Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe and msmpeng.exe eating available memory + slow boot times


  • This topic is locked This topic is locked
16 replies to this topic

#1 blackhexen

blackhexen

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 26 May 2015 - 07:57 PM

Recently noticed SVChost.exe and msmpeng.exe are eating more available memory than it did in the past.

 

I can always close SVChost.exe but it will always restart. In addition, I can not close and restart msmpeng.exe.

 

I tried doing simple scans with Malwarebytes, Roguekiller, Hitmanpro, and cleaned with CCcleaner.  They all found nothing of "interest". 

 

The computer also boots very slowly.

 

Lastly, sometimes I hear the fans on the CPU/GPU start running pretty quickly and then I'll shut svchost.exe to clear some memory/cpu usage.

 

Note: The logs were run with the largest SVChost.exe shut off at 300,000+kb - so it is not active in the logs.

 

====================Start of log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-05-2015
Ran by Blackhexen (administrator) on BLACKHEXEN-PC on 26-05-2015 17:41:09
Running from C:\Users\Blackhexen\Downloads
Loaded Profiles: Blackhexen (Available Profiles: Blackhexen)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-01] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4102983730-1301437953-2718287387-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4102983730-1301437953-2718287387-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-10-31] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-15] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-04-04] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4102983730-1301437953-2718287387-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-02-26] ()
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-27]
FF HKU\S-1-5-21-4102983730-1301437953-2718287387-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]
CHR Extension: (Google Docs) - C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-06]
CHR Extension: (Google Drive) - C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]
CHR Extension: (YouTube) - C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]
CHR Extension: (Google Search) - C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]
CHR Extension: (Google Sheets) - C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]
CHR Extension: (Bookmark Manager) - C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
CHR Extension: (Gmail) - C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe [947328 2012-04-08] (ASUSTeK Computer Inc.)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations) []
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-19] (CyberLink)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-01] (NVIDIA Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) []
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) []
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) []
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) []
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) []
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-01] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-05-10] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) []
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () []
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros) []
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-04-08] ()
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-10-31] (Qualcomm Atheros)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 Nccidx64; C:\Windows\System32\DRIVERS\Nccidx64.sys [8192 2012-09-16] (SCM Microsystems Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-04] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [154624 2011-05-12] (Razer USA Ltd) []
R3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)
S3 SCR131C; C:\Windows\SysWOW64\DRIVERS\SCR131C.sys [181875 2002-11-07] (SCM Microsystems Inc.) []
S3 SCR33X USB Smart Card Reader; C:\Windows\SysWOW64\DRIVERS\SCR33X2K.sys [64088 2004-04-06] (SCM Microsystems Inc.) []
S3 SCRx31 USB Reader; C:\Windows\SysWOW64\DRIVERS\stc2.sys [56320 2002-07-03] (SCM Microsystems Inc.) []
S3 STCFUx64; C:\Windows\System32\DRIVERS\STCFUx64.SYS [10240 2007-01-24] (SCM Microsystems Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-26 17:41 - 2015-05-26 17:41 - 00018127 _____ () C:\Users\Blackhexen\Downloads\FRST.txt
2015-05-26 17:40 - 2015-05-26 17:41 - 00000000 ____D () C:\FRST
2015-05-26 17:39 - 2015-05-26 17:39 - 02108928 _____ (Farbar) C:\Users\Blackhexen\Downloads\FRST64.exe
2015-05-25 23:45 - 2015-05-25 23:45 - 00000000 ____D () C:\Users\Blackhexen\Desktop\Tools
2015-05-25 23:36 - 2015-05-25 23:56 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-25 23:36 - 2015-05-25 23:44 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-25 23:36 - 2015-05-25 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-05-25 23:36 - 2015-05-25 23:36 - 00000000 ____D () C:\Program Files\RogueKiller
2015-05-25 23:13 - 2015-05-25 23:36 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-25 23:13 - 2015-05-25 23:13 - 18998408 _____ (Adlice Software ) C:\Users\Blackhexen\Downloads\setup.exe
2015-05-25 23:10 - 2015-05-25 23:12 - 11024496 _____ (SurfRight B.V.) C:\Users\Blackhexen\Downloads\HitmanPro_x64.exe
2015-05-25 23:04 - 2015-05-25 23:05 - 06484352 _____ (Piriform Ltd) C:\Users\Blackhexen\Downloads\ccsetup505.exe
2015-05-25 20:52 - 2015-04-10 20:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-24 21:51 - 2015-05-24 21:51 - 00019707 _____ () C:\Users\Blackhexen\Downloads\[kat.cr]pitch.perfect.2.2015.hdcam.new.source.x264.victry.torrent
2015-05-24 01:00 - 2015-05-25 23:50 - 00000336 _____ () C:\Windows\setupact.log
2015-05-24 01:00 - 2015-05-24 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-22 17:19 - 2015-05-22 17:19 - 00000000 ____D () C:\Users\Blackhexen\AppData\Local\Stardock
2015-05-22 17:19 - 2015-05-22 17:19 - 00000000 ____D () C:\ProgramData\Stardock
2015-05-22 12:34 - 2015-05-22 12:34 - 00000222 _____ () C:\Users\Blackhexen\Desktop\Galactic Civilizations III.url
2015-05-14 18:12 - 2015-04-08 13:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-05-14 18:09 - 2015-04-08 17:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-05-14 18:09 - 2015-04-08 17:58 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-05-14 16:42 - 2015-05-01 06:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 16:42 - 2015-05-01 06:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 16:40 - 2015-04-27 12:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-14 16:40 - 2015-04-27 12:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-14 16:40 - 2015-04-27 12:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-14 16:40 - 2015-04-27 12:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-14 16:40 - 2015-04-27 12:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-14 16:40 - 2015-04-27 12:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-14 16:40 - 2015-04-27 12:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-14 16:40 - 2015-04-27 12:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-14 16:40 - 2015-04-27 12:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-14 16:40 - 2015-04-27 12:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-14 16:40 - 2015-04-27 12:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-14 16:40 - 2015-04-27 12:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-14 16:40 - 2015-04-27 12:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-14 16:40 - 2015-04-27 12:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-14 16:40 - 2015-04-27 12:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-14 16:40 - 2015-04-27 12:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-14 16:40 - 2015-04-27 12:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-14 16:40 - 2015-04-27 12:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-14 16:40 - 2015-04-27 12:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-14 16:40 - 2015-04-27 12:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-14 16:40 - 2015-04-27 12:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-14 16:40 - 2015-04-27 12:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-14 16:40 - 2015-04-27 12:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-14 16:40 - 2015-04-27 12:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-14 16:40 - 2015-04-27 12:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-14 16:40 - 2015-04-27 12:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-14 16:40 - 2015-04-27 12:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-14 16:40 - 2015-04-27 12:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-14 16:40 - 2015-04-27 12:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-14 16:40 - 2015-04-27 12:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-14 16:40 - 2015-04-27 12:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-14 16:40 - 2015-04-27 12:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-14 16:40 - 2015-04-27 12:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-14 16:40 - 2015-04-27 12:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-14 16:40 - 2015-04-27 12:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-14 16:40 - 2015-04-27 12:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-14 16:40 - 2015-04-27 12:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-14 16:40 - 2015-04-27 12:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-14 16:40 - 2015-04-27 12:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-14 16:40 - 2015-04-27 12:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-14 16:40 - 2015-04-27 12:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-14 16:40 - 2015-04-27 12:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-14 16:40 - 2015-04-27 12:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-14 16:40 - 2015-04-27 10:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-14 16:40 - 2015-04-27 10:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-14 16:40 - 2015-04-27 10:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 10:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-14 16:40 - 2015-04-21 19:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-14 16:40 - 2015-04-21 18:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-14 16:40 - 2015-04-21 10:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 16:40 - 2015-04-21 10:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-14 16:40 - 2015-04-21 10:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-14 16:40 - 2015-04-21 09:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-14 16:40 - 2015-04-21 09:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 16:40 - 2015-04-21 09:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 16:40 - 2015-04-21 09:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-14 16:40 - 2015-04-21 09:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 16:40 - 2015-04-21 09:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-14 16:40 - 2015-04-21 09:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-14 16:40 - 2015-04-21 09:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-14 16:40 - 2015-04-21 09:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 16:40 - 2015-04-21 09:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 16:40 - 2015-04-21 09:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-14 16:40 - 2015-04-21 09:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-14 16:40 - 2015-04-21 09:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-14 16:40 - 2015-04-21 09:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 16:40 - 2015-04-21 09:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-14 16:40 - 2015-04-21 09:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-14 16:40 - 2015-04-21 09:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-14 16:40 - 2015-04-21 09:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 16:40 - 2015-04-21 09:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-14 16:40 - 2015-04-21 09:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-14 16:40 - 2015-04-21 09:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-14 16:40 - 2015-04-21 09:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-14 16:40 - 2015-04-21 09:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-14 16:40 - 2015-04-21 09:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-14 16:40 - 2015-04-21 09:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 16:40 - 2015-04-21 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-14 16:40 - 2015-04-21 09:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 16:40 - 2015-04-21 09:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-14 16:40 - 2015-04-21 09:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-14 16:40 - 2015-04-21 09:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-14 16:40 - 2015-04-21 09:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-14 16:40 - 2015-04-21 08:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-14 16:40 - 2015-04-21 08:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-14 16:40 - 2015-04-21 08:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-14 16:40 - 2015-04-21 08:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 16:40 - 2015-04-21 08:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-14 16:40 - 2015-04-21 08:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-14 16:40 - 2015-04-21 08:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-14 16:40 - 2015-04-21 08:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 16:40 - 2015-04-21 08:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-14 16:40 - 2015-04-21 08:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 16:40 - 2015-04-21 08:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-14 16:40 - 2015-04-21 08:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 16:40 - 2015-04-21 08:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 16:40 - 2015-04-21 08:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-14 16:40 - 2015-04-21 08:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 16:40 - 2015-04-21 08:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 16:40 - 2015-04-21 08:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 16:40 - 2015-04-21 08:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-14 16:40 - 2015-04-21 08:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-14 16:40 - 2015-04-21 08:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 16:40 - 2015-04-21 08:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-14 16:40 - 2015-04-21 08:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-14 16:40 - 2015-04-21 07:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-14 16:40 - 2015-04-21 07:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-14 16:39 - 2015-05-04 18:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 16:39 - 2015-05-04 18:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 16:39 - 2015-04-19 20:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 16:39 - 2015-04-19 20:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 16:39 - 2015-04-19 19:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 16:39 - 2015-04-19 19:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 16:39 - 2015-04-17 20:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 16:39 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 16:39 - 2015-04-12 20:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 16:39 - 2015-04-07 20:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-14 16:39 - 2015-04-07 20:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-14 16:39 - 2015-04-07 20:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-14 16:39 - 2015-03-13 20:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-14 16:39 - 2015-03-13 20:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-14 16:39 - 2015-03-13 20:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-14 16:39 - 2015-03-13 20:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-05-14 16:39 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-14 16:39 - 2015-02-18 00:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-14 16:39 - 2015-01-28 20:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-14 16:39 - 2015-01-28 20:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-14 16:34 - 2015-03-03 21:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-14 16:34 - 2015-03-03 21:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-14 16:34 - 2015-03-03 21:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-14 16:34 - 2015-03-03 21:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-14 16:34 - 2015-03-03 21:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-14 16:34 - 2015-03-03 21:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-14 16:34 - 2015-03-03 21:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-14 09:54 - 2015-05-14 09:54 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-26 17:30 - 2014-01-21 17:29 - 00000000 ____D () C:\Users\Blackhexen\AppData\Local\Battle.net
2015-05-26 17:16 - 2012-09-29 16:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-26 17:05 - 2015-01-06 20:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-26 17:05 - 2015-01-06 20:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-26 08:02 - 2012-04-01 03:18 - 01285411 _____ () C:\Windows\WindowsUpdate.log
2015-05-26 00:01 - 2009-07-13 21:45 - 00013664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-26 00:01 - 2009-07-13 21:45 - 00013664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-25 23:55 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-25 23:54 - 2014-12-20 21:01 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-25 23:54 - 2009-07-13 22:08 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-25 23:49 - 2013-11-12 16:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-25 23:05 - 2014-02-05 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-25 23:05 - 2014-02-05 20:44 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-25 23:00 - 2012-04-01 05:18 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-25 21:03 - 2009-07-13 22:13 - 00788330 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-25 20:56 - 2009-07-13 21:45 - 00434872 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-25 20:52 - 2015-04-04 13:23 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-25 20:52 - 2015-04-04 13:23 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-25 16:53 - 2015-03-30 19:15 - 00000000 ____D () C:\Users\Blackhexen\Desktop\Berry, Derek L Homebuying
2015-05-25 15:06 - 2015-01-06 20:49 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-24 21:51 - 2012-04-01 03:36 - 00117160 _____ () C:\Users\Blackhexen\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-22 17:18 - 2012-04-01 15:22 - 00000000 ____D () C:\Users\Blackhexen\Documents\My Games
2015-05-22 12:34 - 2012-12-07 20:53 - 00000000 ____D () C:\Users\Blackhexen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-22 10:35 - 2012-04-02 15:54 - 00000000 ____D () C:\Users\Blackhexen\Desktop\Dep Tools
2015-05-21 22:36 - 2013-08-22 20:28 - 00000000 ____D () C:\Users\Blackhexen\AppData\Roaming\Mumble
2015-05-21 18:28 - 2014-01-21 17:29 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-20 06:14 - 2012-05-15 05:05 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-05-18 22:00 - 2015-02-20 18:04 - 00000000 ____D () C:\Users\Blackhexen\AppData\Roaming\TS3Client
2015-05-18 22:00 - 2012-04-08 18:59 - 00000000 ____D () C:\Users\Blackhexen\AppData\Local\CrashDumps
2015-05-17 17:14 - 2014-01-21 17:30 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-05-15 17:00 - 2015-01-06 20:48 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 17:00 - 2015-01-06 20:48 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 19:17 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-05-14 18:27 - 2014-12-20 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-14 18:27 - 2014-12-20 21:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-14 18:12 - 2013-11-12 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-14 18:12 - 2012-04-02 19:32 - 00000000 ____D () C:\Temp
2015-05-14 18:11 - 2013-11-12 16:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-05-14 17:55 - 2013-11-12 16:42 - 00001391 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-05-14 17:54 - 2014-10-20 20:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 17:27 - 2012-10-22 21:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 17:27 - 2012-10-22 21:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 17:25 - 2012-04-01 03:17 - 00000000 ____D () C:\Users\Blackhexen
2015-05-14 17:25 - 2009-07-14 00:47 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 17:25 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 16:51 - 2012-12-08 20:20 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-05-14 16:51 - 2012-12-08 20:16 - 00002127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-14 16:51 - 2012-12-08 20:16 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-14 16:51 - 2012-12-08 20:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-14 16:50 - 2013-07-11 17:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 16:45 - 2012-04-04 06:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 16:45 - 2012-04-02 09:06 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 16:42 - 2012-10-22 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 05:31 - 2012-04-01 05:18 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-05-10 14:08 - 2012-06-23 19:48 - 00000487 _____ () C:\Users\Public\Documents\Games.txt
2015-05-10 13:19 - 2012-04-01 05:33 - 00000000 ____D () C:\ProgramData\Origin
2015-05-10 12:04 - 2012-04-01 05:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-05-10 12:04 - 2012-04-01 05:24 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-05-01 09:51 - 2014-07-27 17:41 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-05-01 09:51 - 2013-11-12 16:42 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-01 09:50 - 2014-07-27 17:41 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-05-01 09:50 - 2013-11-12 16:42 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
 
==================== Files in the root of some directories =======
 
2012-04-02 17:22 - 2015-01-24 18:19 - 0011264 _____ () C:\Users\Blackhexen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-24 01:34 - 2012-05-24 01:34 - 0034814 _____ () C:\Users\Blackhexen\AppData\Local\dt.dat
2012-04-02 08:10 - 2015-03-06 13:34 - 0007670 _____ () C:\Users\Blackhexen\AppData\Local\Resmon.ResmonCfg
2013-02-27 10:07 - 2013-03-01 21:04 - 0003913 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Blackhexen\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-24 00:57
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,633 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 31 May 2015 - 08:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/577435 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 blackhexen

blackhexen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 31 May 2015 - 08:31 PM

====================Start of log ============================

==================== Processes (Whitelisted) =================

 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Blackhexen\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-01] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4102983730-1301437953-2718287387-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4102983730-1301437953-2718287387-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-10-31] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-15] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-04-04] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-28] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-28] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4102983730-1301437953-2718287387-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-02-26] ()
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-27]
FF HKU\S-1-5-21-4102983730-1301437953-2718287387-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]
CHR Extension: (Google Docs) - C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-06]
CHR Extension: (Google Drive) - C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]
CHR Extension: (YouTube) - C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]
CHR Extension: (Google Search) - C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]
CHR Extension: (Google Sheets) - C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]
CHR Extension: (Bookmark Manager) - C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
CHR Extension: (Gmail) - C:\Users\Blackhexen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe [947328 2012-04-08] (ASUSTeK Computer Inc.)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations) []
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-19] (CyberLink)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-01] (NVIDIA Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) []
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) []
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) []
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) []
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) []
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-01] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-05-10] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) []
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () []
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros) []
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-04-08] ()
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-10-31] (Qualcomm Atheros)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 Nccidx64; C:\Windows\System32\DRIVERS\Nccidx64.sys [8192 2012-09-16] (SCM Microsystems Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-04] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [154624 2011-05-12] (Razer USA Ltd) []
R3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)
S3 SCR131C; C:\Windows\SysWOW64\DRIVERS\SCR131C.sys [181875 2002-11-07] (SCM Microsystems Inc.) []
S3 SCR33X USB Smart Card Reader; C:\Windows\SysWOW64\DRIVERS\SCR33X2K.sys [64088 2004-04-06] (SCM Microsystems Inc.) []
S3 SCRx31 USB Reader; C:\Windows\SysWOW64\DRIVERS\stc2.sys [56320 2002-07-03] (SCM Microsystems Inc.) []
S3 STCFUx64; C:\Windows\System32\DRIVERS\STCFUx64.SYS [10240 2007-01-24] (SCM Microsystems Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-28 15:35 - 2015-05-28 15:35 - 00003264 _____ () C:\Windows\System32\Tasks\{A3A85C6C-E61D-42CB-8FA9-D1DDE7D64D11}
2015-05-27 20:32 - 2015-05-27 20:32 - 00087024 _____ () C:\Users\Blackhexen\Downloads\MasterPlan-0.47.zip
2015-05-27 20:31 - 2015-05-27 20:31 - 02509931 _____ () C:\Users\Blackhexen\Downloads\DBM-Core-6.1.9.zip
2015-05-26 17:41 - 2015-05-31 18:25 - 00017794 _____ () C:\Users\Blackhexen\Downloads\FRST.txt
2015-05-26 17:41 - 2015-05-31 18:24 - 00057684 _____ () C:\Users\Blackhexen\Desktop\FRST.txt
2015-05-26 17:41 - 2015-05-26 17:42 - 00066811 _____ () C:\Users\Blackhexen\Desktop\Addition.txt
2015-05-26 17:40 - 2015-05-31 18:25 - 00000000 ____D () C:\FRST
2015-05-26 17:39 - 2015-05-26 17:39 - 02108928 _____ (Farbar) C:\Users\Blackhexen\Downloads\FRST64.exe
2015-05-25 23:45 - 2015-05-27 23:27 - 00000000 ____D () C:\Users\Blackhexen\Desktop\Tools
2015-05-25 23:36 - 2015-05-25 23:56 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-25 23:36 - 2015-05-25 23:44 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-25 23:36 - 2015-05-25 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-05-25 23:36 - 2015-05-25 23:36 - 00000000 ____D () C:\Program Files\RogueKiller
2015-05-25 23:13 - 2015-05-25 23:36 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-25 23:13 - 2015-05-25 23:13 - 18998408 _____ (Adlice Software ) C:\Users\Blackhexen\Downloads\setup.exe
2015-05-25 23:10 - 2015-05-25 23:12 - 11024496 _____ (SurfRight B.V.) C:\Users\Blackhexen\Downloads\HitmanPro_x64.exe
2015-05-25 23:04 - 2015-05-25 23:05 - 06484352 _____ (Piriform Ltd) C:\Users\Blackhexen\Downloads\ccsetup505.exe
2015-05-25 20:52 - 2015-04-10 20:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-24 01:00 - 2015-05-29 19:40 - 00000672 _____ () C:\Windows\setupact.log
2015-05-24 01:00 - 2015-05-24 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-22 17:19 - 2015-05-22 17:19 - 00000000 ____D () C:\Users\Blackhexen\AppData\Local\Stardock
2015-05-22 17:19 - 2015-05-22 17:19 - 00000000 ____D () C:\ProgramData\Stardock
2015-05-22 12:34 - 2015-05-22 12:34 - 00000222 _____ () C:\Users\Blackhexen\Desktop\Galactic Civilizations III.url
2015-05-14 18:12 - 2015-04-08 13:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-05-14 18:09 - 2015-04-08 17:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-05-14 18:09 - 2015-04-08 17:58 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-05-14 18:09 - 2015-04-08 17:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-05-14 16:42 - 2015-05-01 06:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 16:42 - 2015-05-01 06:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 16:40 - 2015-04-27 12:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-14 16:40 - 2015-04-27 12:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-14 16:40 - 2015-04-27 12:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-14 16:40 - 2015-04-27 12:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-14 16:40 - 2015-04-27 12:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-14 16:40 - 2015-04-27 12:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-14 16:40 - 2015-04-27 12:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-14 16:40 - 2015-04-27 12:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-14 16:40 - 2015-04-27 12:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-14 16:40 - 2015-04-27 12:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-14 16:40 - 2015-04-27 12:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-14 16:40 - 2015-04-27 12:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-14 16:40 - 2015-04-27 12:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-14 16:40 - 2015-04-27 12:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-14 16:40 - 2015-04-27 12:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-14 16:40 - 2015-04-27 12:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-14 16:40 - 2015-04-27 12:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 12:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-14 16:40 - 2015-04-27 12:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-14 16:40 - 2015-04-27 12:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-14 16:40 - 2015-04-27 12:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-14 16:40 - 2015-04-27 12:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-14 16:40 - 2015-04-27 12:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-14 16:40 - 2015-04-27 12:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-14 16:40 - 2015-04-27 12:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-14 16:40 - 2015-04-27 12:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-14 16:40 - 2015-04-27 12:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-14 16:40 - 2015-04-27 12:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-14 16:40 - 2015-04-27 12:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-14 16:40 - 2015-04-27 12:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-14 16:40 - 2015-04-27 12:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-14 16:40 - 2015-04-27 12:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-14 16:40 - 2015-04-27 12:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-14 16:40 - 2015-04-27 12:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-14 16:40 - 2015-04-27 12:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-14 16:40 - 2015-04-27 12:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-14 16:40 - 2015-04-27 12:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-14 16:40 - 2015-04-27 12:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-14 16:40 - 2015-04-27 12:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-14 16:40 - 2015-04-27 12:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-14 16:40 - 2015-04-27 12:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-14 16:40 - 2015-04-27 12:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-14 16:40 - 2015-04-27 12:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-14 16:40 - 2015-04-27 12:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-14 16:40 - 2015-04-27 12:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 11:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-14 16:40 - 2015-04-27 10:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-14 16:40 - 2015-04-27 10:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-14 16:40 - 2015-04-27 10:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 10:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 16:40 - 2015-04-27 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-14 16:40 - 2015-04-21 19:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-14 16:40 - 2015-04-21 18:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-14 16:40 - 2015-04-21 10:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 16:40 - 2015-04-21 10:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-14 16:40 - 2015-04-21 10:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-14 16:40 - 2015-04-21 09:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-14 16:40 - 2015-04-21 09:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 16:40 - 2015-04-21 09:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 16:40 - 2015-04-21 09:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-14 16:40 - 2015-04-21 09:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 16:40 - 2015-04-21 09:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-14 16:40 - 2015-04-21 09:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-14 16:40 - 2015-04-21 09:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-14 16:40 - 2015-04-21 09:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 16:40 - 2015-04-21 09:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 16:40 - 2015-04-21 09:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-14 16:40 - 2015-04-21 09:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-14 16:40 - 2015-04-21 09:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-14 16:40 - 2015-04-21 09:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 16:40 - 2015-04-21 09:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-14 16:40 - 2015-04-21 09:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-14 16:40 - 2015-04-21 09:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-14 16:40 - 2015-04-21 09:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 16:40 - 2015-04-21 09:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-14 16:40 - 2015-04-21 09:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-14 16:40 - 2015-04-21 09:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-14 16:40 - 2015-04-21 09:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-14 16:40 - 2015-04-21 09:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-14 16:40 - 2015-04-21 09:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-14 16:40 - 2015-04-21 09:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 16:40 - 2015-04-21 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-14 16:40 - 2015-04-21 09:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 16:40 - 2015-04-21 09:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-14 16:40 - 2015-04-21 09:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-14 16:40 - 2015-04-21 09:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-14 16:40 - 2015-04-21 09:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-14 16:40 - 2015-04-21 08:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-14 16:40 - 2015-04-21 08:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-14 16:40 - 2015-04-21 08:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-14 16:40 - 2015-04-21 08:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 16:40 - 2015-04-21 08:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-14 16:40 - 2015-04-21 08:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-14 16:40 - 2015-04-21 08:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-14 16:40 - 2015-04-21 08:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 16:40 - 2015-04-21 08:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-14 16:40 - 2015-04-21 08:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 16:40 - 2015-04-21 08:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-14 16:40 - 2015-04-21 08:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 16:40 - 2015-04-21 08:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 16:40 - 2015-04-21 08:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-14 16:40 - 2015-04-21 08:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 16:40 - 2015-04-21 08:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 16:40 - 2015-04-21 08:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 16:40 - 2015-04-21 08:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-14 16:40 - 2015-04-21 08:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-14 16:40 - 2015-04-21 08:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 16:40 - 2015-04-21 08:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-14 16:40 - 2015-04-21 08:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-14 16:40 - 2015-04-21 07:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-14 16:40 - 2015-04-21 07:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-14 16:39 - 2015-05-04 18:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 16:39 - 2015-05-04 18:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 16:39 - 2015-04-19 20:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 16:39 - 2015-04-19 20:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 16:39 - 2015-04-19 19:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 16:39 - 2015-04-19 19:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 16:39 - 2015-04-17 20:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 16:39 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 16:39 - 2015-04-12 20:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 16:39 - 2015-04-07 20:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-14 16:39 - 2015-04-07 20:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-14 16:39 - 2015-04-07 20:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-14 16:39 - 2015-03-13 20:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-14 16:39 - 2015-03-13 20:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-14 16:39 - 2015-03-13 20:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-14 16:39 - 2015-03-13 20:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-05-14 16:39 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-14 16:39 - 2015-02-18 00:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-14 16:39 - 2015-01-28 20:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-14 16:39 - 2015-01-28 20:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-14 16:34 - 2015-03-03 21:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-14 16:34 - 2015-03-03 21:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-14 16:34 - 2015-03-03 21:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-14 16:34 - 2015-03-03 21:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-14 16:34 - 2015-03-03 21:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-14 16:34 - 2015-03-03 21:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-14 16:34 - 2015-03-03 21:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-14 09:54 - 2015-05-14 09:54 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-31 18:21 - 2012-04-01 05:18 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-31 18:16 - 2012-09-29 16:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-31 18:15 - 2014-01-21 17:29 - 00000000 ____D () C:\Users\Blackhexen\AppData\Local\Battle.net
2015-05-31 18:05 - 2015-01-06 20:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-31 17:05 - 2015-01-06 20:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-31 15:50 - 2015-03-30 19:15 - 00000000 ____D () C:\Users\Blackhexen\Desktop\Berry, Derek L Homebuying
2015-05-31 07:41 - 2012-04-01 03:18 - 01595420 _____ () C:\Windows\WindowsUpdate.log
2015-05-29 23:26 - 2013-08-22 20:28 - 00000000 ____D () C:\Users\Blackhexen\AppData\Roaming\Mumble
2015-05-29 19:49 - 2009-07-13 21:45 - 00013664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-29 19:49 - 2009-07-13 21:45 - 00013664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-29 19:39 - 2013-11-12 16:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-29 19:39 - 2013-01-24 23:12 - 00000000 ____D () C:\Windows\Minidump
2015-05-29 19:39 - 2012-04-01 07:09 - 00354476 ____N () C:\Windows\Minidump\052915-32292-01.dmp
2015-05-29 19:39 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-29 18:04 - 2012-04-02 15:54 - 00000000 ____D () C:\Users\Blackhexen\Desktop\Dep Tools
2015-05-28 15:07 - 2015-01-23 15:31 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-28 15:07 - 2013-06-29 14:53 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-27 18:23 - 2012-04-01 03:17 - 00000000 ____D () C:\Users\Blackhexen
2015-05-25 23:54 - 2014-12-20 21:01 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-25 23:54 - 2009-07-13 22:08 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-25 23:05 - 2014-02-05 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-25 23:05 - 2014-02-05 20:44 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-25 21:03 - 2009-07-13 22:13 - 00788330 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-25 20:56 - 2009-07-13 21:45 - 00434872 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-25 20:52 - 2015-04-04 13:23 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-25 20:52 - 2015-04-04 13:23 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-25 15:06 - 2015-01-06 20:49 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-24 21:51 - 2012-04-01 03:36 - 00117160 _____ () C:\Users\Blackhexen\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-22 17:18 - 2012-04-01 15:22 - 00000000 ____D () C:\Users\Blackhexen\Documents\My Games
2015-05-22 12:34 - 2012-12-07 20:53 - 00000000 ____D () C:\Users\Blackhexen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-21 18:28 - 2014-01-21 17:29 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-20 06:14 - 2012-05-15 05:05 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-05-18 22:00 - 2015-02-20 18:04 - 00000000 ____D () C:\Users\Blackhexen\AppData\Roaming\TS3Client
2015-05-18 22:00 - 2012-04-08 18:59 - 00000000 ____D () C:\Users\Blackhexen\AppData\Local\CrashDumps
2015-05-17 17:14 - 2014-01-21 17:30 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-05-15 17:00 - 2015-01-06 20:48 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 17:00 - 2015-01-06 20:48 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 19:17 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-05-14 18:27 - 2014-12-20 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-14 18:27 - 2014-12-20 21:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-14 18:12 - 2013-11-12 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-14 18:12 - 2012-04-02 19:32 - 00000000 ____D () C:\Temp
2015-05-14 18:11 - 2013-11-12 16:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-05-14 17:55 - 2013-11-12 16:42 - 00001391 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-05-14 17:54 - 2014-10-20 20:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 17:27 - 2012-10-22 21:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 17:27 - 2012-10-22 21:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 17:25 - 2009-07-14 00:47 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 17:25 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 16:51 - 2012-12-08 20:20 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-05-14 16:51 - 2012-12-08 20:16 - 00002127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-14 16:51 - 2012-12-08 20:16 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-14 16:51 - 2012-12-08 20:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-14 16:50 - 2013-07-11 17:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 16:45 - 2012-04-04 06:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 16:45 - 2012-04-02 09:06 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 16:42 - 2012-10-22 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 05:31 - 2012-04-01 05:18 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-05-10 14:08 - 2012-06-23 19:48 - 00000487 _____ () C:\Users\Public\Documents\Games.txt
2015-05-10 13:19 - 2012-04-01 05:33 - 00000000 ____D () C:\ProgramData\Origin
2015-05-10 12:04 - 2012-04-01 05:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-05-10 12:04 - 2012-04-01 05:24 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-05-01 09:51 - 2014-07-27 17:41 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-05-01 09:51 - 2013-11-12 16:42 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-01 09:50 - 2014-07-27 17:41 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-05-01 09:50 - 2013-11-12 16:42 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
 
==================== Files in the root of some directories =======
 
2012-04-02 17:22 - 2015-01-24 18:19 - 0011264 _____ () C:\Users\Blackhexen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-24 01:34 - 2012-05-24 01:34 - 0034814 _____ () C:\Users\Blackhexen\AppData\Local\dt.dat
2012-04-02 08:10 - 2015-03-06 13:34 - 0007670 _____ () C:\Users\Blackhexen\AppData\Local\Resmon.ResmonCfg
2013-02-27 10:07 - 2013-03-01 21:04 - 0003913 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Blackhexen\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-24 00:57
 
==================== End of log ============================
 
 
 
 
Issues:
SVChost and MSMPEng are running in the background taking up a ton of memory. I can "end process" on the SVChost running at 320,104K and it doesn't impact computer operations.
 
The bootup times are very, very slow. I'm talking 5-10 minutes in some cases.
 
I have not done anything new to the computer since the last log other than check e-mail and play video games.
 
Thank you for your time and support in this matter.


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:29 PM

Posted 01 June 2015 - 10:12 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.
tdss.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 blackhexen

blackhexen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 01 June 2015 - 07:12 PM

17:09:26.0541 0x7928  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
17:09:26.0541 0x7928  UEFI system
17:09:34.0057 0x7928  ============================================================
17:09:34.0057 0x7928  Current date / time: 2015/06/01 17:09:34.0057
17:09:34.0057 0x7928  SystemInfo:
17:09:34.0057 0x7928  
17:09:34.0057 0x7928  OS Version: 6.1.7601 ServicePack: 1.0
17:09:34.0057 0x7928  Product type: Workstation
17:09:34.0057 0x7928  ComputerName: BLACKHEXEN-PC
17:09:34.0057 0x7928  UserName: Blackhexen
17:09:34.0057 0x7928  Windows directory: C:\Windows
17:09:34.0057 0x7928  System windows directory: C:\Windows
17:09:34.0057 0x7928  Running under WOW64
17:09:34.0057 0x7928  Processor architecture: Intel x64
17:09:34.0057 0x7928  Number of processors: 8
17:09:34.0057 0x7928  Page size: 0x1000
17:09:34.0057 0x7928  Boot type: Normal boot
17:09:34.0057 0x7928  ============================================================
17:09:36.0172 0x7928  KLMD registered as C:\Windows\system32\drivers\74142307.sys
17:09:36.0477 0x7928  System UUID: {F8ED58FD-96DB-474D-CF3C-78A16C8B6763}
17:09:36.0875 0x7928  Drive \Device\Harddisk1\DR1 - Size: 0x2BAA1476000 ( 2794.52 Gb ), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:09:36.0895 0x7928  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:09:42.0016 0x7928  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB5E00 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:09:42.0021 0x7928  ============================================================
17:09:42.0021 0x7928  \Device\Harddisk1\DR1:
17:09:42.0021 0x7928  GPT partitions:
17:09:42.0021 0x7928  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {E65E44EA-BA98-4592-AC82-A0F6F780F5F2}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
17:09:42.0021 0x7928  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {E974D3A0-75C0-4B77-8CF4-822EF7CAA07B}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
17:09:42.0021 0x7928  \Device\Harddisk1\DR1\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {56A96733-5FC1-48C8-8FB2-BE33DDB05305}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x5D497800
17:09:42.0021 0x7928  MBR partitions:
17:09:42.0021 0x7928  \Device\Harddisk0\DR0:
17:09:42.0041 0x7928  MBR partitions:
17:09:42.0041 0x7928  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
17:09:42.0041 0x7928  \Device\Harddisk2\DR2:
17:09:42.0041 0x7928  MBR partitions:
17:09:42.0041 0x7928  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705981
17:09:42.0041 0x7928  ============================================================
17:09:42.0073 0x7928  C: <-> \Device\Harddisk1\DR1\Partition3
17:09:42.0094 0x7928  G: <-> \Device\Harddisk2\DR2\Partition1
17:09:42.0095 0x7928  D: <-> \Device\Harddisk0\DR0\Partition1
17:09:42.0095 0x7928  ============================================================
17:09:42.0095 0x7928  Initialize success
17:09:42.0095 0x7928  ============================================================
17:10:20.0889 0x8030  ============================================================
17:10:20.0889 0x8030  Scan started
17:10:20.0889 0x8030  Mode: Manual; SigCheck; TDLFS; 
17:10:20.0889 0x8030  ============================================================
17:10:20.0889 0x8030  KSN ping started
17:10:23.0735 0x8030  KSN ping finished: true
17:10:25.0201 0x8030  ================ Scan system memory ========================
17:10:25.0201 0x8030  System memory - ok
17:10:25.0202 0x8030  ================ Scan services =============================
17:10:25.0230 0x8030  1394ohci - ok
17:10:25.0248 0x8030  ACPI - ok
17:10:25.0252 0x8030  AcpiPmi - ok
17:10:25.0284 0x8030  AdobeARMservice - ok
17:10:25.0304 0x8030  AdobeFlashPlayerUpdateSvc - ok
17:10:25.0309 0x8030  adp94xx - ok
17:10:25.0313 0x8030  adpahci - ok
17:10:25.0317 0x8030  adpu320 - ok
17:10:25.0324 0x8030  AeLookupSvc - ok
17:10:25.0335 0x8030  AFD - ok
17:10:25.0339 0x8030  agp440 - ok
17:10:25.0345 0x8030  ALG - ok
17:10:25.0349 0x8030  aliide - ok
17:10:25.0354 0x8030  amdide - ok
17:10:25.0358 0x8030  AmdK8 - ok
17:10:25.0362 0x8030  AmdPPM - ok
17:10:25.0367 0x8030  amdsata - ok
17:10:25.0371 0x8030  amdsbs - ok
17:10:25.0375 0x8030  amdxata - ok
17:10:25.0375 0x8030  AppID - ok
17:10:25.0375 0x8030  AppIDSvc - ok
17:10:25.0375 0x8030  Appinfo - ok
17:10:25.0391 0x8030  AppMgmt - ok
17:10:25.0391 0x8030  arc - ok
17:10:25.0391 0x8030  arcsas - ok
17:10:25.0407 0x8030  asahci64 - ok
17:10:25.0407 0x8030  asHmComSvc - ok
17:10:25.0407 0x8030  AsIO - ok
17:10:25.0407 0x8030  asmthub3 - ok
17:10:25.0407 0x8030  asmtxhci - ok
17:10:25.0438 0x8030  aspnet_state - ok
17:10:25.0438 0x8030  AsyncMac - ok
17:10:25.0438 0x8030  atapi - ok
17:10:25.0456 0x8030  AthBTPort - ok
17:10:25.0468 0x8030  ATHDFU - ok
17:10:25.0472 0x8030  AtherosSvc - ok
17:10:25.0479 0x8030  athr - ok
17:10:25.0484 0x8030  AudioEndpointBuilder - ok
17:10:25.0488 0x8030  AudioSrv - ok
17:10:25.0489 0x8030  AxInstSV - ok
17:10:25.0489 0x8030  b06bdrv - ok
17:10:25.0489 0x8030  b57nd60a - ok
17:10:25.0505 0x8030  BDESVC - ok
17:10:25.0505 0x8030  Beep - ok
17:10:25.0521 0x8030  BFE - ok
17:10:25.0521 0x8030  BITS - ok
17:10:25.0521 0x8030  blbdrive - ok
17:10:25.0536 0x8030  Bonjour Service - ok
17:10:25.0536 0x8030  bowser - ok
17:10:25.0536 0x8030  BrFiltLo - ok
17:10:25.0536 0x8030  BrFiltUp - ok
17:10:25.0567 0x8030  BridgeMP - ok
17:10:25.0567 0x8030  Browser - ok
17:10:25.0585 0x8030  Brserid - ok
17:10:25.0588 0x8030  BrSerWdm - ok
17:10:25.0590 0x8030  BrUsbMdm - ok
17:10:25.0593 0x8030  BrUsbSer - ok
17:10:25.0596 0x8030  BTATH_A2DP - ok
17:10:25.0600 0x8030  btath_avdt - ok
17:10:25.0603 0x8030  BTATH_BUS - ok
17:10:25.0606 0x8030  BTATH_HCRP - ok
17:10:25.0608 0x8030  BTATH_LWFLT - ok
17:10:25.0611 0x8030  BTATH_RCP - ok
17:10:25.0616 0x8030  BtFilter - ok
17:10:25.0626 0x8030  BthEnum - ok
17:10:25.0628 0x8030  BTHMODEM - ok
17:10:25.0629 0x8030  BthPan - ok
17:10:25.0631 0x8030  BTHPORT - ok
17:10:25.0632 0x8030  bthserv - ok
17:10:25.0634 0x8030  BTHUSB - ok
17:10:25.0636 0x8030  catchme - ok
17:10:25.0637 0x8030  cdfs - ok
17:10:25.0639 0x8030  cdrom - ok
17:10:25.0639 0x8030  CertPropSvc - ok
17:10:25.0639 0x8030  circlass - ok
17:10:25.0639 0x8030  CLFS - ok
17:10:25.0639 0x8030  CLKMSVC10_38F51D56 - ok
17:10:25.0639 0x8030  clr_optimization_v2.0.50727_32 - ok
17:10:25.0639 0x8030  clr_optimization_v2.0.50727_64 - ok
17:10:25.0655 0x8030  clr_optimization_v4.0.30319_32 - ok
17:10:25.0655 0x8030  clr_optimization_v4.0.30319_64 - ok
17:10:25.0655 0x8030  CmBatt - ok
17:10:25.0655 0x8030  cmdide - ok
17:10:25.0655 0x8030  CNG - ok
17:10:25.0655 0x8030  Compbatt - ok
17:10:25.0655 0x8030  CompositeBus - ok
17:10:25.0655 0x8030  COMSysApp - ok
17:10:25.0670 0x8030  cpuz135 - ok
17:10:25.0670 0x8030  crcdisk - ok
17:10:25.0670 0x8030  CryptSvc - ok
17:10:25.0670 0x8030  CSC - ok
17:10:25.0670 0x8030  CscService - ok
17:10:25.0670 0x8030  DcomLaunch - ok
17:10:25.0686 0x8030  defragsvc - ok
17:10:25.0686 0x8030  DfsC - ok
17:10:25.0686 0x8030  dg_ssudbus - ok
17:10:25.0686 0x8030  Dhcp - ok
17:10:25.0701 0x8030  DiagTrack - ok
17:10:25.0701 0x8030  discache - ok
17:10:25.0701 0x8030  Disk - ok
17:10:25.0701 0x8030  Dnscache - ok
17:10:25.0701 0x8030  dot3svc - ok
17:10:25.0701 0x8030  DPS - ok
17:10:25.0717 0x8030  drmkaud - ok
17:10:25.0717 0x8030  DTSAudioSvc - ok
17:10:25.0717 0x8030  DXGKrnl - ok
17:10:25.0717 0x8030  e1cexpress - ok
17:10:25.0717 0x8030  EapHost - ok
17:10:25.0717 0x8030  ebdrv - ok
17:10:25.0717 0x8030  EFS - ok
17:10:25.0717 0x8030  ehRecvr - ok
17:10:25.0717 0x8030  ehSched - ok
17:10:25.0717 0x8030  elxstor - ok
17:10:25.0717 0x8030  ErrDev - ok
17:10:25.0733 0x8030  EventSystem - ok
17:10:25.0733 0x8030  exfat - ok
17:10:25.0733 0x8030  fastfat - ok
17:10:25.0733 0x8030  Fax - ok
17:10:25.0733 0x8030  fdc - ok
17:10:25.0733 0x8030  fdPHost - ok
17:10:25.0733 0x8030  FDResPub - ok
17:10:25.0733 0x8030  FileInfo - ok
17:10:25.0733 0x8030  Filetrace - ok
17:10:25.0748 0x8030  flpydisk - ok
17:10:25.0748 0x8030  FltMgr - ok
17:10:25.0748 0x8030  FontCache - ok
17:10:25.0748 0x8030  FontCache3.0.0.0 - ok
17:10:25.0748 0x8030  FsDepends - ok
17:10:25.0748 0x8030  Fs_Rec - ok
17:10:25.0748 0x8030  fvevol - ok
17:10:25.0748 0x8030  gagp30kx - ok
17:10:25.0764 0x8030  GfExperienceService - ok
17:10:25.0764 0x8030  gpsvc - ok
17:10:25.0764 0x8030  gupdate - ok
17:10:25.0764 0x8030  gupdatem - ok
17:10:25.0764 0x8030  hcw85cir - ok
17:10:25.0764 0x8030  HdAudAddService - ok
17:10:25.0764 0x8030  HDAudBus - ok
17:10:25.0780 0x8030  HidBatt - ok
17:10:25.0781 0x8030  HidBth - ok
17:10:25.0781 0x8030  HidIr - ok
17:10:25.0781 0x8030  hidserv - ok
17:10:25.0781 0x8030  HidUsb - ok
17:10:25.0781 0x8030  hkmsvc - ok
17:10:25.0781 0x8030  HomeGroupListener - ok
17:10:25.0781 0x8030  HomeGroupProvider - ok
17:10:25.0781 0x8030  hpqcxs08 - ok
17:10:25.0781 0x8030  hpqddsvc - ok
17:10:25.0781 0x8030  HpSAMD - ok
17:10:25.0797 0x8030  HPSLPSVC - ok
17:10:25.0797 0x8030  HTTP - ok
17:10:25.0797 0x8030  hwpolicy - ok
17:10:25.0797 0x8030  i8042prt - ok
17:10:25.0797 0x8030  iaStorA - ok
17:10:25.0797 0x8030  iaStorF - ok
17:10:25.0797 0x8030  iaStorV - ok
17:10:25.0797 0x8030  idsvc - ok
17:10:25.0797 0x8030  IEEtwCollectorService - ok
17:10:25.0797 0x8030  iirsp - ok
17:10:25.0813 0x8030  IKEEXT - ok
17:10:25.0813 0x8030  IntcAzAudAddService - ok
17:10:25.0828 0x8030  Intel® Capability Licensing Service Interface - ok
17:10:25.0828 0x8030  Intel® Capability Licensing Service TCP IP Interface - ok
17:10:25.0858 0x8030  Intel® PROSet Monitoring Service - ok
17:10:25.0862 0x8030  intelide - ok
17:10:25.0866 0x8030  intelppm - ok
17:10:25.0871 0x8030  IPBusEnum - ok
17:10:25.0873 0x8030  IpFilterDriver - ok
17:10:25.0873 0x8030  iphlpsvc - ok
17:10:25.0873 0x8030  IPMIDRV - ok
17:10:25.0888 0x8030  IPNAT - ok
17:10:25.0888 0x8030  IRENUM - ok
17:10:25.0888 0x8030  isapnp - ok
17:10:25.0888 0x8030  iScsiPrt - ok
17:10:25.0888 0x8030  kbdclass - ok
17:10:25.0888 0x8030  kbdhid - ok
17:10:25.0904 0x8030  KeyIso - ok
17:10:25.0904 0x8030  KSecDD - ok
17:10:25.0904 0x8030  KSecPkg - ok
17:10:25.0904 0x8030  ksthunk - ok
17:10:25.0904 0x8030  KtmRm - ok
17:10:25.0904 0x8030  LanmanServer - ok
17:10:25.0904 0x8030  LanmanWorkstation - ok
17:10:25.0920 0x8030  lltdio - ok
17:10:25.0920 0x8030  lltdsvc - ok
17:10:25.0920 0x8030  lmhosts - ok
17:10:25.0920 0x8030  LSI_FC - ok
17:10:25.0920 0x8030  LSI_SAS - ok
17:10:25.0920 0x8030  LSI_SAS2 - ok
17:10:25.0920 0x8030  LSI_SCSI - ok
17:10:25.0920 0x8030  luafv - ok
17:10:25.0920 0x8030  MBAMProtector - ok
17:10:25.0935 0x8030  MBAMService - ok
17:10:25.0951 0x8030  MBAMWebAccessControl - ok
17:10:25.0951 0x8030  Mcx2Svc - ok
17:10:25.0951 0x8030  megasas - ok
17:10:25.0951 0x8030  MegaSR - ok
17:10:25.0951 0x8030  MEIx64 - ok
17:10:25.0951 0x8030  Microsoft SharePoint Workspace Audit Service - ok
17:10:25.0951 0x8030  MMCSS - ok
17:10:25.0966 0x8030  Modem - ok
17:10:25.0968 0x8030  monitor - ok
17:10:25.0970 0x8030  mouclass - ok
17:10:25.0971 0x8030  mouhid - ok
17:10:25.0972 0x8030  mountmgr - ok
17:10:25.0972 0x8030  MpFilter - ok
17:10:25.0972 0x8030  mpio - ok
17:10:25.0972 0x8030  mpsdrv - ok
17:10:25.0972 0x8030  MpsSvc - ok
17:10:25.0972 0x8030  MRxDAV - ok
17:10:25.0972 0x8030  mrxsmb - ok
17:10:25.0972 0x8030  mrxsmb10 - ok
17:10:25.0972 0x8030  mrxsmb20 - ok
17:10:25.0988 0x8030  msahci - ok
17:10:25.0988 0x8030  msdsm - ok
17:10:25.0988 0x8030  MSDTC - ok
17:10:25.0988 0x8030  Msfs - ok
17:10:25.0988 0x8030  mshidkmdf - ok
17:10:25.0988 0x8030  msisadrv - ok
17:10:25.0988 0x8030  MSiSCSI - ok
17:10:25.0988 0x8030  msiserver - ok
17:10:25.0988 0x8030  MSKSSRV - ok
17:10:26.0004 0x8030  MsMpSvc - ok
17:10:26.0004 0x8030  MSPCLOCK - ok
17:10:26.0004 0x8030  MSPQM - ok
17:10:26.0004 0x8030  MsRPC - ok
17:10:26.0004 0x8030  mssmbios - ok
17:10:26.0004 0x8030  MSTEE - ok
17:10:26.0004 0x8030  MTConfig - ok
17:10:26.0004 0x8030  Mup - ok
17:10:26.0019 0x8030  mv91cons - ok
17:10:26.0019 0x8030  mvs91xx - ok
17:10:26.0019 0x8030  napagent - ok
17:10:26.0019 0x8030  NativeWifiP - ok
17:10:26.0035 0x8030  Nccidx64 - ok
17:10:26.0035 0x8030  NDIS - ok
17:10:26.0035 0x8030  NdisCap - ok
17:10:26.0035 0x8030  NdisTapi - ok
17:10:26.0035 0x8030  Ndisuio - ok
17:10:26.0035 0x8030  NdisWan - ok
17:10:26.0035 0x8030  NDProxy - ok
17:10:26.0035 0x8030  Net Driver HPZ12 - ok
17:10:26.0035 0x8030  NetBIOS - ok
17:10:26.0035 0x8030  NetBT - ok
17:10:26.0051 0x8030  Netlogon - ok
17:10:26.0052 0x8030  Netman - ok
17:10:26.0054 0x8030  NetMsmqActivator - ok
17:10:26.0056 0x8030  NetPipeActivator - ok
17:10:26.0057 0x8030  netprofm - ok
17:10:26.0059 0x8030  NetTcpActivator - ok
17:10:26.0061 0x8030  NetTcpPortSharing - ok
17:10:26.0062 0x8030  nfrd960 - ok
17:10:26.0064 0x8030  NisDrv - ok
17:10:26.0066 0x8030  NisSrv - ok
17:10:26.0067 0x8030  NlaSvc - ok
17:10:26.0069 0x8030  Npfs - ok
17:10:26.0070 0x8030  nsi - ok
17:10:26.0072 0x8030  nsiproxy - ok
17:10:26.0074 0x8030  Ntfs - ok
17:10:26.0075 0x8030  Null - ok
17:10:26.0086 0x8030  NVHDA - ok
17:10:26.0088 0x8030  nvlddmkm - ok
17:10:26.0088 0x8030  NvNetworkService - ok
17:10:26.0088 0x8030  nvraid - ok
17:10:26.0088 0x8030  nvstor - ok
17:10:26.0088 0x8030  NvStreamKms - ok
17:10:26.0088 0x8030  NvStreamSvc - ok
17:10:26.0104 0x8030  nvsvc - ok
17:10:26.0104 0x8030  nvvad_WaveExtensible - ok
17:10:26.0104 0x8030  nv_agp - ok
17:10:26.0104 0x8030  ohci1394 - ok
17:10:26.0104 0x8030  Origin Client Service - ok
17:10:26.0104 0x8030  ose64 - ok
17:10:26.0104 0x8030  osppsvc - ok
17:10:26.0104 0x8030  p2pimsvc - ok
17:10:26.0104 0x8030  p2psvc - ok
17:10:26.0120 0x8030  Parport - ok
17:10:26.0120 0x8030  partmgr - ok
17:10:26.0120 0x8030  PcaSvc - ok
17:10:26.0120 0x8030  pci - ok
17:10:26.0120 0x8030  pciide - ok
17:10:26.0120 0x8030  pcmcia - ok
17:10:26.0120 0x8030  pcw - ok
17:10:26.0120 0x8030  PEAUTH - ok
17:10:26.0120 0x8030  PeerDistSvc - ok
17:10:26.0120 0x8030  PerfHost - ok
17:10:26.0135 0x8030  pla - ok
17:10:26.0135 0x8030  PlugPlay - ok
17:10:26.0135 0x8030  Pml Driver HPZ12 - ok
17:10:26.0135 0x8030  PNRPAutoReg - ok
17:10:26.0135 0x8030  PNRPsvc - ok
17:10:26.0135 0x8030  PolicyAgent - ok
17:10:26.0135 0x8030  Power - ok
17:10:26.0135 0x8030  PptpMiniport - ok
17:10:26.0151 0x8030  Processor - ok
17:10:26.0151 0x8030  ProfSvc - ok
17:10:26.0151 0x8030  ProtectedStorage - ok
17:10:26.0151 0x8030  Psched - ok
17:10:26.0151 0x8030  ql2300 - ok
17:10:26.0151 0x8030  ql40xx - ok
17:10:26.0151 0x8030  QWAVE - ok
17:10:26.0151 0x8030  QWAVEdrv - ok
17:10:26.0151 0x8030  RasAcd - ok
17:10:26.0151 0x8030  RasAgileVpn - ok
17:10:26.0166 0x8030  RasAuto - ok
17:10:26.0168 0x8030  Rasl2tp - ok
17:10:26.0169 0x8030  RasMan - ok
17:10:26.0171 0x8030  RasPppoe - ok
17:10:26.0172 0x8030  RasSstp - ok
17:10:26.0172 0x8030  Razer Game Scanner Service - ok
17:10:26.0188 0x8030  rdbss - ok
17:10:26.0188 0x8030  rdpbus - ok
17:10:26.0188 0x8030  RDPCDD - ok
17:10:26.0188 0x8030  RDPDR - ok
17:10:26.0188 0x8030  RDPENCDD - ok
17:10:26.0188 0x8030  RDPREFMP - ok
17:10:26.0188 0x8030  RdpVideoMiniport - ok
17:10:26.0188 0x8030  RDPWD - ok
17:10:26.0188 0x8030  rdyboost - ok
17:10:26.0204 0x8030  RemoteAccess - ok
17:10:26.0204 0x8030  RemoteRegistry - ok
17:10:26.0204 0x8030  RFCOMM - ok
17:10:26.0204 0x8030  RichVideo - ok
17:10:26.0204 0x8030  RpcEptMapper - ok
17:10:26.0204 0x8030  RpcLocator - ok
17:10:26.0204 0x8030  RpcSs - ok
17:10:26.0204 0x8030  rspndr - ok
17:10:26.0204 0x8030  RTL8167 - ok
17:10:26.0204 0x8030  RzDxgk - ok
17:10:26.0219 0x8030  rzendpt - ok
17:10:26.0235 0x8030  RzFilter - ok
17:10:26.0235 0x8030  RzOvlMon - ok
17:10:26.0235 0x8030  rzpmgrk - ok
17:10:26.0235 0x8030  rzpnk - ok
17:10:26.0235 0x8030  RzSynapse - ok
17:10:26.0235 0x8030  rzudd - ok
17:10:26.0235 0x8030  s3cap - ok
17:10:26.0250 0x8030  S3XXx64 - ok
17:10:26.0252 0x8030  SamSs - ok
17:10:26.0253 0x8030  sbp2port - ok
17:10:26.0255 0x8030  SCardSvr - ok
17:10:26.0256 0x8030  scfilter - ok
17:10:26.0258 0x8030  Schedule - ok
17:10:26.0260 0x8030  SCPolicySvc - ok
17:10:26.0275 0x8030  SCR131C - ok
17:10:26.0276 0x8030  SCR33X USB Smart Card Reader - ok
17:10:26.0278 0x8030  SCRx31 USB Reader - ok
17:10:26.0280 0x8030  SDRSVC - ok
17:10:26.0281 0x8030  secdrv - ok
17:10:26.0283 0x8030  seclogon - ok
17:10:26.0284 0x8030  SENS - ok
17:10:26.0286 0x8030  SensrSvc - ok
17:10:26.0287 0x8030  Serenum - ok
17:10:26.0289 0x8030  Serial - ok
17:10:26.0289 0x8030  sermouse - ok
17:10:26.0289 0x8030  SessionEnv - ok
17:10:26.0289 0x8030  sffdisk - ok
17:10:26.0289 0x8030  sffp_mmc - ok
17:10:26.0289 0x8030  sffp_sd - ok
17:10:26.0289 0x8030  sfloppy - ok
17:10:26.0289 0x8030  SharedAccess - ok
17:10:26.0289 0x8030  ShellHWDetection - ok
17:10:26.0305 0x8030  SiSRaid2 - ok
17:10:26.0305 0x8030  SiSRaid4 - ok
17:10:26.0305 0x8030  SkypeUpdate - ok
17:10:26.0305 0x8030  Smb - ok
17:10:26.0305 0x8030  SNMPTRAP - ok
17:10:26.0305 0x8030  spldr - ok
17:10:26.0305 0x8030  Spooler - ok
17:10:26.0305 0x8030  sppsvc - ok
17:10:26.0305 0x8030  sppuinotify - ok
17:10:26.0321 0x8030  srv - ok
17:10:26.0321 0x8030  srv2 - ok
17:10:26.0321 0x8030  srvnet - ok
17:10:26.0321 0x8030  SSDPSRV - ok
17:10:26.0321 0x8030  SstpSvc - ok
17:10:26.0321 0x8030  ssudmdm - ok
17:10:26.0321 0x8030  STCFUx64 - ok
17:10:26.0336 0x8030  Steam Client Service - ok
17:10:26.0336 0x8030  Stereo Service - ok
17:10:26.0336 0x8030  stexstor - ok
17:10:26.0336 0x8030  StillCam - ok
17:10:26.0336 0x8030  stisvc - ok
17:10:26.0352 0x8030  storflt - ok
17:10:26.0353 0x8030  StorSvc - ok
17:10:26.0355 0x8030  storvsc - ok
17:10:26.0356 0x8030  swenum - ok
17:10:26.0358 0x8030  swprv - ok
17:10:26.0359 0x8030  SysMain - ok
17:10:26.0361 0x8030  TabletInputService - ok
17:10:26.0362 0x8030  TapiSrv - ok
17:10:26.0364 0x8030  TBS - ok
17:10:26.0365 0x8030  Tcpip - ok
17:10:26.0367 0x8030  TCPIP6 - ok
17:10:26.0369 0x8030  tcpipreg - ok
17:10:26.0371 0x8030  TDPIPE - ok
17:10:26.0372 0x8030  TDTCP - ok
17:10:26.0372 0x8030  tdx - ok
17:10:26.0372 0x8030  TermDD - ok
17:10:26.0372 0x8030  TermService - ok
17:10:26.0372 0x8030  Themes - ok
17:10:26.0372 0x8030  THREADORDER - ok
17:10:26.0372 0x8030  TrkWks - ok
17:10:26.0372 0x8030  TrustedInstaller - ok
17:10:26.0372 0x8030  tssecsrv - ok
17:10:26.0387 0x8030  TsUsbFlt - ok
17:10:26.0387 0x8030  tunnel - ok
17:10:26.0387 0x8030  uagp35 - ok
17:10:26.0387 0x8030  udfs - ok
17:10:26.0387 0x8030  UI0Detect - ok
17:10:26.0387 0x8030  uliagpkx - ok
17:10:26.0387 0x8030  umbus - ok
17:10:26.0387 0x8030  UmPass - ok
17:10:26.0387 0x8030  UmRdpService - ok
17:10:26.0403 0x8030  upnphost - ok
17:10:26.0403 0x8030  usbaudio - ok
17:10:26.0403 0x8030  usbccgp - ok
17:10:26.0403 0x8030  usbcir - ok
17:10:26.0403 0x8030  usbehci - ok
17:10:26.0403 0x8030  usbhub - ok
17:10:26.0403 0x8030  usbohci - ok
17:10:26.0403 0x8030  usbprint - ok
17:10:26.0403 0x8030  USBSTOR - ok
17:10:26.0403 0x8030  usbuhci - ok
17:10:26.0419 0x8030  UxSms - ok
17:10:26.0419 0x8030  VaultSvc - ok
17:10:26.0419 0x8030  vdrvroot - ok
17:10:26.0419 0x8030  vds - ok
17:10:26.0419 0x8030  vga - ok
17:10:26.0419 0x8030  VgaSave - ok
17:10:26.0419 0x8030  vhdmp - ok
17:10:26.0419 0x8030  viaide - ok
17:10:26.0419 0x8030  vmbus - ok
17:10:26.0419 0x8030  VMBusHID - ok
17:10:26.0434 0x8030  volmgr - ok
17:10:26.0434 0x8030  volmgrx - ok
17:10:26.0434 0x8030  volsnap - ok
17:10:26.0434 0x8030  vsmraid - ok
17:10:26.0434 0x8030  VSS - ok
17:10:26.0434 0x8030  vwifibus - ok
17:10:26.0434 0x8030  vwififlt - ok
17:10:26.0434 0x8030  vwifimp - ok
17:10:26.0434 0x8030  W32Time - ok
17:10:26.0434 0x8030  WacomPen - ok
17:10:26.0451 0x8030  WANARP - ok
17:10:26.0452 0x8030  Wanarpv6 - ok
17:10:26.0454 0x8030  WatAdminSvc - ok
17:10:26.0456 0x8030  wbengine - ok
17:10:26.0458 0x8030  WbioSrvc - ok
17:10:26.0459 0x8030  wcncsvc - ok
17:10:26.0461 0x8030  WcsPlugInService - ok
17:10:26.0462 0x8030  Wd - ok
17:10:26.0464 0x8030  Wdf01000 - ok
17:10:26.0465 0x8030  WdiServiceHost - ok
17:10:26.0467 0x8030  WdiSystemHost - ok
17:10:26.0469 0x8030  WebClient - ok
17:10:26.0470 0x8030  Wecsvc - ok
17:10:26.0472 0x8030  wercplsupport - ok
17:10:26.0473 0x8030  WerSvc - ok
17:10:26.0473 0x8030  WfpLwf - ok
17:10:26.0473 0x8030  WIMMount - ok
17:10:26.0473 0x8030  WinDefend - ok
17:10:26.0473 0x8030  WinHttpAutoProxySvc - ok
17:10:26.0473 0x8030  Winmgmt - ok
17:10:26.0473 0x8030  WinRM - ok
17:10:26.0473 0x8030  WinUSB - ok
17:10:26.0488 0x8030  Wlansvc - ok
17:10:26.0488 0x8030  WmiAcpi - ok
17:10:26.0488 0x8030  wmiApSrv - ok
17:10:26.0488 0x8030  WMPNetworkSvc - ok
17:10:26.0488 0x8030  WPCSvc - ok
17:10:26.0488 0x8030  WPDBusEnum - ok
17:10:26.0488 0x8030  ws2ifsl - ok
17:10:26.0488 0x8030  wscsvc - ok
17:10:26.0488 0x8030  WSDPrintDevice - ok
17:10:26.0504 0x8030  WSearch - ok
17:10:26.0504 0x8030  wuauserv - ok
17:10:26.0504 0x8030  WudfPf - ok
17:10:26.0504 0x8030  WUDFRd - ok
17:10:26.0504 0x8030  wudfsvc - ok
17:10:26.0504 0x8030  WwanSvc - ok
17:10:26.0504 0x8030  ZAtheros Bt and Wlan Coex Agent - ok
17:10:26.0520 0x8030  ================ Scan global ===============================
17:10:26.0520 0x8030  [ Global ] - ok
17:10:26.0520 0x8030  ================ Scan MBR ==================================
17:10:26.0535 0x8030  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:10:26.0604 0x8030  \Device\Harddisk1\DR1 - ok
17:10:26.0635 0x8030  [ 8913823FF508CCF109DB74B636C301DA ] \Device\Harddisk0\DR0
17:10:26.0719 0x8030  \Device\Harddisk0\DR0 - ok
17:10:26.0719 0x8030  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
17:10:26.0813 0x8030  \Device\Harddisk2\DR2 - ok
17:10:26.0813 0x8030  ================ Scan VBR ==================================
17:10:26.0828 0x8030  [ AB7EB2E849D0D56D10EC5A4C998188E6 ] \Device\Harddisk1\DR1\Partition1
17:10:26.0889 0x8030  \Device\Harddisk1\DR1\Partition1 - ok
17:10:26.0904 0x8030  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition2
17:10:26.0904 0x8030  \Device\Harddisk1\DR1\Partition2 - ok
17:10:26.0920 0x8030  [ 16B7DE05A01816AEF441C4909792D744 ] \Device\Harddisk1\DR1\Partition3
17:10:26.0972 0x8030  \Device\Harddisk1\DR1\Partition3 - ok
17:10:26.0972 0x8030  [ 4370C442C045BD8079229EEA9FECBC20 ] \Device\Harddisk0\DR0\Partition1
17:10:26.0972 0x8030  \Device\Harddisk0\DR0\Partition1 - ok
17:10:26.0972 0x8030  [ 8BA9665961B9E12EBD6AA57D2F834565 ] \Device\Harddisk2\DR2\Partition1
17:10:27.0069 0x8030  \Device\Harddisk2\DR2\Partition1 - ok
17:10:27.0070 0x8030  ================ Scan generic autorun ======================
17:10:27.0070 0x8030  ShadowPlay - ok
17:10:27.0072 0x8030  RTHDVCPL - ok
17:10:27.0072 0x8030  RtHDVBg_DTS - ok
17:10:27.0072 0x8030  MSC - ok
17:10:27.0072 0x8030  BCSSync - ok
17:10:27.0072 0x8030  BtvStack - ok
17:10:27.0072 0x8030  NvBackend - ok
17:10:27.0072 0x8030  FlashPlayerUpdate - ok
17:10:27.0103 0x8030  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
17:10:27.0134 0x8030  Win FW state via NFP2: enabled
17:10:29.0862 0x8030  ============================================================
17:10:29.0862 0x8030  Scan finished
17:10:29.0862 0x8030  ============================================================
17:10:29.0870 0x8818  Detected object count: 0
17:10:29.0870 0x8818  Actual detected object count: 0
 
--------------------------------------------------------------------------------------
No detections
 
TDSSKiller is still installed on the computer at this time.
 
Thank you and I'll be standing by for further instructions.


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:29 PM

Posted 02 June 2015 - 04:59 AM

Hi,

please do the following:

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 blackhexen

blackhexen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 02 June 2015 - 08:53 PM

ComboFix 15-05-31.01 - Blackhexen 06/02/2015  17:22:36.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16324.12619 [GMT -7:00]
Running from: C:\Users\Blackhexen\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
 
(((((((((((((((((((((((((   Files Created from 2015-05-03 to 2015-06-03  )))))))))))))))))))))))))))))))
 
 
2015-06-03 00:49:36 . 2015-06-03 00:49:36 -------- d-----w- C:\Users\Public\AppData\Local\temp
2015-06-03 00:49:36 . 2015-06-03 00:49:36 -------- d-----w- C:\Users\Default\AppData\Local\temp
2015-06-02 09:06:50 . 2015-06-02 09:06:50 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{27F3DCCE-FF30-4FFE-BC4E-BCA22AFFCAD2}\offreg.672.dll
2015-06-02 09:05:56 . 2015-05-03 03:16:35 12214312 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{27F3DCCE-FF30-4FFE-BC4E-BCA22AFFCAD2}\mpengine.dll
2015-06-02 02:51:58 . 2015-05-03 03:16:35 12214312 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-27 00:40:20 . 2015-06-01 01:25:25 -------- d-----w- C:\FRST
2015-05-26 06:36:56 . 2015-05-26 06:56:14 37624 ----a-w- C:\Windows\system32\drivers\TrueSight.sys
2015-05-26 06:36:54 . 2015-05-26 06:44:54 -------- d-----w- C:\ProgramData\RogueKiller
2015-05-26 06:36:49 . 2015-05-26 06:36:52 -------- d-----w- C:\Program Files\RogueKiller
2015-05-26 06:13:33 . 2015-05-26 06:36:23 -------- d-----w- C:\ProgramData\HitmanPro
2015-05-26 03:52:15 . 2015-04-11 03:19:59 69888 ----a-w- C:\Windows\system32\drivers\stream.sys
2015-05-24 08:38:15 . 2015-03-26 04:33:19 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{37615A9D-FA1C-4412-972E-167529F410F7}\gapaengine.dll
2015-05-23 00:19:34 . 2015-05-23 00:19:34 -------- d-----w- C:\Users\Blackhexen\AppData\Local\Stardock
2015-05-23 00:19:17 . 2015-05-23 00:19:17 -------- d-----w- C:\ProgramData\Stardock
2015-05-15 01:12:30 . 2015-04-08 20:32:32 560968 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2015-05-14 23:42:46 . 2015-05-01 13:17:03 124112 ----a-w- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 23:42:46 . 2015-05-01 13:16:41 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 23:39:46 . 2015-05-05 01:29:39 342016 ----a-w- C:\Windows\system32\schannel.dll
2015-05-14 23:34:38 . 2015-03-04 04:41:42 6656 ----a-w- C:\Windows\system32\shimeng.dll
2015-05-14 23:34:38 . 2015-03-04 04:41:26 72192 ----a-w- C:\Windows\system32\aelupsvc.dll
2015-05-14 23:34:38 . 2015-03-04 04:41:26 342016 ----a-w- C:\Windows\system32\apphelp.dll
2015-05-14 23:34:38 . 2015-03-04 04:41:09 23552 ----a-w- C:\Windows\system32\sdbinst.exe
2015-05-14 23:34:38 . 2015-03-04 04:11:12 5120 ----a-w- C:\Windows\SysWow64\shimeng.dll
2015-05-14 23:34:38 . 2015-03-04 04:10:53 295936 ----a-w- C:\Windows\SysWow64\apphelp.dll
2015-05-14 23:34:38 . 2015-03-04 04:10:37 20992 ----a-w- C:\Windows\SysWow64\sdbinst.exe
.
 
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2015-05-28 22:07:19 . 2015-01-23 22:31:04 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-26 06:54:57 . 2014-12-21 04:01:27 136408 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-05-14 23:45:28 . 2012-04-02 16:06:04 140425016 ----a-w- C:\Windows\system32\MRT.exe
2015-05-01 16:51:27 . 2014-07-28 00:41:05 1316000 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2015-05-01 16:51:27 . 2013-11-12 23:42:14 1316184 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2015-05-01 16:50:57 . 2014-07-28 00:41:05 1756424 ----a-w- C:\Windows\system32\nvspbridge64.dll
2015-05-01 16:50:57 . 2013-11-12 23:42:14 1570672 ----a-w- C:\Windows\system32\nvspcap64.dll
2015-04-27 19:04:33 . 2015-05-14 23:40:09 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-04-14 19:16:17 . 2012-04-01 12:08:48 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-14 19:16:17 . 2012-04-01 12:08:48 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-14 16:37:56 . 2014-12-21 04:01:12 63704 ----a-w- C:\Windows\system32\drivers\mwac.sys
2015-04-14 16:37:46 . 2014-12-21 04:01:12 107736 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2015-04-14 16:37:42 . 2014-12-21 04:01:12 25816 ----a-w- C:\Windows\system32\drivers\mbam.sys
2015-04-09 00:58:18 . 2015-02-20 09:18:54 14617288 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2015-04-09 00:58:18 . 2014-12-02 05:11:20 3317344 ----a-w- C:\Windows\system32\nvapi64.dll
2015-04-09 00:58:18 . 2014-12-02 05:11:20 17176128 ----a-w- C:\Windows\system32\nvwgf2umx.dll
2015-04-09 00:58:18 . 2014-12-02 05:11:20 12689592 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2015-04-09 00:58:18 . 2013-11-12 23:40:10 78480 ----a-w- C:\Windows\system32\OpenCL.dll
2015-04-09 00:58:18 . 2013-11-12 23:40:10 66704 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2015-04-08 21:30:18 . 2013-11-12 23:40:33 6841488 ----a-w- C:\Windows\system32\nvcpl.dll
2015-04-08 21:30:18 . 2013-11-12 23:40:33 3478344 ----a-w- C:\Windows\system32\nvsvc64.dll
2015-04-08 21:30:14 . 2014-11-10 23:00:17 2558608 ----a-w- C:\Windows\system32\nvsvcr.dll
2015-04-08 21:30:14 . 2013-11-12 23:40:33 936264 ----a-w- C:\Windows\system32\nvvsvc.exe
2015-04-08 21:30:14 . 2013-11-12 23:40:33 62608 ----a-w- C:\Windows\system32\nvshext.dll
2015-04-08 21:30:13 . 2013-11-12 23:40:33 385168 ----a-w- C:\Windows\system32\nvmctray.dll
2015-04-08 17:52:00 . 2013-11-12 03:49:05 4336074 ----a-w- C:\Windows\system32\nvcoproc.bin
2015-03-26 04:33:19 . 2013-03-12 08:51:42 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-25 03:24:41 . 2015-04-16 05:47:45 98304 ----a-w- C:\Windows\system32\wudriver.dll
2015-03-25 03:24:41 . 2015-04-16 05:47:45 37376 ----a-w- C:\Windows\system32\wups2.dll
2015-03-25 03:24:41 . 2015-04-16 05:47:45 35328 ----a-w- C:\Windows\system32\wups.dll
2015-03-25 03:24:41 . 2015-04-16 05:47:45 3298816 ----a-w- C:\Windows\system32\wucltux.dll
2015-03-25 03:24:41 . 2015-04-16 05:47:45 2553856 ----a-w- C:\Windows\system32\wuaueng.dll
2015-03-25 03:24:41 . 2015-04-16 05:47:45 191488 ----a-w- C:\Windows\system32\wuwebv.dll
2015-03-25 03:24:40 . 2015-04-16 05:47:45 696320 ----a-w- C:\Windows\system32\wuapi.dll
2015-03-25 03:24:08 . 2015-04-16 05:47:45 60416 ----a-w- C:\Windows\system32\WinSetupUI.dll
2015-03-25 03:23:58 . 2015-04-16 05:47:45 12288 ----a-w- C:\Windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23:55 . 2015-04-16 05:47:45 36864 ----a-w- C:\Windows\system32\wuapp.exe
2015-03-25 03:23:55 . 2015-04-16 05:47:45 135168 ----a-w- C:\Windows\system32\wuauclt.exe
2015-03-25 03:00:57 . 2015-04-16 05:47:45 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-03-25 03:00:57 . 2015-04-16 05:47:45 566784 ----a-w- C:\Windows\SysWow64\wuapi.dll
2015-03-25 03:00:57 . 2015-04-16 05:47:45 29696 ----a-w- C:\Windows\SysWow64\wups.dll
2015-03-25 03:00:57 . 2015-04-16 05:47:45 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-03-25 03:00:15 . 2015-04-16 05:47:45 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-03-23 03:25:15 . 2015-04-16 05:48:04 726528 ----a-w- C:\Windows\system32\generaltel.dll
2015-03-23 03:25:01 . 2015-04-16 05:48:02 769536 ----a-w- C:\Windows\system32\invagent.dll
2015-03-23 03:24:56 . 2015-04-16 05:48:02 419840 ----a-w- C:\Windows\system32\devinv.dll
2015-03-23 03:24:54 . 2015-04-16 05:48:02 957952 ----a-w- C:\Windows\system32\appraiser.dll
2015-03-23 03:24:53 . 2015-04-16 05:48:02 30720 ----a-w- C:\Windows\system32\acmigration.dll
2015-03-23 03:24:53 . 2015-04-16 05:48:02 192000 ----a-w- C:\Windows\system32\aepic.dll
2015-03-23 03:24:53 . 2015-04-16 05:48:00 227328 ----a-w- C:\Windows\system32\aepdu.dll
2015-03-23 03:17:39 . 2015-04-16 05:48:02 1111552 ----a-w- C:\Windows\system32\aeinv.dll
2015-03-10 03:25:10 . 2015-04-16 05:47:47 1882624 ----a-w- C:\Windows\system32\msxml3.dll
2015-03-10 03:21:42 . 2015-04-16 05:47:47 2048 ----a-w- C:\Windows\system32\msxml3r.dll
2015-03-10 03:08:26 . 2015-04-16 05:47:47 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2015-03-10 03:05:39 . 2015-04-16 05:47:47 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2015-03-05 05:12:33 . 2015-04-16 05:47:43 404480 ----a-w- C:\Windows\system32\gdi32.dll
2015-03-05 04:05:06 . 2015-04-16 05:47:43 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-03-05 02:34:52 . 2015-03-05 02:34:52 280376 ----a-w- C:\Windows\system32\drivers\MpFilter.sys
2015-03-05 02:34:52 . 2012-08-31 06:03:48 124568 ----a-w- C:\Windows\system32\drivers\NisDrvWFP.sys
 
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AirPort Base Station Agent"="C:\Program Files (x86)\AirPort\APAgent.exe" [2009-11-12 00:17:02 771360]
"Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" [2014-11-03 23:47:52 585536]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 15:48:18 1022152]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
 
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R3 ATHDFU;Qualcomm Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys;C:\Windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys;C:\Windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\system32\drivers\mwac.sys;C:\Windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Nccidx64;Nonccid DFU detach 64 bit Driver;C:\Windows\system32\DRIVERS\Nccidx64.sys;C:\Windows\SYSNATIVE\DRIVERS\Nccidx64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys;C:\Windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\Program Files\Microsoft Security Client\NisSrv.exe;c:\Program Files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe;C:\Program Files (x86)\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys;C:\Windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
R3 SCR131C;SCRx31 Serial Smart Card Reader;C:\Windows\system32\DRIVERS\SCR131C.sys;C:\Windows\SYSNATIVE\DRIVERS\SCR131C.sys [x]
R3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;C:\Windows\system32\DRIVERS\SCR33X2K.sys;C:\Windows\SYSNATIVE\DRIVERS\SCR33X2K.sys [x]
R3 SCRx31 USB Reader;SCRx31 USB Reader;C:\Windows\system32\DRIVERS\stc2.sys;C:\Windows\SYSNATIVE\DRIVERS\stc2.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys;C:\Windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 STCFUx64;STC DFU Driver;C:\Windows\system32\DRIVERS\STCFUx64.SYS;C:\Windows\SYSNATIVE\DRIVERS\STCFUx64.SYS [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [x]
R4 CLKMSVC10_38F51D56;CyberLink Product - 2012/04/01 20:15:18;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R4 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
R4 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S0 asahci64;asahci64;C:\Windows\system32\DRIVERS\asahci64.sys;C:\Windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 iaStorA;iaStorA;C:\Windows\system32\DRIVERS\iaStorA.sys;C:\Windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;C:\Windows\system32\DRIVERS\iaStorF.sys;C:\Windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\system32\DRIVERS\mv91cons.sys;C:\Windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S1 RzFilter;RzFilter;C:\Windows\system32\drivers\RzFilter.sys;C:\Windows\SYSNATIVE\drivers\RzFilter.sys [x]
S2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe;C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe [x]
S2 cpuz135;cpuz135;C:\Windows\system32\drivers\cpuz135_x64.sys;C:\Windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe;C:\Windows\SYSNATIVE\svchost.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe;C:\Program Files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe;C:\Windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe;C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [x]
S2 rzpmgrk;rzpmgrk;C:\Windows\system32\drivers\rzpmgrk.sys;C:\Windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;C:\Windows\system32\drivers\rzpnk.sys;C:\Windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys;C:\Windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys;C:\Windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys;C:\Windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys;C:\Windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys;C:\Windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\system32\drivers\nvvad64v.sys;C:\Windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RzDxgk;RzDxgk;C:\Windows\system32\drivers\RzDxgk.sys;C:\Windows\SYSNATIVE\drivers\RzDxgk.sys [x]
S3 rzendpt;rzendpt;C:\Windows\system32\DRIVERS\rzendpt.sys;C:\Windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Keyboard Driver;C:\Windows\system32\DRIVERS\rzudd.sys;C:\Windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\system32\DRIVERS\S3XXx64.sys;C:\Windows\SYSNATIVE\DRIVERS\S3XXx64.sys [x]
 
 
--- Other Services/Drivers In Memory ---
 
*NewlyCreated* - 22462229
*Deregistered* - 22462229
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-25 22:06:00 986440 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
 
Contents of the 'Scheduled Tasks' folder
 
2015-06-03 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 12:08:48 . 2015-04-14 19:16:17]
 
2015-06-03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-07 03:48:35 . 2015-01-07 03:48:33]
 
2015-06-03 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-07 03:48:35 . 2015-01-07 03:48:33]
 
 
--------- X64 Entries -----------
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="C:\Windows\system32\nvspcap64.dll" [2015-05-01 16:50:57 1570672]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 20:42:02 6548112]
"RtHDVBg_DTS"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" [2012-06-08 00:26:04 1212048]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2015-04-30 08:47:16 1337000]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 08:17:52 112512]
"BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [2012-11-01 04:57:56 127616]
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-05-01 16:52:28 2685072]
 
------- Supplementary Scan -------
 
uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
 
- - - - ORPHANS REMOVED - - - -
 
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
 
 
 
--------------------- LOCKED REGISTRY KEYS ---------------------
 
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
   07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}"=hex:51,66,7a,6c,4c,1d,38,12,aa,f5,03,
   89,33,40,ba,0e,f9,17,52,ec,1a,81,c5,32
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
   fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
   51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
 
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1f,fa,c8,e1,56,af,ce,01
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
@DACL=(02 0000)
@="Java Plug-in 10.0.0"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.0_03"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.0_04"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.0_05"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_01"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_01"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_02"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_02"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_03"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_03"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_04"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_04"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_05"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_05"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_06"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_06"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_07"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_07"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_08"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_08"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_09"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_09"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_10"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_10"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_11"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_11"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_12"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_12"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_13"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_13"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_14"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_14"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_15"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_15"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_16"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_16"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_17"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_17"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_18"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_18"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_19"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_19"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_20"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_20"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_21"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_21"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_01"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_01"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_02"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_02"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_03"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_03"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_04"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_04"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_01"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_01"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_02"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_02"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_03"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_03"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_04"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_04"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_05"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_05"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_06"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_06"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_07"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_07"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_01"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_01"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_02"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_02"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_03"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_03"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_04"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_04"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_05"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_05"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_06"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_06"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_07"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_07"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_08"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_08"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_09"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_09"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_10"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_10"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_11"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_11"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_12"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_12"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_13"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_13"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_14"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_14"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_15"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_15"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_16"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_16"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_17"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_17"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_18"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_18"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_19"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_19"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_01"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_01"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_01"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_02"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_02"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_02"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_03"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_03"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_03"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_04"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_04"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_04"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_05"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_05"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_05"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_06"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_06"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_06"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_07"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_07"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_07"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_08"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_08"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_08"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_09"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_09"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_09"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_10"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_10"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_10"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_11"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_11"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_11"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_12"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_12"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_12"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_13"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_13"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_13"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_14"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_14"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_14"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_15"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_15"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_15"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_16"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_16"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_16"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_17"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_17"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_17"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_18"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_18"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_18"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_19"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_19"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_19"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_20"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_20"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_20"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_21"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_21"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_21"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_22"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_22"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_22"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_01"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_01"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_01"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_02"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_02"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_02"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_03"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_03"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_03"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_04"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_04"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_04"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_05"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_05"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_05"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_06"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_06"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_06"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_07"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_07"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_07"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_08"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_08"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_08"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_09"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_09"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_09"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_10"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_10"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_10"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_11"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_11"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_11"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_12"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_12"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_12"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_13"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_13"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_13"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_14"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_14"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_14"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_15"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_15"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_15"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_16"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_16"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_16"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_17"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_17"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_17"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_18"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_18"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_18"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_19"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_19"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_19"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_20"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_20"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_20"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_21"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_21"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_21"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_22"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_22"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_22"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_23"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_23"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_23"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_24"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_24"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_24"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0"
 
[HKEY_USERS\S-1-5-21-4102983730-1301437953-2718287387-1000_Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.0_02"
 
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
 
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
 
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
 
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
 
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
 
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
 
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
 
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
 
Completion time: 2015-06-02  18:48:53
ComboFix-quarantined-files.txt  2015-06-03 01:48:34
 
Pre-Run: 1,544,006,131,712 bytes free
Post-Run: 1,544,007,614,464 bytes free
 
 
-------------------------------------------------------------
 
The scan seemed to take a very long time. Thanks for your help! I'm standing by for further instructions.


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:29 PM

Posted 03 June 2015 - 02:27 AM

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 blackhexen

blackhexen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 03 June 2015 - 07:56 AM

Again, thank you for your help.

 

I can see after a few days that we are on opposite schedules. I'm leaving for work when I get your response which means that I don't get to respond until I get home.

 

I do have the ESET running but it is taking awhile and I need to get to work.  I will post the log when I return home from work.

 

Thanks again!



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:29 PM

Posted 03 June 2015 - 10:11 AM

You are welcome.
 

I can see after a few days that we are on opposite schedules. I'm leaving for work when I get your response which means that I don't get to respond until I get home.


I don't see a problem with this.
I donate my free time and I respond as quickly as I can. So every user gets at least one reply every 12 hours. :)

Edited by deeprybka, 03 June 2015 - 10:11 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 blackhexen

blackhexen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 03 June 2015 - 07:48 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f65e4ae2bd022040a96da00b6cbf3720
# end=init
# utc_time=2015-06-03 12:30:33
# local_time=2015-06-03 05:30:33 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24152
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f65e4ae2bd022040a96da00b6cbf3720
# end=updated
# utc_time=2015-06-03 12:38:19
# local_time=2015-06-03 05:38:19 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=f65e4ae2bd022040a96da00b6cbf3720
# engine=24152
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-03 08:18:32
# local_time=2015-06-03 01:18:32 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 1628831 104533934 0 0
# scanned=382481
# found=8
# cleaned=0
# scan_time=27613
sh=C1DE4C06DAA5D20FC15F43FA7A066A033AC349D9 ft=1 fh=dab3b4c93fb94bb8 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\Blackhexen\AppData\Roaming\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}\Plugins\npConduitFirefoxPlugin.dll"
sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Blackhexen\Downloads\ccsetup410.exe"
sh=3032CB5B0066ACB77259EC89E9ECAFDB21C06BE6 ft=1 fh=4cc4f419610b1b22 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Blackhexen\Downloads\ccsetup505.exe"
sh=A0C885C92EB91B16BFB8FBF4A9ABCE358A658F99 ft=1 fh=70f2756ae5428532 vn="Win32/Somoto.E potentially unwanted application" ac=I fn="C:\Users\Blackhexen\Drivers\LG BRD Disk Drive\DVDStyler-2.6.1-win32.exe"
sh=E7324FDF72FA6976B8D17215CEF5CEEB292A3CB5 ft=1 fh=ecf981a39bb3b4b1 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\Users\Blackhexen\Drivers\Tools\coretemp_1236.exe"
sh=DDA7E5C16BE11B33E29BBDB6AD1C3D7215C73390 ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="G:\BLACKHEXEN-PC\Backup Set 2014-07-22 070249\Backup Files 2014-07-22 070249\Backup files 19.zip"
sh=AB7DF28EF80D0C8ED0DD3C39FECD5ECBA32AC0C5 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="G:\BLACKHEXEN-PC\Backup Set 2014-07-22 070249\Backup Files 2014-07-22 070249\Backup files 4.zip"
sh=AD9EE2110EED439F46FFB3E55456C8DC9AE74644 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="G:\BLACKHEXEN-PC\Backup Set 2014-07-22 070249\Backup Files 2014-07-22 070249\Backup files 5.zip"
 
-------------------------------------------------------------------------
Thank you so much for your volunteer work and helping me!
 
Ready for the next step.


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:29 PM

Posted 04 June 2015 - 01:20 AM

Hi there,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    HWinlogon\Notify\ScCertProp: wlnotify.dll [X]
    Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
    HKU\S-1-5-21-4102983730-1301437953-2718287387-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    C:\Users\Blackhexen\AppData\Roaming\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
    C:\Users\Blackhexen\Downloads\ccsetup410.exe
    C:\Users\Blackhexen\Downloads\ccsetup505.exe
    C:\Users\Blackhexen\Drivers\LG BRD Disk Drive\DVDStyler-2.6.1-win32.exe
    C:\Users\Blackhexen\Drivers\Tools\coretemp_1236.exe
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.


lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 blackhexen

blackhexen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 04 June 2015 - 08:04 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-05-2015
Ran by Blackhexen at 2015-06-04 05:48:38 Run:1
Running from C:\Users\Blackhexen\Downloads
Loaded Profiles: Blackhexen (Available Profiles: Blackhexen)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HWinlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
HKU\S-1-5-21-4102983730-1301437953-2718287387-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
C:\Users\Blackhexen\AppData\Roaming\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
C:\Users\Blackhexen\Downloads\ccsetup410.exe
C:\Users\Blackhexen\Downloads\ccsetup505.exe
C:\Users\Blackhexen\Drivers\LG BRD Disk Drive\DVDStyler-2.6.1-win32.exe
C:\Users\Blackhexen\Drivers\Tools\coretemp_1236.exe
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\HScCertProp => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => key Removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
"HKU\S-1-5-21-4102983730-1301437953-2718287387-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
C:\Users\Blackhexen\AppData\Roaming\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} => Moved successfully.
C:\Users\Blackhexen\Downloads\ccsetup410.exe => Moved successfully.
C:\Users\Blackhexen\Downloads\ccsetup505.exe => Moved successfully.
C:\Users\Blackhexen\Drivers\LG BRD Disk Drive\DVDStyler-2.6.1-win32.exe => Moved successfully.
C:\Users\Blackhexen\Drivers\Tools\coretemp_1236.exe => Moved successfully.
EmptyTemp: => Removed 1.3 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 05:49:11 ====
 
The computer started much faster and physical memory usage is down from 25-30% usage to 15% at "rest". I'm going to monitor it over the next 12-24 hours to see it changes.
 
The SVChost.exe is still the #1 process but it is much smaller - 166,248 and it is not growing in size, which I have seen before.
 
While I monitor the system, can you tell him what you think may have been the cause?
 
Thanks!


#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:29 PM

Posted 04 June 2015 - 10:22 AM

While I monitor the system, can you tell him what you think may have been the cause?


glaskugel.gif That's not clear.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 blackhexen

blackhexen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 05 June 2015 - 12:40 AM

So, the svchost.exe file and MsMpEng.exe files are still the largest memory eaters.

 

After 12 hours, my at "rest" state is 17% memory in use and the svchost.exe file is at 272,788K up from 166,248K this morning.

 

The computer is running smoother with files/browser speeds noticeably faster. If we believe it isn't infected with anything malicious, I'd like to go ahead and clean the computer from all of our tools. If you still suspect something may be going on, I'll run whatever you need.

 

My concern is the boot time of Windows 7. It's slow (much slower than initial install). With that said, I will probably get a SSD and do a clean Windows 10 install in a few weeks upon release.

 

Let me know what you think! Thanks for your help!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users