249 0x1aec  UmRdpService - ok
09:25:14.0312 0x1aec  [ BB879DCFD22926EFBEB3298129898CBB, 2A24E6CD5D6E0CEA3082C0699A2371084CC1268B31BC714098EA0D0C11B3AFAC ] UnlockerDriver5 C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys
09:25:14.0327 0x1aec  UnlockerDriver5 - ok
09:25:14.0374 0x1aec  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
09:25:14.0390 0x1aec  upnphost - ok
09:25:14.0437 0x1aec  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
09:25:14.0452 0x1aec  USBAAPL64 - ok
09:25:14.0483 0x1aec  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
09:25:14.0499 0x1aec  usbaudio - ok
09:25:14.0530 0x1aec  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:25:14.0546 0x1aec  usbccgp - ok
09:25:14.0577 0x1aec  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:25:14.0593 0x1aec  usbcir - ok
09:25:14.0608 0x1aec  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:25:14.0624 0x1aec  usbehci - ok
09:25:14.0655 0x1aec  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:25:14.0686 0x1aec  usbhub - ok
09:25:14.0702 0x1aec  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
09:25:14.0717 0x1aec  usbohci - ok
09:25:14.0733 0x1aec  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:25:14.0733 0x1aec  usbprint - ok
09:25:14.0749 0x1aec  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
09:25:14.0764 0x1aec  usbscan - ok
09:25:14.0764 0x1aec  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:25:14.0780 0x1aec  USBSTOR - ok
09:25:14.0795 0x1aec  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:25:14.0811 0x1aec  usbuhci - ok
09:25:14.0842 0x1aec  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
09:25:14.0858 0x1aec  UxSms - ok
09:25:14.0858 0x1aec  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc        C:\Windows\system32\lsass.exe
09:25:14.0858 0x1aec  VaultSvc - ok
09:25:14.0905 0x1aec  [ 84BB306B7863883018D7F3EB0C453BD5, 0602C6987E42ADB3F98D200BA078363F80389941938E0611C3CCA6AD6A183DD0 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
09:25:14.0920 0x1aec  VClone - ok
09:25:14.0936 0x1aec  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:25:14.0951 0x1aec  vdrvroot - ok
09:25:15.0014 0x1aec  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
09:25:15.0061 0x1aec  vds - ok
09:25:15.0092 0x1aec  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:25:15.0092 0x1aec  vga - ok
09:25:15.0107 0x1aec  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:25:15.0107 0x1aec  VgaSave - ok
09:25:15.0139 0x1aec  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:25:15.0154 0x1aec  vhdmp - ok
09:25:15.0170 0x1aec  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:25:15.0185 0x1aec  viaide - ok
09:25:15.0201 0x1aec  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
09:25:15.0217 0x1aec  vmbus - ok
09:25:15.0217 0x1aec  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
09:25:15.0232 0x1aec  VMBusHID - ok
09:25:15.0263 0x1aec  [ 3F63FA4A5D8A7C1B1A87E342569FBA53, E562BAF184E29A67960523843F4C5D351250951542A68891A996C5848649A4DC ] VNUSB           C:\Windows\system32\Drivers\VNUSB.sys
09:25:15.0279 0x1aec  VNUSB - ok
09:25:15.0310 0x1aec  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:25:15.0326 0x1aec  volmgr - ok
09:25:15.0404 0x1aec  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:25:15.0451 0x1aec  volmgrx - ok
09:25:15.0466 0x1aec  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:25:15.0497 0x1aec  volsnap - ok
09:25:15.0560 0x1aec  [ D122E5576F7CA9903F6576C7F09FA62D, 1A706C24BBAD6A322CBECF9F82231234F1D11CA0398C49EB7743B6932A25AB29 ] Vsdatant        C:\Windows\system32\DRIVERS\vsdatant.sys
09:25:15.0607 0x1aec  Vsdatant - ok
09:25:15.0653 0x1aec  vsmon - ok
09:25:15.0685 0x1aec  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
09:25:15.0716 0x1aec  vsmraid - ok
09:25:15.0809 0x1aec  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
09:25:15.0903 0x1aec  VSS - ok
09:25:15.0919 0x1aec  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
09:25:15.0919 0x1aec  vwifibus - ok
09:25:15.0950 0x1aec  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
09:25:15.0965 0x1aec  W32Time - ok
09:25:15.0981 0x1aec  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
09:25:15.0997 0x1aec  WacomPen - ok
09:25:16.0012 0x1aec  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:25:16.0028 0x1aec  WANARP - ok
09:25:16.0028 0x1aec  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:25:16.0028 0x1aec  Wanarpv6 - ok
09:25:16.0121 0x1aec  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
09:25:16.0184 0x1aec  WatAdminSvc - ok
09:25:16.0293 0x1aec  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
09:25:16.0371 0x1aec  wbengine - ok
09:25:16.0402 0x1aec  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:25:16.0418 0x1aec  WbioSrvc - ok
09:25:16.0496 0x1aec  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:25:16.0527 0x1aec  wcncsvc - ok
09:25:16.0543 0x1aec  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:25:16.0558 0x1aec  WcsPlugInService - ok
09:25:16.0558 0x1aec  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
09:25:16.0574 0x1aec  Wd - ok
09:25:16.0667 0x1aec  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:25:16.0714 0x1aec  Wdf01000 - ok
09:25:16.0761 0x1aec  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:25:17.0182 0x1aec  WdiServiceHost - ok
09:25:17.0182 0x1aec  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:25:17.0198 0x1aec  WdiSystemHost - ok
09:25:17.0245 0x1aec  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
09:25:17.0276 0x1aec  WebClient - ok
09:25:17.0323 0x1aec  [ D5BA7D43FA2EF656BF7E98A188391E40, 56CF132B7C43A0F9C7C4D070730315FE7AFD2E87E94014DFC3D7107BB52B9C64 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:25:17.0338 0x1aec  Wecsvc - ok
09:25:17.0385 0x1aec  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:25:17.0401 0x1aec  wercplsupport - ok
09:25:17.0416 0x1aec  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:25:17.0432 0x1aec  WerSvc - ok
09:25:17.0432 0x1aec  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:25:17.0447 0x1aec  WfpLwf - ok
09:25:17.0463 0x1aec  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:25:17.0479 0x1aec  WIMMount - ok
09:25:17.0510 0x1aec  WinDefend - ok
09:25:17.0510 0x1aec  WinHttpAutoProxySvc - ok
09:25:17.0603 0x1aec  [ 136760C1E9697BAF4ECDEAE5590A0806, 12E80D0923D794F4C520FEA7CB98EF581231B996FB1876EB20995E6E457EFF56 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:25:17.0666 0x1aec  Winmgmt - ok
09:25:17.0869 0x1aec  [ 3BB6B401A780BF434C8F58137DE10BF7, 1A377C39B78B92A1A1FED699EE5E5ED0271A6FFAC143F1D29FC1FDF4D726A522 ] WinRM           C:\Windows\system32\WsmSvc.dll
09:25:18.0009 0x1aec  WinRM - ok
09:25:18.0071 0x1aec  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
09:25:18.0071 0x1aec  WinUSB - ok
09:25:18.0149 0x1aec  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:25:18.0196 0x1aec  Wlansvc - ok
09:25:18.0227 0x1aec  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:25:18.0243 0x1aec  WmiAcpi - ok
09:25:18.0259 0x1aec  [ 4DF841632B62A7CF19A79A05046A8AB1, D80F28FD7FEB95DB83976EAFECB2E9AE1423DA4D34EC5D820FC39A33444B82DA ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:25:18.0274 0x1aec  wmiApSrv - ok
09:25:18.0305 0x1aec  WMPNetworkSvc - ok
09:25:18.0337 0x1aec  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:25:18.0368 0x1aec  WPCSvc - ok
09:25:18.0383 0x1aec  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:25:18.0399 0x1aec  WPDBusEnum - ok
09:25:18.0399 0x1aec  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:25:18.0415 0x1aec  ws2ifsl - ok
09:25:18.0430 0x1aec  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
09:25:18.0446 0x1aec  wscsvc - ok
09:25:18.0446 0x1aec  WSearch - ok
09:25:18.0586 0x1aec  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:25:18.0680 0x1aec  wuauserv - ok
09:25:18.0727 0x1aec  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:25:18.0727 0x1aec  WudfPf - ok
09:25:18.0758 0x1aec  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:25:18.0773 0x1aec  WUDFRd - ok
09:25:18.0805 0x1aec  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:25:18.0820 0x1aec  wudfsvc - ok
09:25:18.0851 0x1aec  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:25:18.0867 0x1aec  WwanSvc - ok
09:25:18.0898 0x1aec  [ 44C7B5504CC17733BF7E824307C7E1C7, E00854C6961CC30A5F1DE5E14A37A705B2BA1D86411370C639C5E5309AB3DB24 ] ZAPrivacyService C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
09:25:18.0914 0x1aec  ZAPrivacyService - ok
09:25:18.0914 0x1aec  ================ Scan global ===============================
09:25:18.0945 0x1aec  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
09:25:19.0007 0x1aec  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:25:19.0054 0x1aec  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:25:19.0101 0x1aec  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:25:19.0163 0x1aec  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
09:25:19.0163 0x1aec  [ Global ] - ok
09:25:19.0163 0x1aec  ================ Scan MBR ==================================
09:25:19.0179 0x1aec  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:25:19.0585 0x1aec  \Device\Harddisk0\DR0 - ok
09:25:19.0600 0x1aec  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
09:25:20.0271 0x1aec  \Device\Harddisk1\DR1 - ok
09:25:20.0287 0x1aec  ================ Scan VBR ==================================
09:25:20.0287 0x1aec  [ 17B2D8E71310465E104AFD324577D1DB ] \Device\Harddisk0\DR0\Partition1
09:25:20.0287 0x1aec  \Device\Harddisk0\DR0\Partition1 - ok
09:25:20.0287 0x1aec  [ 17BD76B5BC731021259D5D18017C69D9 ] \Device\Harddisk0\DR0\Partition2
09:25:20.0333 0x1aec  \Device\Harddisk0\DR0\Partition2 - ok
09:25:20.0333 0x1aec  [ DBBB548E92759F19E3BB3598F703DDA1 ] \Device\Harddisk1\DR1\Partition1
09:25:20.0349 0x1aec  \Device\Harddisk1\DR1\Partition1 - ok
09:25:20.0349 0x1aec  [ 4A5A6CC36C8BA20F795B77BD974658D8 ] \Device\Harddisk1\DR1\Partition2
09:25:20.0380 0x1aec  \Device\Harddisk1\DR1\Partition2 - ok
09:25:20.0380 0x1aec  ================ Scan generic autorun ======================
09:25:20.0396 0x1aec  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
09:25:20.0427 0x1aec  ShadowPlay - ok
09:25:20.0583 0x1aec  [ 7304E21B92E538E2CC793EDF478AC034, 39992D4541E100E5D8199B2FB5B7C7DD7213F8BC84AEA1924C6EC46E8711BF28 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
09:25:20.0692 0x1aec  NvBackend - ok
09:25:20.0786 0x1aec  [ D73D91DDF768191CD48ABFF8F705ED04, B6DFA133BBF8E0F14EEA4487E2DEC24BE426D1F78EF10EF5EE9D554EC1790CF3 ] C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe
09:25:20.0833 0x1aec  ISW - ok
09:25:20.0895 0x1aec  [ D0B542256A968DFCB8896C140FCE6047, 3F92A9871B521BCCCDFE6D9BFF88930B26C5DB86F6F6578554A3F2ECC5C5EBA0 ] C:\Program Files\iTunes\iTunesHelper.exe
09:25:21.0316 0x1aec  iTunesHelper - ok
09:25:21.0503 0x1aec  [ 2433692BFC2631DC28B0705C1B760FF2, BBDE902F984E0968A3062F3EEA624E804B03095C67C280CDA4E85D02F46B7CDC ] C:\Program Files\Logitech\SetPointP\SetPoint.exe
09:25:21.0581 0x1aec  EvtMgr6 - ok
09:25:21.0644 0x1aec  [ F40E80C04475731C6ED5D19C48E45E3C, 40BB48DD37D6DFD61A68BA7891C4C453665561F7C74C5DA1BC7D7B36A0190DAA ] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
09:25:21.0691 0x1aec  VirtualCloneDrive - ok
09:25:21.0722 0x1aec  [ 9F60097061F79620C9C59FF37A61D852, 9B94C00CAA1F4DF95485F994576DA68B30635C628CFE3D6AE1811E6FEB1A56CA ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
09:25:22.0205 0x1aec  APSDaemon - ok
09:25:22.0283 0x1aec  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
09:25:22.0315 0x1aec  QuickTime Task - ok
09:25:22.0346 0x1aec  [ 3EDFF682DC8F13851E725CE2F636453E, 7FFC5F11336CB0354D2CEA44C1FC47E67FA4D4D105583F252432EF257CD2A50F ] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
09:25:22.0361 0x1aec  ZoneAlarm - ok
09:25:22.0377 0x1aec  [ 5944DC25A337F489679388E3308DD6AC, 0CC6F129B67DAE67DE0278AA68AFA6597EACA1521E19099109DEFCB0D386FCA1 ] C:\Program Files (x86)\Winamp\winampa.exe
09:25:22.0408 0x1aec  WinampAgent - ok
09:25:22.0502 0x1aec  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:25:22.0580 0x1aec  Sidebar - ok
09:25:22.0595 0x1aec  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:25:22.0611 0x1aec  mctadmin - ok
09:25:22.0642 0x1aec  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:25:22.0673 0x1aec  Sidebar - ok
09:25:22.0673 0x1aec  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:25:22.0673 0x1aec  mctadmin - ok
09:25:22.0720 0x1aec  GoogleDriveSync - ok
09:25:23.0001 0x1aec  [ 845799C9874B68BEAE3B64059653C7E3, 2E0B9DD46569A6449989E2D7C60B88B46352A178019B4BD840C166674E798CFD ] C:\Program Files\CCleaner\CCleaner64.exe
09:25:23.0157 0x1aec  CCleaner Monitoring - ok
09:25:23.0173 0x1aec  Waiting for KSN requests completion. In queue: 54
09:25:24.0187 0x1aec  Waiting for KSN requests completion. In queue: 54
09:25:25.0201 0x1aec  Waiting for KSN requests completion. In queue: 54
09:25:26.0355 0x1aec  AV detected via SS2: ZoneAlarm Internet Security Suite Antivirus, C:\Program Files (x86)\CheckPoint\ZoneAlarm\\MultiFix.exe ( 13.1.211.0 ), 0x41000 ( enabled : updated )
09:25:26.0355 0x1aec  FW detected via SS2: ZoneAlarm Internet Security Suite Firewall, C:\Program Files (x86)\CheckPoint\ZoneAlarm\\MultiFix.exe ( 13.1.211.0 ), 0x41010 ( enabled )
09:25:28.0991 0x1aec  ============================================================
09:25:28.0991 0x1aec  Scan finished
09:25:28.0991 0x1aec  ============================================================
09:25:29.0007 0x0994  Detected object count: 0
09:25:29.0007 0x0994  Actual detected object count: 0
10:26:34.0533 0x048c  Deinitialize success


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:26 PM

Posted 28 March 2015 - 08:14 PM

I'm quite confident that this is a bug by MBAM. TDSSKiller, FRST, etc. are good.

 

Hello,
in my opinion your PC is clean. :) If you would like to donate some money to me that I can buy some beer, then click on the button paypal.gif. I'd really appreciate it, my friend. :)


We need to remove the tools we've used during cleaning your machine.
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Akari Blue

Akari Blue
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:07:26 PM

Posted 31 March 2015 - 06:20 PM

Thank you so much! sorry for the delay in responding, university classes just started yesterday. Anyways, here is the log of the Delfix tool: 

 

# DelFix v10.9 - Logfile created 31/03/2015 at 16:15:16
# Updated 27/02/2015 by Xplode
# Username : Sephyr - DAYLIGHTIV
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.3.0.0.44_28.03.2015_09.23.31_log.txt
Deleted : C:\Users\Sephyr\Desktop\Addition.txt
Deleted : C:\Users\Sephyr\Desktop\AdwCleaner.exe
Deleted : C:\Users\Sephyr\Desktop\adwcleaner_4.113.exe
Deleted : C:\Users\Sephyr\Desktop\Fixlog.txt
Deleted : C:\Users\Sephyr\Desktop\FRST.txt
Deleted : C:\Users\Sephyr\Desktop\FRST64.exe
Deleted : C:\Users\Sephyr\Desktop\JRT.exe
Deleted : C:\Users\Sephyr\Desktop\JRT.txt
Deleted : C:\Users\Sephyr\Desktop\tdsskiller.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #542 [Garmin Express | 03/27/2015 11:14:51]
 
New restore point created !
 
########## - EOF - ##########


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:26 PM

Posted 01 April 2015 - 06:20 AM

Do you have any further questions before I close this topic as solved? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Akari Blue

Akari Blue
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:07:26 PM

Posted 04 April 2015 - 07:57 PM

No, I'm good! Thanks so much for the help, and sorry I kept lagging in responding towards the end. 



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:26 PM

Posted 05 April 2015 - 04:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users