Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirection, Multiple iexplorer.exe instances eating CPU (No more space)


  • This topic is locked This topic is locked
14 replies to this topic

#1 Cepse

Cepse

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 08 June 2015 - 06:28 PM

Hello, this is my first time here.

I recently had to travel alot and leavin my laptop for long peroids of time with people who had access to it before I was able to retrieve it. And this happened a few times. Each time I had the time I sat down and tried to work on the problems as I started seeing them come up, the reason for my asking for a helping hand is because it's come to the point where they are coming in faster than I can get rid of them.

 

Now about the current problems.

Every time I turn my laptop on I notice my CPU slowly but constantly climb, when investigating it in the task manager, I noticed multiple instances of "iexplorer.exe *32 bit" and "iexplorer.exe" running, no matter how many or how fast I close them, they keep coming back.

When using either chrome or firefox my homepage keeps getting set to www.trovi.com and google searches are almost always redirected, hitting back will result in either a blank page or the page I had originally clicked on it's 50/50.

I'm not sure if this is virus related or not, but it only started happening while I was away, the CD rom will either accept a disc then spit it out, won't accept it at all, it'll accept it and play, accept it and not play, or any combo of the above, and not let me spit it out unless I reboot and spit it out on start up. The problem starts that, this is all with the same 3 new discs, that are clean and without a scratch.

 

One other thing to note, I do not have my windows disc any longer (Not that it would work anyways)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Jimmy (administrator) on JIMMY-PC on 08-06-2015 19:01:23
Running from C:\Users\Jimmy\Desktop
Loaded Profiles: Jimmy (Available Profiles: Jimmy)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Akamai Technologies, Inc.) C:\Users\Jimmy\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Akamai Technologies, Inc.) C:\Users\Jimmy\AppData\Local\Akamai\netsession_win.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(PC-Doctor, Inc.) C:\Program Files\Alienware\SupportAssist\imstrayicon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Users\Jimmy\Desktop\Windows-KB890830-x64-V5.24.exe
(Microsoft Corporation) C:\b6954e00377e1acb78470372a49456\mrtstub.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5107712 2009-11-17] (Dell Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-14] (Raptr, Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\RunOnce: [proxygate] => [X]
HKLM-x32\...\RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
Winlogon\Notify\FastAccess: C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll [2010-04-04] ()
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Run: [Google Update] => C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jimmy\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Run: [HydraVisionDesktopManager] => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Run: [Axxhworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Jimmy\AppData\Local\Olqics\dasdfg21.dll
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Run: [Etxltion] => regsvr32.exe C:\Users\Jimmy\AppData\Local\Etxltion\3resdfss.dll <===== ATTENTION
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Run: [ChromeUpdate] => C:\Users\Jimmy\AppData\Roaming\ChromeUpdate\GoogleUpdate.exe
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe [927920 2015-04-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: G - G:\baldur.exe
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: H - H:\autorun.exe
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: J - J:\SETUP.EXE
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: K - K:\SETUP.EXE
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: {046d38c1-91c8-11e3-883c-0026b9ff04c4} - I:\Startme.exe
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: {793de550-573c-11e3-a5fa-0026b9ff04c4} - H:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: {f5daf906-9c63-11e2-b435-0026b9ff04c4} - G:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: {f5daf910-9c63-11e2-b435-0026b9ff04c4} - H:\setup\rsrc\Autorun.exe
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
Lsa: [Notification Packages] scecli FAPassSync
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll [2015-05-15] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3318522&octid=EB_ORIGINAL_CTID&ISID=MDF5DEB8F-D909-4D59-9905-BE5B976DC8DD&SearchSource=55&CUI=&UM=8&UP=SP02EBCCFF-692F-4D9E-9623-158810FF8F85&D=060715&SSPV=
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM-x32 -> DefaultScope {ED707578-C769-4DA2-A5A8-785FA5F39FEC} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3757311312-923654551-2957644542-1000 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3318522&octid=EB_ORIGINAL_CTID&ISID=MDF5DEB8F-D909-4D59-9905-BE5B976DC8DD&SearchSource=58&CUI=&UM=8&UP=SP02EBCCFF-692F-4D9E-9623-158810FF8F85&D=060715&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3757311312-923654551-2957644542-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3318522&octid=EB_ORIGINAL_CTID&ISID=MDF5DEB8F-D909-4D59-9905-BE5B976DC8DD&SearchSource=58&CUI=&UM=8&UP=SP02EBCCFF-692F-4D9E-9623-158810FF8F85&D=060715&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3757311312-923654551-2957644542-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291326&CUI=UN82058570330966237&UM=2
SearchScopes: HKU\S-1-5-21-3757311312-923654551-2957644542-1000 -> {83820DD2-3B83-4E65-9EEF-93EE035EF0BE} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=D834778E-CA97-4443-9EC7-62436A6899DF&apn_sauid=64C05A54-2F85-45EA-A3A0-30B9B4B7B198
SearchScopes: HKU\S-1-5-21-3757311312-923654551-2957644542-1000 -> {ED707578-C769-4DA2-A5A8-785FA5F39FEC} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_46_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0BtAyCtAtAzyyByCyEyByCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0CyByE0CtB0C0AtGtBtBtBtDtG0B0F0EtAtG0A0C0AzztGyD0AtD0D0A0D0EzztD0EyBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0D0Dzz0Fzz0BtDtG0BtCyDyBtGyEyC0EyDtGzy0E0B0EtGzytA0C0D0DzyzytAyCzzzz0E2Q&cr=365991183&ir=
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-14] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-01-22] (DVDVideoSoft Ltd.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SSOIEAddonBHO Class -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll [2010-04-04] (Sensible Vision )
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-01-22] (DVDVideoSoft Ltd.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3757311312-923654551-2957644542-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{333A6FDA-C862-494E-8D5D-10287C0DB5E6}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\60nn5930.default
FF DefaultSearchEngine: Trovi
FF DefaultSearchEngine.US: Google
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291326&CUI=UN38220075139051522&UM=2&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Trovi
FF Homepage: https://www.google.ca/?gfe_rd=cr&ei=OPR0VbeBFcOC8Qfv_oCYAQ&gws_rd=ssl
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291326&SearchSource=2&CUI=UN38220075139051522&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @gentek.com/thinclient -> C:\IGG\twclient_us\npthinclient.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> G:\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: @fancyguo.com/FancyGame,version=1.0.0.1 -> C:\Users\Jimmy\AppData\Local\Fancy\npfancygame.dll [2012-01-03] (Beijing FancyGuo Tech Ltd)
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: @gentek.com/thinclient -> C:\IGG\twclient_us\npthinclient.dll No File
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: @leeuu.com/npgboxruner;version= -> C:\Users\Jimmy\AppData\Roaming\gbox\npgboxruner.dll No File
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jimmy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF user.js: detected! => C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\60nn5930.default\user.js [2013-10-21]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\60nn5930.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012-04-14]
FF Extension: PropertyKeyCollection Class - C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\60nn5930.default\Extensions\{DE25DF7B-CC77-42C2-8647-675D42055F91} [2015-05-15]
FF Extension: Strict Pop-up Blocker - C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\60nn5930.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2015-05-30]
FF HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Firefox\Extensions: [{904EC61F-1109-43BD-9745-8D257C197720}] - C:\Program Files (x86)\Lyrics-Show\126.xpi
FF HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-02-06]

Chrome:
=======
CHR Profile: C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (So Many Me - Demo) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjkhidjaocnkjchjfpgbfdegeiljcdn [2013-09-20]
CHR Extension: (YouTube) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-13]
CHR Extension: (Google Search) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-13]
CHR Extension: (Polycraft) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopfmbpfhhfnklgmjpoehcjaajhpbhbl [2013-09-19]
CHR Extension: (PSO2 Extension) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\febdkhimnahpmjpbidcofjdpjjggojhj [2014-07-03]
CHR Extension: (Bookmark Manager) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-07]
CHR Extension: (DVDVideoSoft) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-02-09]
CHR Extension: (Google Wallet) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Famous Logos Quiz) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\opojgjpgafjmjiiglgknephkjmdmdcfo [2013-10-22]
CHR Extension: (Gmail) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-13]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3757311312-923654551-2957644542-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cpcidiiiodpbjdkbhldlebfbnidpgaih] - C:\Users\Jimmy\AppData\Local\CRE\cpcidiiiodpbjdkbhldlebfbnidpgaih.crx [2013-05-13]
CHR HKU\S-1-5-21-3757311312-923654551-2957644542-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-02-06]
CHR HKU\S-1-5-21-3757311312-923654551-2957644542-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Jimmy\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2013-10-09]
CHR HKU\S-1-5-21-3757311312-923654551-2957644542-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cpcidiiiodpbjdkbhldlebfbnidpgaih] - C:\Users\Jimmy\AppData\Local\CRE\cpcidiiiodpbjdkbhldlebfbnidpgaih.crx [2013-05-13]
CHR HKLM-x32\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fpdcjjiepplekfppfpcmkfgfagpmdmgc] - C:\Program Files (x86)\Lyrics-Show\126.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Jimmy\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pofcchimbbmpjnaeolplajfcjaphdpnf] - C:\ProgramData\TheBflix\pofcchimbbmpjnaeolplajfcjaphdpnf.crx [2012-05-09]
StartMenuInternet: Google Chrome - C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-11-22] (EasyAntiCheat Ltd)
S4 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2409800 2010-04-04] (Sensible Vision )
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5267776 2014-01-22] (INCA Internet Co., Ltd.)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [3066368 2009-10-29] (Broadcom Corporation) [File not signed]
S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [666720 2012-09-20] (Wellbia.com Co., Ltd.) [File not signed]
S4 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [X]
S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R1 MpKslc19c02e2; C:\Windows\system32\MpEngineStore\MpKslc19c02e2.sys [45352 2015-06-08] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) [File not signed]
S1 ptbkceku; C:\Windows\system32\drivers\ptbkceku.sys [55104 2015-06-07] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-04-26] (Duplex Secure Ltd.)
S1 tdqcesxe; C:\Windows\system32\drivers\tdqcesxe.sys [55104 2015-06-07] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
U3 ap8gkxro; No ImagePath
S3 AtiHdmiService; system32\drivers\AtiHdmi.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 slb; \??\C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [X]
S3 usj; \??\C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
S3 X6va005; \??\C:\Users\Jimmy\AppData\Local\Temp\005C882.tmp [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 19:01 - 2015-06-08 19:02 - 00026681 _____ C:\Users\Jimmy\Desktop\FRST.txt
2015-06-08 18:59 - 2015-06-08 19:01 - 00000000 ____D C:\FRST
2015-06-08 18:54 - 2015-06-08 18:55 - 02108928 _____ (Farbar) C:\Users\Jimmy\Desktop\FRST64.exe
2015-06-08 17:43 - 2015-06-08 17:44 - 00347816 _____ (Microsoft Corporation) C:\Users\Jimmy\Desktop\MicrosoftFixit.WindowsFirewall.RNP.203572540165236.3.1.Run.exe
2015-06-08 17:40 - 2015-06-08 17:40 - 00000000 ____D C:\Windows\system32\MpEngineStore
2015-06-08 17:38 - 2015-06-08 17:39 - 00000000 ____D C:\b6954e00377e1acb78470372a49456
2015-06-08 17:38 - 2015-06-08 17:38 - 00000000 ____D C:\a07affb60757c5387f
2015-06-08 17:16 - 2015-06-08 17:19 - 51789024 _____ (Microsoft Corporation) C:\Users\Jimmy\Desktop\Windows-KB890830-x64-V5.24.exe
2015-06-08 17:14 - 2015-06-08 17:14 - 00347816 _____ (Microsoft Corporation) C:\Users\Jimmy\Desktop\MicrosoftFixit.WinSecurity.Run.exe
2015-06-08 15:40 - 2015-06-08 16:58 - 00000000 ____D C:\Users\Jimmy\AppData\Local\LogMeIn Hamachi
2015-06-08 15:39 - 2015-06-08 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-06-08 15:39 - 2015-06-08 15:39 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-06-08 15:38 - 2015-06-08 15:39 - 08552448 _____ C:\Users\Jimmy\Desktop\hamachi.msi
2015-06-07 16:10 - 2015-06-07 16:10 - 00055104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ptbkceku.sys
2015-06-07 16:08 - 2015-06-07 16:08 - 00055104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdqcesxe.sys
2015-06-07 16:06 - 2015-06-07 16:15 - 00000000 ___HD C:\926f15e0
2015-06-07 16:05 - 2015-06-07 16:15 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\ChromeUpdate
2015-06-07 16:05 - 2015-06-07 16:05 - 00000616 ____H C:\ProgramData\@system.temp
2015-06-07 16:05 - 2015-06-07 16:05 - 00000480 ____H C:\Users\Jimmy\AppData\Roaming\麽鎒駓覜
2015-06-07 16:05 - 2015-06-07 16:05 - 00000352 ____H C:\ProgramData\@system3.att
2015-05-17 02:01 - 2015-05-17 02:01 - 00000938 _____ C:\Users\Jimmy\Desktop\ElfBot NG.lnk
2015-05-17 02:01 - 2015-05-17 02:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElfBot NG
2015-05-17 02:01 - 2015-05-17 02:01 - 00000000 ____D C:\Program Files (x86)\ElfBot NG
2015-05-16 21:26 - 2015-05-16 21:32 - 00001048 _____ C:\Users\Public\Desktop\TUGBot.exe.lnk
2015-05-16 21:26 - 2015-05-16 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TUGBot
2015-05-16 12:00 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 12:00 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 01:37 - 2015-05-16 03:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-16 00:07 - 2015-05-16 00:07 - 00000000 ____D C:\Program Files (x86)\TUGBot
2015-05-15 23:44 - 2015-05-15 23:44 - 00001945 _____ C:\Windows\epplauncher.mif
2015-05-15 23:38 - 2015-05-15 23:38 - 00002119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-15 23:37 - 2015-05-15 23:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-05-15 23:37 - 2015-05-15 23:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-05-15 23:04 - 2015-05-15 23:04 - 00000000 ____D C:\Program Files (x86)\Dungeon Defenders Eternity
2015-05-15 22:48 - 2015-05-15 22:48 - 00002808 _____ C:\Users\Public\Desktop\Dungeon Defenders Eternity.lnk
2015-05-15 22:48 - 2015-05-15 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trendy Entertainment
2015-05-15 22:41 - 2015-05-15 22:41 - 00000000 ____D C:\Program Files (x86)\Trendy Entertainment
2015-05-15 22:12 - 2015-06-07 16:06 - 00000000 ____D C:\Users\Jimmy\AppData\Local\Etxltion
2015-05-15 22:11 - 2015-05-31 02:15 - 00000000 ____D C:\Users\Jimmy\AppData\Local\Olqics
2015-05-15 22:00 - 2015-05-15 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-15 19:04 - 2015-06-07 19:55 - 00000000 ____D C:\Users\Jimmy\Desktop\Starbound.Beta.Build.27.04.2015
2015-05-15 12:41 - 2011-11-01 12:52 - 00000000 ____D C:\Users\Jimmy\Desktop\NoxiousOT.com
2015-05-14 23:40 - 2015-05-14 23:40 - 00000000 ____D C:\Program Files (x86)\Google
2015-05-12 20:03 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 20:03 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 20:03 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 20:03 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 20:03 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 20:03 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 20:03 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 20:03 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 20:03 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 20:03 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 20:03 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 20:03 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 20:03 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 20:03 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 20:03 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 20:03 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 20:03 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 20:03 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 20:03 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 20:03 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 20:03 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 20:03 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 20:03 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 20:03 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 20:03 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 20:03 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 20:03 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 20:03 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 20:03 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 20:03 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 20:03 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 20:03 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 20:03 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 20:03 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 20:03 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 20:03 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 20:03 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 20:03 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 20:03 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 20:03 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 20:03 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 20:03 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 20:03 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 20:03 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 20:03 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 20:03 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 20:03 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 20:03 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 20:03 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 20:03 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 20:03 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 20:03 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 20:03 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 20:03 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 20:03 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 20:03 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 20:03 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 20:03 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 20:03 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 20:03 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 20:03 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 20:03 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 20:03 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 20:03 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 20:01 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 20:01 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 20:01 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 20:01 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-12 20:01 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 20:01 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 20:01 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 20:01 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 20:01 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 20:01 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 20:01 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-12 20:01 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 20:01 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 20:01 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-12 20:01 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-12 20:01 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-12 20:01 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 20:01 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 20:01 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 20:01 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 20:01 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 20:01 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 20:01 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-12 20:01 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 20:01 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 20:01 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 20:01 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 20:01 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 20:01 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 20:01 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 20:00 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 20:00 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 20:00 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 20:00 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 20:00 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 20:00 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 20:00 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 20:00 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 20:00 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 20:00 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 20:00 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 20:00 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 20:00 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 20:00 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 20:00 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 20:00 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 20:00 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 20:00 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 18:45 - 2011-07-23 06:04 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3757311312-923654551-2957644542-1000UA.job
2015-06-08 18:34 - 2015-01-08 01:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-08 16:24 - 2015-01-21 19:04 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\Raptr
2015-06-08 16:18 - 2011-07-23 07:57 - 01645355 _____ C:\Windows\WindowsUpdate.log
2015-06-08 16:17 - 2015-03-30 16:56 - 00003504 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-06-08 15:48 - 2009-07-14 01:13 - 00812530 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-07 23:45 - 2011-07-23 06:04 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3757311312-923654551-2957644542-1000Core.job
2015-06-07 21:05 - 2012-05-05 02:04 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\BitTorrent
2015-06-07 16:35 - 2013-10-20 16:46 - 00000000 _____ C:\END
2015-06-07 16:26 - 2009-07-14 00:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-07 16:26 - 2009-07-14 00:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-07 16:24 - 2015-01-21 19:04 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-06-07 16:02 - 2014-06-27 21:53 - 00026236 _____ C:\Windows\setupact.log
2015-06-07 16:02 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-05-30 21:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-05-28 09:33 - 2011-07-23 06:45 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\Skype
2015-05-25 07:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-25 07:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-17 02:56 - 2013-11-20 01:43 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\Tibia
2015-05-16 21:12 - 2009-07-14 00:45 - 04996648 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-16 21:08 - 2009-07-14 03:47 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-16 21:08 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-16 12:08 - 2014-05-10 09:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-16 12:00 - 2012-12-23 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-16 11:59 - 2012-12-23 23:34 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-16 11:59 - 2012-12-23 23:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 23:36 - 2011-07-23 06:45 - 00000000 ____D C:\ProgramData\Skype
2015-05-15 23:35 - 2015-04-21 03:05 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-15 23:04 - 2012-08-28 09:41 - 00083577 _____ C:\Windows\DirectX.log
2015-05-15 22:58 - 2014-11-13 03:04 - 00000000 ____D C:\Program Files (x86)\Steam
2015-05-15 22:19 - 2015-03-15 19:31 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\vlc
2015-05-14 23:40 - 2011-07-23 06:04 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3757311312-923654551-2957644542-1000UA
2015-05-14 23:40 - 2011-07-23 06:04 - 00003486 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3757311312-923654551-2957644542-1000Core
2015-05-13 18:56 - 2015-01-02 04:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======

2013-01-04 03:22 - 2013-01-10 00:54 - 0000125 _____ () C:\Users\Jimmy\AppData\Roaming\D2Info0
2013-01-04 03:32 - 2013-01-09 19:51 - 0000008 _____ () C:\Users\Jimmy\AppData\Roaming\DofusAppId0_1
2013-01-04 03:22 - 2013-01-10 03:46 - 0000008 _____ () C:\Users\Jimmy\AppData\Roaming\DofusAppId0_2
2013-01-08 03:47 - 2013-01-08 03:47 - 0000008 _____ () C:\Users\Jimmy\AppData\Roaming\DofusAppId0_3
2013-08-14 05:48 - 2013-08-14 17:21 - 0037376 ___SH () C:\Users\Jimmy\AppData\Roaming\Thumbs.db
2014-11-12 10:09 - 2014-11-29 01:09 - 0000154 _____ () C:\Users\Jimmy\AppData\Roaming\WB.CFG
2015-06-07 16:05 - 2015-06-07 16:05 - 0000480 ____H () C:\Users\Jimmy\AppData\Roaming\麽鎒駓覜
2014-11-13 23:09 - 2014-11-13 23:09 - 0022528 _____ () C:\Users\Jimmy\AppData\Local\32760506dsisetup327628302.exe
2014-11-13 23:09 - 2014-11-21 18:09 - 0000001 _____ () C:\Users\Jimmy\AppData\Local\DSI.DAT
2014-11-21 18:09 - 2014-11-21 18:09 - 0022528 _____ () C:\Users\Jimmy\AppData\Local\dsisetup2226785252.exe
2011-12-24 17:52 - 2011-12-24 17:52 - 0000093 _____ () C:\Users\Jimmy\AppData\Local\fusioncache.dat
2014-07-01 22:53 - 2014-07-01 22:55 - 0000600 _____ () C:\Users\Jimmy\AppData\Local\PUTTY.RND
2014-06-20 09:12 - 2015-04-16 16:34 - 0007596 _____ () C:\Users\Jimmy\AppData\Local\Resmon.ResmonCfg
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\Jimmy\AppData\Local\setup.txt
2015-06-07 16:05 - 2015-06-07 16:05 - 0000616 ____H () C:\ProgramData\@system.temp
2015-06-07 16:05 - 2015-06-07 16:05 - 0000352 ____H () C:\ProgramData\@system3.att
2012-10-16 11:55 - 2012-08-17 11:55 - 0000032 ____R () C:\ProgramData\hash.dat
2011-07-24 09:27 - 2010-11-20 08:17 - 0104448 ___SH () C:\ProgramData\mscboxv.exe
2011-07-24 09:27 - 2010-11-20 08:17 - 0104448 ___SH () C:\ProgramData\mshmbrat.exe
2011-07-24 09:27 - 2010-11-20 08:17 - 0104448 ___SH () C:\ProgramData\msmsycils.exe
2011-07-24 09:27 - 2010-11-20 08:17 - 0104448 ___SH () C:\ProgramData\msrvtzg.exe
2011-07-24 09:27 - 2010-11-20 08:17 - 0104448 ___SH () C:\ProgramData\msslmeqf.exe

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\ProgramData\mscboxv.exe
C:\ProgramData\mshmbrat.exe
C:\ProgramData\msmsycils.exe
C:\ProgramData\msrvtzg.exe
C:\ProgramData\msslmeqf.exe
C:\Users\Jimmy\jagex_runescape_preferences.dat
C:\Users\Jimmy\jagex_runescape_preferences2.dat


Some files in TEMP:
====================
C:\Users\Jimmy\AppData\Local\Temp\1740.exe
C:\Users\Jimmy\AppData\Local\Temp\6B00.exe
C:\Users\Jimmy\AppData\Local\Temp\72B0.exe
C:\Users\Jimmy\AppData\Local\Temp\A648.exe
C:\Users\Jimmy\AppData\Local\Temp\bitool.dll
C:\Users\Jimmy\AppData\Local\Temp\CA18.exe
C:\Users\Jimmy\AppData\Local\Temp\F000.exe
C:\Users\Jimmy\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.9-R0.2-20-g0b2ed13-b3108jnks.dll
C:\Users\Jimmy\AppData\Local\Temp\KB00339582.exe
C:\Users\Jimmy\AppData\Local\Temp\KB00340004.exe
C:\Users\Jimmy\AppData\Local\Temp\KB00341376.exe
C:\Users\Jimmy\AppData\Local\Temp\KB00350237.exe
C:\Users\Jimmy\AppData\Local\Temp\KB00351813.exe
C:\Users\Jimmy\AppData\Local\Temp\KB00354949.exe
C:\Users\Jimmy\AppData\Local\Temp\npp.6.7.4.Installer.exe
C:\Users\Jimmy\AppData\Local\Temp\ose00000.exe
C:\Users\Jimmy\AppData\Local\Temp\Setup.exe
C:\Users\Jimmy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jimmy\AppData\Local\Temp\sp-downloader.exe
C:\Users\Jimmy\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Jimmy\AppData\Local\Temp\update.exe
C:\Users\Jimmy\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-07 17:15

==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 09 June 2015 - 02:13 AM

Hi there,

this doesn't look to good.. The computer is severly infected.
Let's gather some more information first to see if there is also a bootkit present:


Please download TDSSKiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.


#3 Cepse

Cepse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 09 June 2015 - 09:13 AM

Hi there, thanks for the fast responce.

 

10:10:19.0676 0xe10c  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
10:10:24.0942 0xe10c  ============================================================
10:10:24.0942 0xe10c  Current date / time: 2015/06/09 10:10:24.0942
10:10:24.0942 0xe10c  SystemInfo:
10:10:24.0942 0xe10c  
10:10:24.0942 0xe10c  OS Version: 6.1.7601 ServicePack: 1.0
10:10:24.0942 0xe10c  Product type: Workstation
10:10:24.0942 0xe10c  ComputerName: JIMMY-PC
10:10:24.0942 0xe10c  UserName: Jimmy
10:10:24.0942 0xe10c  Windows directory: C:\Windows
10:10:24.0942 0xe10c  System windows directory: C:\Windows
10:10:24.0942 0xe10c  Running under WOW64
10:10:24.0942 0xe10c  Processor architecture: Intel x64
10:10:24.0942 0xe10c  Number of processors: 4
10:10:24.0942 0xe10c  Page size: 0x1000
10:10:24.0942 0xe10c  Boot type: Normal boot
10:10:24.0942 0xe10c  ============================================================
10:10:26.0738 0xe10c  KLMD registered as C:\Windows\system32\drivers\26920038.sys
10:10:27.0087 0xe10c  System UUID: {6279E241-A9A3-73BB-2507-D8058E30F5D4}
10:10:27.0995 0xe10c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:10:28.0002 0xe10c  ============================================================
10:10:28.0002 0xe10c  \Device\Harddisk0\DR0:
10:10:28.0002 0xe10c  MBR partitions:
10:10:28.0002 0xe10c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
10:10:28.0002 0xe10c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B
10:10:28.0002 0xe10c  ============================================================
10:10:28.0036 0xe10c  C: <-> \Device\Harddisk0\DR0\Partition2
10:10:28.0068 0xe10c  E: <-> \Device\Harddisk0\DR0\Partition1
10:10:28.0068 0xe10c  ============================================================
10:10:28.0068 0xe10c  Initialize success
10:10:28.0068 0xe10c  ============================================================
10:10:49.0377 0x2940  ============================================================
10:10:49.0377 0x2940  Scan started
10:10:49.0377 0x2940  Mode: Manual; SigCheck; TDLFS;
10:10:49.0377 0x2940  ============================================================
10:10:49.0377 0x2940  KSN ping started
10:11:03.0951 0x2940  KSN ping finished: true
10:11:05.0290 0x2940  ================ Scan system memory ========================
10:11:05.0290 0x2940  System memory - ok
10:11:05.0291 0x2940  ================ Scan services =============================
10:11:05.0508 0x2940  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:11:05.0597 0x2940  1394ohci - ok
10:11:05.0635 0x2940  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:11:05.0663 0x2940  ACPI - ok
10:11:05.0683 0x2940  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:11:05.0755 0x2940  AcpiPmi - ok
10:11:05.0820 0x2940  [ 2F0683FD2DF1D92E891CACA14B45A8C1, B4A8D6A183FA0B7D642FAD6B51C19FEC998481E1C49480D2B391E5D8B55F5BBD ] adfs            C:\Windows\system32\drivers\adfs.sys
10:11:05.0837 0x2940  adfs - ok
10:11:05.0942 0x2940  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:11:05.0955 0x2940  AdobeARMservice - ok
10:11:06.0082 0x2940  [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:11:06.0099 0x2940  AdobeFlashPlayerUpdateSvc - ok
10:11:06.0165 0x2940  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:11:06.0202 0x2940  adp94xx - ok
10:11:06.0236 0x2940  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:11:06.0265 0x2940  adpahci - ok
10:11:06.0285 0x2940  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:11:06.0302 0x2940  adpu320 - ok
10:11:06.0337 0x2940  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:11:06.0387 0x2940  AeLookupSvc - ok
10:11:06.0434 0x2940  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
10:11:06.0497 0x2940  AFD - ok
10:11:06.0534 0x2940  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
10:11:06.0547 0x2940  agp440 - ok
10:11:06.0573 0x2940  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
10:11:06.0621 0x2940  ALG - ok
10:11:06.0679 0x2940  [ A99E57669390F265D25288C8BA042D78, A360DC404EF8D8C2367DCBADCEBB709830A6637E13D6439E194CCEF6C9CC474C ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe
10:11:06.0706 0x2940  AlienFusionService - ok
10:11:06.0738 0x2940  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:11:06.0751 0x2940  aliide - ok
10:11:06.0789 0x2940  [ 2998362D1E550F0C990D77E34415BEB6, 36BBC575DFE0CBD5BC4AF9AD8B54DCEF950E93AF48884D6523457071296514CC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:11:06.0881 0x2940  AMD External Events Utility - ok
10:11:06.0906 0x2940  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
10:11:06.0918 0x2940  amdide - ok
10:11:06.0952 0x2940  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:11:06.0977 0x2940  AmdK8 - ok
10:11:07.0557 0x2940  [ A87FC6E3670DB55788184FE3A3808712, 2366E7423B4EBC6E12F0C172246E4D2D3BDD702193FA6955A08180FFFCB217B9 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
10:11:08.0286 0x2940  amdkmdag - ok
10:11:08.0370 0x2940  [ 971F3B12C24BB83B48F8CCA2ED019906, E4757480DFF2678E3C7897F6E720EEFF76D452707FC87401B209FE533BFC3210 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
10:11:08.0433 0x2940  amdkmdap - ok
10:11:08.0452 0x2940  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:11:08.0485 0x2940  AmdPPM - ok
10:11:08.0518 0x2940  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:11:08.0533 0x2940  amdsata - ok
10:11:08.0549 0x2940  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:11:08.0567 0x2940  amdsbs - ok
10:11:08.0595 0x2940  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:11:08.0607 0x2940  amdxata - ok
10:11:08.0657 0x2940  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
10:11:08.0705 0x2940  AppID - ok
10:11:08.0727 0x2940  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:11:08.0755 0x2940  AppIDSvc - ok
10:11:08.0783 0x2940  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
10:11:08.0835 0x2940  Appinfo - ok
10:11:08.0890 0x2940  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
10:11:08.0943 0x2940  AppMgmt - ok
10:11:08.0970 0x2940  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:11:08.0984 0x2940  arc - ok
10:11:09.0051 0x2940  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:11:09.0069 0x2940  arcsas - ok
10:11:09.0251 0x2940  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:11:09.0266 0x2940  aspnet_state - ok
10:11:09.0274 0x2940  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:11:09.0394 0x2940  AsyncMac - ok
10:11:09.0418 0x2940  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
10:11:09.0428 0x2940  atapi - ok
10:11:09.0499 0x2940  [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:11:09.0552 0x2940  AtiHDAudioService - ok
10:11:09.0577 0x2940  AtiHdmiService - ok
10:11:09.0629 0x2940  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:11:09.0686 0x2940  AudioEndpointBuilder - ok
10:11:09.0720 0x2940  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:11:09.0748 0x2940  AudioSrv - ok
10:11:09.0771 0x2940  AxAutoMntSrv - ok
10:11:09.0821 0x2940  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:11:09.0901 0x2940  AxInstSV - ok
10:11:09.0937 0x2940  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
10:11:10.0007 0x2940  b06bdrv - ok
10:11:10.0043 0x2940  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:11:10.0083 0x2940  b57nd60a - ok
10:11:10.0113 0x2940  [ 50D45E314B13F70BF328D783868E6EA6, E22F30E7602D4EC0BEAA1E0DE7FF518B7B49556536C1F9E6C6308327CDEA4CA6 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
10:11:10.0124 0x2940  BCM42RLY - ok
10:11:10.0223 0x2940  [ 487794BECFE161A8E112D5A25D940B06, 593FED45F5402FFBE7B3288B06CE98905ABAE6BED33AEA7DFFA02919D0D84631 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
10:11:10.0340 0x2940  BCM43XX - ok
10:11:10.0372 0x2940  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:11:10.0399 0x2940  BDESVC - ok
10:11:10.0415 0x2940  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:11:10.0452 0x2940  Beep - ok
10:11:10.0515 0x2940  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
10:11:10.0593 0x2940  BFE - ok
10:11:10.0649 0x2940  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
10:11:10.0825 0x2940  BITS - ok
10:11:10.0849 0x2940  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:11:10.0866 0x2940  blbdrive - ok
10:11:10.0903 0x2940  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:11:10.0955 0x2940  bowser - ok
10:11:10.0969 0x2940  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:11:11.0040 0x2940  BrFiltLo - ok
10:11:11.0065 0x2940  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:11:11.0098 0x2940  BrFiltUp - ok
10:11:11.0130 0x2940  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
10:11:11.0185 0x2940  Browser - ok
10:11:11.0208 0x2940  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:11:11.0267 0x2940  Brserid - ok
10:11:11.0283 0x2940  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:11:11.0328 0x2940  BrSerWdm - ok
10:11:11.0347 0x2940  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:11:11.0364 0x2940  BrUsbMdm - ok
10:11:11.0378 0x2940  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:11:11.0406 0x2940  BrUsbSer - ok
10:11:11.0424 0x2940  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:11:11.0463 0x2940  BTHMODEM - ok
10:11:11.0517 0x2940  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
10:11:11.0556 0x2940  bthserv - ok
10:11:11.0570 0x2940  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:11:11.0628 0x2940  cdfs - ok
10:11:11.0687 0x2940  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:11:11.0724 0x2940  cdrom - ok
10:11:11.0805 0x2940  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
10:11:11.0845 0x2940  CertPropSvc - ok
10:11:11.0865 0x2940  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:11:11.0898 0x2940  circlass - ok
10:11:11.0955 0x2940  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
10:11:11.0983 0x2940  CLFS - ok
10:11:12.0054 0x2940  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:11:12.0067 0x2940  clr_optimization_v2.0.50727_32 - ok
10:11:12.0110 0x2940  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:11:12.0124 0x2940  clr_optimization_v2.0.50727_64 - ok
10:11:12.0194 0x2940  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:11:12.0212 0x2940  clr_optimization_v4.0.30319_32 - ok
10:11:12.0227 0x2940  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:11:12.0246 0x2940  clr_optimization_v4.0.30319_64 - ok
10:11:12.0276 0x2940  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:11:12.0307 0x2940  CmBatt - ok
10:11:12.0351 0x2940  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:11:12.0363 0x2940  cmdide - ok
10:11:12.0418 0x2940  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
10:11:12.0472 0x2940  CNG - ok
10:11:12.0512 0x2940  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:11:12.0525 0x2940  Compbatt - ok
10:11:12.0555 0x2940  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:11:12.0586 0x2940  CompositeBus - ok
10:11:12.0602 0x2940  COMSysApp - ok
10:11:12.0617 0x2940  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:11:12.0630 0x2940  crcdisk - ok
10:11:12.0672 0x2940  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:11:12.0725 0x2940  CryptSvc - ok
10:11:12.0770 0x2940  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
10:11:12.0836 0x2940  CSC - ok
10:11:12.0870 0x2940  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
10:11:12.0931 0x2940  CscService - ok
10:11:12.0963 0x2940  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:11:13.0027 0x2940  DcomLaunch - ok
10:11:13.0054 0x2940  [ B56714DED87E29377F1EE930691DADA2, B3C3BC4F546A786A93823C1471D560BF678A9C95237065E3B99B2B80E6C28131 ] DDDriver        C:\Windows\system32\drivers\DDDriver64Dcsa.sys
10:11:13.0064 0x2940  DDDriver - ok
10:11:13.0096 0x2940  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
10:11:13.0182 0x2940  defragsvc - ok
10:11:13.0318 0x2940  [ 013D165C6E3E5ED2BA0E20E4695DB5BF, EFCF3023AF86388DB3D8F696179CAD6B801B8CEDEEF9207967C25F0F39503764 ] DellDataVault   C:\Program Files\Dell\DellDataVault\DellDataVault.exe
10:11:13.0422 0x2940  DellDataVault - ok
10:11:13.0459 0x2940  [ 9C2CD6A0D0EEDD4EE72113DA554E374B, 45D76852B60B0D5399865FAE93FA0BE1BB320E0A4902BF58F6E0E43ACC9274FD ] DellDataVaultWiz C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
10:11:13.0473 0x2940  DellDataVaultWiz - ok
10:11:13.0496 0x2940  [ 66C87079CFCB61B650086802693114E0, B1EE411DF69BB98D5D9FA2D88C4C9FE1E4877FD8BBF572C3F444C90576ED0724 ] DellProf        C:\Windows\system32\drivers\DellProf.sys
10:11:13.0504 0x2940  DellProf - ok
10:11:13.0571 0x2940  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:11:13.0643 0x2940  DfsC - ok
10:11:13.0700 0x2940  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:11:13.0753 0x2940  Dhcp - ok
10:11:13.0843 0x2940  [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack       C:\Windows\system32\diagtrack.dll
10:11:13.0958 0x2940  DiagTrack - ok
10:11:13.0998 0x2940  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
10:11:14.0054 0x2940  discache - ok
10:11:14.0096 0x2940  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:11:14.0110 0x2940  Disk - ok
10:11:14.0135 0x2940  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:11:14.0191 0x2940  Dnscache - ok
10:11:14.0222 0x2940  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:11:14.0296 0x2940  dot3svc - ok
10:11:14.0346 0x2940  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
10:11:14.0389 0x2940  DPS - ok
10:11:14.0433 0x2940  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:11:14.0453 0x2940  drmkaud - ok
10:11:14.0512 0x2940  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:11:14.0563 0x2940  DXGKrnl - ok
10:11:14.0603 0x2940  [ F369E83F6CDAB987CA2DD764278659A6, 64F7CF085EA19A37D6A23D91B63BCF36EAC4FEE936DDD7E71F665C4FD0EA6DC2 ] e1kexpress      C:\Windows\system32\DRIVERS\e1k62x64.sys
10:11:14.0621 0x2940  e1kexpress - ok
10:11:14.0625 0x2940  EagleX64 - ok
10:11:14.0655 0x2940  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
10:11:14.0708 0x2940  EapHost - ok
10:11:14.0762 0x2940  EasyAntiCheat - ok
10:11:14.0884 0x2940  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
10:11:15.0031 0x2940  ebdrv - ok
10:11:15.0062 0x2940  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] EFS             C:\Windows\System32\lsass.exe
10:11:15.0112 0x2940  EFS - ok
10:11:15.0171 0x2940  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:11:15.0256 0x2940  ehRecvr - ok
10:11:15.0291 0x2940  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
10:11:15.0319 0x2940  ehSched - ok
10:11:15.0372 0x2940  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:11:15.0409 0x2940  elxstor - ok
10:11:15.0433 0x2940  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:11:15.0464 0x2940  ErrDev - ok
10:11:15.0519 0x2940  [ 932C05033053ADA2404FD836C9AB2C70, 39E3C40DDDCA475F55CD6A044E8CF35A1C25A776B79204CBF76D0DD5D89568D8 ] EuMusDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\vrtaucbl.sys
10:11:15.0529 0x2940  EuMusDesignVirtualAudioCableWdm - ok
10:11:15.0585 0x2940  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
10:11:15.0641 0x2940  EventSystem - ok
10:11:15.0667 0x2940  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
10:11:15.0711 0x2940  exfat - ok
10:11:15.0742 0x2940  [ 2C1D443E14F376E8331F52F135DCA9EF, 72E6611A6D8B54ED188A55229866E6F5BFF2BB284A4DFC7495732D4C3ED6F7F8 ] FACAP           C:\Windows\system32\DRIVERS\facap.sys
10:11:15.0757 0x2940  FACAP - ok
10:11:15.0868 0x2940  [ 53E30A6E86AA93C0FFC0BC0439E3E636, B969C3BDCD91F3A6F9A204D6B81DE8606D90CBB2E2BDC9C495914B47E8DF883E ] FAService       C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
10:11:16.0180 0x2940  FAService - ok
10:11:16.0199 0x2940  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:11:16.0255 0x2940  fastfat - ok
10:11:16.0323 0x2940  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
10:11:16.0379 0x2940  Fax - ok
10:11:16.0403 0x2940  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:11:16.0434 0x2940  fdc - ok
10:11:16.0486 0x2940  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
10:11:16.0555 0x2940  fdPHost - ok
10:11:16.0580 0x2940  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:11:16.0618 0x2940  FDResPub - ok
10:11:16.0626 0x2940  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:11:16.0640 0x2940  FileInfo - ok
10:11:16.0660 0x2940  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:11:16.0752 0x2940  Filetrace - ok
10:11:16.0776 0x2940  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:11:16.0831 0x2940  flpydisk - ok
10:11:16.0859 0x2940  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:11:16.0887 0x2940  FltMgr - ok
10:11:16.0965 0x2940  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
10:11:17.0044 0x2940  FontCache - ok
10:11:17.0114 0x2940  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:11:17.0126 0x2940  FontCache3.0.0.0 - ok
10:11:17.0142 0x2940  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:11:17.0157 0x2940  FsDepends - ok
10:11:17.0181 0x2940  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:11:17.0194 0x2940  Fs_Rec - ok
10:11:17.0226 0x2940  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:11:17.0247 0x2940  fvevol - ok
10:11:17.0268 0x2940  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:11:17.0281 0x2940  gagp30kx - ok
10:11:17.0327 0x2940  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:11:17.0398 0x2940  gpsvc - ok
10:11:17.0437 0x2940  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
10:11:17.0448 0x2940  hamachi - ok
10:11:17.0585 0x2940  [ 03CABA844BC03C99DB84146BF51A9259, 81E6340B9C9DAC97FE5C6F26FEACAB204E857FD5B0490E52D209066B83610DBB ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
10:11:17.0689 0x2940  Hamachi2Svc - ok
10:11:17.0714 0x2940  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:11:17.0762 0x2940  hcw85cir - ok
10:11:17.0808 0x2940  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:11:17.0842 0x2940  HdAudAddService - ok
10:11:17.0871 0x2940  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:11:17.0889 0x2940  HDAudBus - ok
10:11:17.0903 0x2940  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:11:17.0927 0x2940  HidBatt - ok
10:11:17.0950 0x2940  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:11:17.0983 0x2940  HidBth - ok
10:11:18.0010 0x2940  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:11:18.0048 0x2940  HidIr - ok
10:11:18.0075 0x2940  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
10:11:18.0134 0x2940  hidserv - ok
10:11:18.0191 0x2940  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:11:18.0220 0x2940  HidUsb - ok
10:11:18.0253 0x2940  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:11:18.0307 0x2940  hkmsvc - ok
10:11:18.0343 0x2940  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:11:18.0390 0x2940  HomeGroupListener - ok
10:11:18.0428 0x2940  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:11:18.0448 0x2940  HomeGroupProvider - ok
10:11:18.0479 0x2940  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:11:18.0493 0x2940  HpSAMD - ok
10:11:18.0539 0x2940  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:11:18.0615 0x2940  HTTP - ok
10:11:18.0630 0x2940  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:11:18.0643 0x2940  hwpolicy - ok
10:11:18.0660 0x2940  hxsyol - ok
10:11:18.0691 0x2940  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:11:18.0708 0x2940  i8042prt - ok
10:11:18.0734 0x2940  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:11:18.0769 0x2940  iaStorV - ok
10:11:18.0840 0x2940  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:11:18.0888 0x2940  idsvc - ok
10:11:18.0919 0x2940  IEEtwCollectorService - ok
10:11:18.0954 0x2940  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:11:18.0966 0x2940  iirsp - ok
10:11:19.0045 0x2940  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
10:11:19.0107 0x2940  IKEEXT - ok
10:11:19.0136 0x2940  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:11:19.0148 0x2940  intelide - ok
10:11:19.0174 0x2940  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:11:19.0189 0x2940  intelppm - ok
10:11:19.0225 0x2940  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:11:19.0267 0x2940  IPBusEnum - ok
10:11:19.0325 0x2940  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:11:19.0364 0x2940  IpFilterDriver - ok
10:11:19.0407 0x2940  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:11:19.0480 0x2940  iphlpsvc - ok
10:11:19.0511 0x2940  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:11:19.0546 0x2940  IPMIDRV - ok
10:11:19.0571 0x2940  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:11:19.0611 0x2940  IPNAT - ok
10:11:19.0631 0x2940  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:11:19.0686 0x2940  IRENUM - ok
10:11:19.0700 0x2940  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:11:19.0712 0x2940  isapnp - ok
10:11:19.0750 0x2940  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:11:19.0770 0x2940  iScsiPrt - ok
10:11:19.0804 0x2940  [ 8D990A44B4F2B68E2C56A3724EC3EB84, 5768FC5B156FC9CEEA735C933B50ADD8AE018F5609B83634F001E847E3101ACA ] itecir          C:\Windows\system32\DRIVERS\itecir.sys
10:11:19.0815 0x2940  itecir - ok
10:11:19.0853 0x2940  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:11:19.0865 0x2940  kbdclass - ok
10:11:19.0888 0x2940  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:11:19.0920 0x2940  kbdhid - ok
10:11:19.0938 0x2940  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] KeyIso          C:\Windows\system32\lsass.exe
10:11:19.0950 0x2940  KeyIso - ok
10:11:19.0984 0x2940  [ F7DFAE6040AC910B7C64EE208A34157D, AEF1100F12391692D9DB78519D843A90C97E199A80DDC4D43E3AF1919A9E8E56 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:11:19.0999 0x2940  KSecDD - ok
10:11:20.0015 0x2940  [ 8FE94F2EF9BF444E93E35D87E210D02F, 78E8F6FD7C1EA3556194947707BE6893538A9E25A550C22045866C5B30251D14 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:11:20.0033 0x2940  KSecPkg - ok
10:11:20.0048 0x2940  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:11:20.0105 0x2940  ksthunk - ok
10:11:20.0147 0x2940  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:11:20.0216 0x2940  KtmRm - ok
10:11:20.0251 0x2940  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:11:20.0314 0x2940  LanmanServer - ok
10:11:20.0353 0x2940  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:11:20.0395 0x2940  LanmanWorkstation - ok
10:11:20.0422 0x2940  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:11:20.0478 0x2940  lltdio - ok
10:11:20.0508 0x2940  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:11:20.0580 0x2940  lltdsvc - ok
10:11:20.0599 0x2940  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:11:20.0657 0x2940  lmhosts - ok
10:11:20.0721 0x2940  [ D6BF6FD055BD719F3D62E51B90857159, A7777D18E404164B4DA531AD94D2A712D9CC6A9288795B7388037752A558E96F ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
10:11:20.0752 0x2940  LMIGuardianSvc - ok
10:11:20.0793 0x2940  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:11:20.0808 0x2940  LSI_FC - ok
10:11:20.0867 0x2940  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:11:20.0882 0x2940  LSI_SAS - ok
10:11:20.0897 0x2940  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:11:20.0914 0x2940  LSI_SAS2 - ok
10:11:20.0935 0x2940  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:11:20.0949 0x2940  LSI_SCSI - ok
10:11:20.0977 0x2940  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
10:11:21.0029 0x2940  luafv - ok
10:11:21.0082 0x2940  [ 79D51E7F5926E8CE1B3EBECEBAE28CFF, 2722E217AF11F928E58F694E5C1CC5776283A56C54E7F84401FECFBD73E91EBA ] mcdbus          C:\Windows\system32\DRIVERS\mcdbus.sys
10:11:21.0101 0x2940  mcdbus - ok
10:11:21.0133 0x2940  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:11:21.0152 0x2940  Mcx2Svc - ok
10:11:21.0162 0x2940  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:11:21.0175 0x2940  megasas - ok
10:11:21.0193 0x2940  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:11:21.0213 0x2940  MegaSR - ok
10:11:21.0248 0x2940  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
10:11:21.0303 0x2940  MMCSS - ok
10:11:21.0322 0x2940  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
10:11:21.0360 0x2940  Modem - ok
10:11:21.0395 0x2940  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:11:21.0410 0x2940  monitor - ok
10:11:21.0442 0x2940  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:11:21.0454 0x2940  mouclass - ok
10:11:21.0481 0x2940  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:11:21.0511 0x2940  mouhid - ok
10:11:21.0566 0x2940  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:11:21.0581 0x2940  mountmgr - ok
10:11:21.0651 0x2940  [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
10:11:21.0675 0x2940  MpFilter - ok
10:11:21.0696 0x2940  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:11:21.0712 0x2940  mpio - ok
10:11:21.0743 0x2940  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:11:21.0781 0x2940  mpsdrv - ok
10:11:21.0840 0x2940  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:11:21.0930 0x2940  MpsSvc - ok
10:11:21.0961 0x2940  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:11:21.0982 0x2940  MRxDAV - ok
10:11:22.0004 0x2940  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:11:22.0035 0x2940  mrxsmb - ok
10:11:22.0070 0x2940  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:11:22.0111 0x2940  mrxsmb10 - ok
10:11:22.0131 0x2940  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:11:22.0166 0x2940  mrxsmb20 - ok
10:11:22.0191 0x2940  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:11:22.0203 0x2940  msahci - ok
10:11:22.0232 0x2940  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:11:22.0248 0x2940  msdsm - ok
10:11:22.0267 0x2940  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
10:11:22.0286 0x2940  MSDTC - ok
10:11:22.0325 0x2940  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:11:22.0375 0x2940  Msfs - ok
10:11:22.0392 0x2940  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:11:22.0441 0x2940  mshidkmdf - ok
10:11:22.0472 0x2940  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:11:22.0484 0x2940  msisadrv - ok
10:11:22.0524 0x2940  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:11:22.0567 0x2940  MSiSCSI - ok
10:11:22.0571 0x2940  msiserver - ok
10:11:22.0594 0x2940  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:11:22.0649 0x2940  MSKSSRV - ok
10:11:22.0732 0x2940  [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:11:22.0746 0x2940  MsMpSvc - ok
10:11:22.0762 0x2940  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:11:22.0816 0x2940  MSPCLOCK - ok
10:11:22.0826 0x2940  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:11:22.0881 0x2940  MSPQM - ok
10:11:22.0921 0x2940  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:11:22.0950 0x2940  MsRPC - ok
10:11:22.0965 0x2940  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:11:22.0978 0x2940  mssmbios - ok
10:11:22.0996 0x2940  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:11:23.0043 0x2940  MSTEE - ok
10:11:23.0067 0x2940  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:11:23.0095 0x2940  MTConfig - ok
10:11:23.0112 0x2940  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
10:11:23.0125 0x2940  Mup - ok
10:11:23.0171 0x2940  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
10:11:23.0232 0x2940  napagent - ok
10:11:23.0278 0x2940  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:11:23.0321 0x2940  NativeWifiP - ok
10:11:23.0378 0x2940  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:11:23.0426 0x2940  NDIS - ok
10:11:23.0447 0x2940  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:11:23.0499 0x2940  NdisCap - ok
10:11:23.0530 0x2940  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:11:23.0568 0x2940  NdisTapi - ok
10:11:23.0606 0x2940  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:11:23.0643 0x2940  Ndisuio - ok
10:11:23.0678 0x2940  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:11:23.0734 0x2940  NdisWan - ok
10:11:23.0767 0x2940  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:11:23.0803 0x2940  NDProxy - ok
10:11:23.0817 0x2940  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:11:23.0872 0x2940  NetBIOS - ok
10:11:23.0910 0x2940  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:11:23.0970 0x2940  NetBT - ok
10:11:23.0998 0x2940  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] Netlogon        C:\Windows\system32\lsass.exe
10:11:24.0010 0x2940  Netlogon - ok
10:11:24.0053 0x2940  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
10:11:24.0115 0x2940  Netman - ok
10:11:24.0143 0x2940  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:24.0161 0x2940  NetMsmqActivator - ok
10:11:24.0168 0x2940  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:24.0183 0x2940  NetPipeActivator - ok
10:11:24.0213 0x2940  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
10:11:24.0276 0x2940  netprofm - ok
10:11:24.0283 0x2940  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:24.0298 0x2940  NetTcpActivator - ok
10:11:24.0308 0x2940  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:24.0324 0x2940  NetTcpPortSharing - ok
10:11:24.0360 0x2940  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:11:24.0373 0x2940  nfrd960 - ok
10:11:24.0430 0x2940  [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:11:24.0446 0x2940  NisDrv - ok
10:11:24.0484 0x2940  [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
10:11:24.0516 0x2940  NisSrv - ok
10:11:24.0552 0x2940  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:11:24.0595 0x2940  NlaSvc - ok
10:11:24.0607 0x2940  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:11:24.0666 0x2940  Npfs - ok
10:11:24.0712 0x2940  npggsvc - ok
10:11:24.0717 0x2940  NPPTNT2 - ok
10:11:24.0744 0x2940  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
10:11:24.0781 0x2940  nsi - ok
10:11:24.0841 0x2940  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:11:24.0897 0x2940  nsiproxy - ok
10:11:24.0979 0x2940  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:11:25.0058 0x2940  Ntfs - ok
10:11:25.0075 0x2940  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
10:11:25.0113 0x2940  Null - ok
10:11:25.0143 0x2940  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:11:25.0160 0x2940  nvraid - ok
10:11:25.0178 0x2940  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:11:25.0194 0x2940  nvstor - ok
10:11:25.0217 0x2940  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:11:25.0232 0x2940  nv_agp - ok
10:11:25.0258 0x2940  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:11:25.0274 0x2940  ohci1394 - ok
10:11:25.0341 0x2940  [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:11:25.0356 0x2940  ose64 - ok
10:11:25.0556 0x2940  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:11:25.0773 0x2940  osppsvc - ok
10:11:26.0026 0x2940  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:11:26.0091 0x2940  p2pimsvc - ok
10:11:26.0116 0x2940  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
10:11:26.0174 0x2940  p2psvc - ok
10:11:26.0202 0x2940  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:11:26.0217 0x2940  Parport - ok
10:11:26.0243 0x2940  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:11:26.0256 0x2940  partmgr - ok
10:11:26.0295 0x2940  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:11:26.0326 0x2940  PcaSvc - ok
10:11:26.0350 0x2940  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
10:11:26.0367 0x2940  pci - ok
10:11:26.0392 0x2940  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
10:11:26.0404 0x2940  pciide - ok
10:11:26.0422 0x2940  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:11:26.0440 0x2940  pcmcia - ok
10:11:26.0453 0x2940  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:11:26.0466 0x2940  pcw - ok
10:11:26.0500 0x2940  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:11:26.0554 0x2940  PEAUTH - ok
10:11:26.0624 0x2940  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
10:11:26.0725 0x2940  PeerDistSvc - ok
10:11:26.0813 0x2940  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:11:26.0845 0x2940  PerfHost - ok
10:11:26.0951 0x2940  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
10:11:27.0060 0x2940  pla - ok
10:11:27.0112 0x2940  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:11:27.0181 0x2940  PlugPlay - ok
10:11:27.0214 0x2940  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:11:27.0228 0x2940  PNRPAutoReg - ok
10:11:27.0247 0x2940  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:11:27.0268 0x2940  PNRPsvc - ok
10:11:27.0300 0x2940  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:11:27.0362 0x2940  PolicyAgent - ok
10:11:27.0395 0x2940  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
10:11:27.0451 0x2940  Power - ok
10:11:27.0484 0x2940  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:11:27.0522 0x2940  PptpMiniport - ok
10:11:27.0556 0x2940  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:11:27.0570 0x2940  Processor - ok
10:11:27.0593 0x2940  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:11:27.0643 0x2940  ProfSvc - ok
10:11:27.0653 0x2940  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:11:27.0666 0x2940  ProtectedStorage - ok
10:11:27.0710 0x2940  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:11:27.0765 0x2940  Psched - ok
10:11:27.0807 0x2940  [ ADCFDB071D98DE433842D54A6566724C, 466395E00D2652367E60BD98AF386D80F7FAA278AB549F06B4EE86ECE9C4EC0D ] ptbkceku        C:\Windows\system32\drivers\ptbkceku.sys
10:11:27.0821 0x2940  ptbkceku - ok
10:11:27.0882 0x2940  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:11:27.0948 0x2940  ql2300 - ok
10:11:27.0967 0x2940  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:11:27.0982 0x2940  ql40xx - ok
10:11:28.0011 0x2940  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
10:11:28.0035 0x2940  QWAVE - ok
10:11:28.0043 0x2940  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:11:28.0076 0x2940  QWAVEdrv - ok
10:11:28.0097 0x2940  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:11:28.0146 0x2940  RasAcd - ok
10:11:28.0195 0x2940  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:11:28.0233 0x2940  RasAgileVpn - ok
10:11:28.0245 0x2940  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
10:11:28.0297 0x2940  RasAuto - ok
10:11:28.0333 0x2940  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:11:28.0373 0x2940  Rasl2tp - ok
10:11:28.0393 0x2940  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
10:11:28.0467 0x2940  RasMan - ok
10:11:28.0497 0x2940  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:11:28.0552 0x2940  RasPppoe - ok
10:11:28.0570 0x2940  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:11:28.0612 0x2940  RasSstp - ok
10:11:28.0658 0x2940  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:11:28.0710 0x2940  rdbss - ok
10:11:28.0725 0x2940  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:11:28.0743 0x2940  rdpbus - ok
10:11:28.0752 0x2940  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:11:28.0810 0x2940  RDPCDD - ok
10:11:28.0850 0x2940  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
10:11:28.0896 0x2940  RDPDR - ok
10:11:28.0923 0x2940  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:11:28.0959 0x2940  RDPENCDD - ok
10:11:28.0992 0x2940  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:11:29.0029 0x2940  RDPREFMP - ok
10:11:29.0069 0x2940  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:11:29.0119 0x2940  RDPWD - ok
10:11:29.0156 0x2940  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:11:29.0174 0x2940  rdyboost - ok
10:11:29.0224 0x2940  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:11:29.0283 0x2940  RemoteAccess - ok
10:11:29.0312 0x2940  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:11:29.0369 0x2940  RemoteRegistry - ok
10:11:29.0391 0x2940  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:11:29.0451 0x2940  RpcEptMapper - ok
10:11:29.0469 0x2940  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
10:11:29.0483 0x2940  RpcLocator - ok
10:11:29.0523 0x2940  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
10:11:29.0570 0x2940  RpcSs - ok
10:11:29.0613 0x2940  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:11:29.0651 0x2940  rspndr - ok
10:11:29.0674 0x2940  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
10:11:29.0692 0x2940  s3cap - ok
10:11:29.0708 0x2940  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] SamSs           C:\Windows\system32\lsass.exe
10:11:29.0719 0x2940  SamSs - ok
10:11:29.0737 0x2940  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:11:29.0751 0x2940  sbp2port - ok
10:11:29.0776 0x2940  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:11:29.0835 0x2940  SCardSvr - ok
10:11:30.0006 0x2940  [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D, 64A07303E538A1EE439D4AAD0DEBBD6037219D37B884026701A06E59A729E9C9 ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
10:11:30.0018 0x2940  SCDEmu - ok
10:11:30.0048 0x2940  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:11:30.0102 0x2940  scfilter - ok
10:11:30.0161 0x2940  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
10:11:30.0244 0x2940  Schedule - ok
10:11:30.0271 0x2940  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:11:30.0308 0x2940  SCPolicySvc - ok
10:11:30.0334 0x2940  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\drivers\sdbus.sys
10:11:30.0372 0x2940  sdbus - ok
10:11:30.0413 0x2940  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:11:30.0465 0x2940  SDRSVC - ok
10:11:30.0509 0x2940  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:11:30.0561 0x2940  secdrv - ok
10:11:30.0586 0x2940  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
10:11:30.0642 0x2940  seclogon - ok
10:11:30.0676 0x2940  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
10:11:30.0714 0x2940  SENS - ok
10:11:30.0726 0x2940  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:11:30.0752 0x2940  SensrSvc - ok
10:11:30.0762 0x2940  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:11:30.0790 0x2940  Serenum - ok
10:11:30.0810 0x2940  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:11:30.0842 0x2940  Serial - ok
10:11:30.0860 0x2940  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:11:30.0874 0x2940  sermouse - ok
10:11:30.0911 0x2940  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
10:11:30.0965 0x2940  SessionEnv - ok
10:11:30.0995 0x2940  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
10:11:31.0023 0x2940  sffdisk - ok
10:11:31.0046 0x2940  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:11:31.0063 0x2940  sffp_mmc - ok
10:11:31.0067 0x2940  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
10:11:31.0083 0x2940  sffp_sd - ok
10:11:31.0092 0x2940  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:11:31.0105 0x2940  sfloppy - ok
10:11:31.0139 0x2940  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:11:31.0206 0x2940  SharedAccess - ok
10:11:31.0245 0x2940  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:11:31.0315 0x2940  ShellHWDetection - ok
10:11:31.0342 0x2940  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:11:31.0356 0x2940  SiSRaid2 - ok
10:11:31.0368 0x2940  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:11:31.0382 0x2940  SiSRaid4 - ok
10:11:31.0481 0x2940  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
10:11:31.0503 0x2940  SkypeUpdate - ok
10:11:31.0540 0x2940  slb - ok
10:11:31.0567 0x2940  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:11:31.0607 0x2940  Smb - ok
10:11:31.0658 0x2940  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:11:31.0686 0x2940  SNMPTRAP - ok
10:11:31.0721 0x2940  [ 12583AF6CBE0050651EAF2723B3AD7B3, 965D4F981B54669A96C5AB02D09BF0A9850D13862425B8981F1A9271350F28BB ] speedfan        C:\Windows\syswow64\speedfan.sys
10:11:31.0731 0x2940  speedfan - ok
10:11:31.0746 0x2940  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:11:31.0758 0x2940  spldr - ok
10:11:31.0804 0x2940  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
10:11:31.0876 0x2940  Spooler - ok
10:11:32.0013 0x2940  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
10:11:32.0191 0x2940  sppsvc - ok
10:11:32.0220 0x2940  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:11:32.0275 0x2940  sppuinotify - ok
10:11:32.0351 0x2940  [ D6AB7C13FCDD2E4CAC35244D2C172D9A, 64A66368F5336B7A5879D083C2FE57DFD384410ADCC18004F327A4004A4F4300 ] sptd            C:\Windows\System32\Drivers\sptd.sys
10:11:32.0387 0x2940  sptd - ok
10:11:32.0426 0x2940  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:11:32.0500 0x2940  srv - ok
10:11:32.0526 0x2940  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:11:32.0577 0x2940  srv2 - ok
10:11:32.0605 0x2940  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:11:32.0623 0x2940  srvnet - ok
10:11:32.0667 0x2940  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:11:32.0710 0x2940  SSDPSRV - ok
10:11:32.0723 0x2940  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:11:32.0777 0x2940  SstpSvc - ok
10:11:32.0820 0x2940  StarWindServiceAE - ok
10:11:32.0924 0x2940  [ EBAA82F7C9B97C0E450449178E007340, D470927CC216C4E3EA23236E6C6464187CD3A49C3A4A456F488FEC8E713EA31B ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
10:11:33.0454 0x2940  Steam Client Service - ok
10:11:33.0489 0x2940  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:11:33.0503 0x2940  stexstor - ok
10:11:33.0553 0x2940  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
10:11:33.0597 0x2940  stisvc - ok
10:11:33.0625 0x2940  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
10:11:33.0638 0x2940  storflt - ok
10:11:33.0671 0x2940  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
10:11:33.0716 0x2940  StorSvc - ok
10:11:33.0726 0x2940  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
10:11:33.0738 0x2940  storvsc - ok
10:11:33.0808 0x2940  [ 23604F1CA8528BCECF03F8A8B562ABD6, 2F34D05DA1E662B04A86300C1A7BCF068C6824382855745DA3BA76E52881A02A ] SupportAssistAgent C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
10:11:33.0821 0x2940  SupportAssistAgent - ok
10:11:33.0836 0x2940  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:11:33.0848 0x2940  swenum - ok
10:11:33.0887 0x2940  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
10:11:33.0951 0x2940  swprv - ok
10:11:34.0033 0x2940  [ ECB9097C86DB32BF3940590E0E1792C3, 027C5642D39431DBD2A918228DFAD56B22FD9A584AF7037E23D1A3EA9E8865FE ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
10:11:34.0052 0x2940  SynTP - ok
10:11:34.0133 0x2940  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
10:11:34.0234 0x2940  SysMain - ok
10:11:34.0268 0x2940  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:11:34.0290 0x2940  TabletInputService - ok
10:11:34.0319 0x2940  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:11:34.0383 0x2940  TapiSrv - ok
10:11:34.0404 0x2940  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
10:11:34.0444 0x2940  TBS - ok
10:11:34.0527 0x2940  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:11:34.0605 0x2940  Tcpip - ok
10:11:34.0684 0x2940  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:11:34.0741 0x2940  TCPIP6 - ok
10:11:34.0789 0x2940  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:11:34.0803 0x2940  tcpipreg - ok
10:11:34.0838 0x2940  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:11:34.0884 0x2940  TDPIPE - ok
10:11:34.0931 0x2940  [ ADCFDB071D98DE433842D54A6566724C, 466395E00D2652367E60BD98AF386D80F7FAA278AB549F06B4EE86ECE9C4EC0D ] tdqcesxe        C:\Windows\system32\drivers\tdqcesxe.sys
10:11:34.0944 0x2940  tdqcesxe - ok
10:11:35.0035 0x2940  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:11:35.0049 0x2940  TDTCP - ok
10:11:35.0079 0x2940  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:11:35.0129 0x2940  tdx - ok
10:11:35.0150 0x2940  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:11:35.0164 0x2940  TermDD - ok
10:11:35.0216 0x2940  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
10:11:35.0294 0x2940  TermService - ok
10:11:35.0321 0x2940  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
10:11:35.0357 0x2940  Themes - ok
10:11:35.0389 0x2940  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
10:11:35.0427 0x2940  THREADORDER - ok
10:11:35.0444 0x2940  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
10:11:35.0486 0x2940  TrkWks - ok
10:11:35.0547 0x2940  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:11:35.0605 0x2940  TrustedInstaller - ok
10:11:35.0625 0x2940  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:11:35.0638 0x2940  tssecsrv - ok
10:11:35.0693 0x2940  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:11:35.0738 0x2940  TsUsbFlt - ok
10:11:35.0778 0x2940  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:11:35.0816 0x2940  tunnel - ok
10:11:35.0849 0x2940  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:11:35.0862 0x2940  uagp35 - ok
10:11:35.0899 0x2940  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:11:35.0951 0x2940  udfs - ok
10:11:35.0982 0x2940  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:11:35.0998 0x2940  UI0Detect - ok
10:11:36.0023 0x2940  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:11:36.0037 0x2940  uliagpkx - ok
10:11:36.0076 0x2940  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:11:36.0105 0x2940  umbus - ok
10:11:36.0128 0x2940  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:11:36.0142 0x2940  UmPass - ok
10:11:36.0178 0x2940  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
10:11:36.0212 0x2940  UmRdpService - ok
10:11:36.0245 0x2940  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
10:11:36.0300 0x2940  upnphost - ok
10:11:36.0338 0x2940  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
10:11:36.0343 0x2940  USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
10:11:41.0063 0x2940  Detect skipped due to KSN trusted
10:11:41.0063 0x2940  USBAAPL64 - ok
10:11:41.0141 0x2940  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:11:41.0195 0x2940  usbccgp - ok
10:11:41.0235 0x2940  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:11:41.0285 0x2940  usbcir - ok
10:11:41.0310 0x2940  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:11:41.0323 0x2940  usbehci - ok
10:11:41.0355 0x2940  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:11:41.0386 0x2940  usbhub - ok
10:11:41.0401 0x2940  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:11:41.0434 0x2940  usbohci - ok
10:11:41.0464 0x2940  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:11:41.0494 0x2940  usbprint - ok
10:11:41.0517 0x2940  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:11:41.0562 0x2940  usbscan - ok
10:11:41.0583 0x2940  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:11:41.0624 0x2940  USBSTOR - ok
10:11:41.0636 0x2940  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:11:41.0666 0x2940  usbuhci - ok
10:11:41.0722 0x2940  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
10:11:41.0767 0x2940  usbvideo - ok
10:11:41.0795 0x2940  usj - ok
10:11:41.0831 0x2940  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
10:11:41.0890 0x2940  UxSms - ok
10:11:41.0913 0x2940  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] VaultSvc        C:\Windows\system32\lsass.exe
10:11:41.0926 0x2940  VaultSvc - ok
10:11:41.0951 0x2940  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:11:41.0965 0x2940  vdrvroot - ok
10:11:42.0012 0x2940  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
10:11:42.0076 0x2940  vds - ok
10:11:42.0101 0x2940  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:11:42.0118 0x2940  vga - ok
10:11:42.0134 0x2940  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:11:42.0172 0x2940  VgaSave - ok
10:11:42.0205 0x2940  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:11:42.0223 0x2940  vhdmp - ok
10:11:42.0242 0x2940  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:11:42.0254 0x2940  viaide - ok
10:11:42.0275 0x2940  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
10:11:42.0293 0x2940  vmbus - ok
10:11:42.0308 0x2940  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
10:11:42.0338 0x2940  VMBusHID - ok
10:11:42.0357 0x2940  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:11:42.0371 0x2940  volmgr - ok
10:11:42.0412 0x2940  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:11:42.0441 0x2940  volmgrx - ok
10:11:42.0461 0x2940  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:11:42.0494 0x2940  volsnap - ok
10:11:42.0525 0x2940  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:11:42.0541 0x2940  vsmraid - ok
10:11:42.0623 0x2940  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
10:11:42.0726 0x2940  VSS - ok
10:11:42.0741 0x2940  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:11:42.0759 0x2940  vwifibus - ok
10:11:42.0768 0x2940  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:11:42.0803 0x2940  vwififlt - ok
10:11:42.0848 0x2940  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
10:11:42.0896 0x2940  W32Time - ok
10:11:42.0914 0x2940  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:11:42.0927 0x2940  WacomPen - ok
10:11:42.0955 0x2940  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:11:43.0005 0x2940  WANARP - ok
10:11:43.0030 0x2940  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:11:43.0070 0x2940  Wanarpv6 - ok
10:11:43.0146 0x2940  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:11:43.0211 0x2940  WatAdminSvc - ok
10:11:43.0285 0x2940  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
10:11:43.0387 0x2940  wbengine - ok
10:11:43.0416 0x2940  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:11:43.0460 0x2940  WbioSrvc - ok
10:11:43.0500 0x2940  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:11:43.0548 0x2940  wcncsvc - ok
10:11:43.0567 0x2940  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:11:43.0616 0x2940  WcsPlugInService - ok
10:11:43.0649 0x2940  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:11:43.0661 0x2940  Wd - ok
10:11:43.0706 0x2940  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:11:43.0755 0x2940  Wdf01000 - ok
10:11:43.0796 0x2940  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:11:43.0827 0x2940  WdiServiceHost - ok
10:11:43.0833 0x2940  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:11:43.0846 0x2940  WdiSystemHost - ok
10:11:43.0878 0x2940  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
10:11:43.0915 0x2940  WebClient - ok
10:11:43.0933 0x2940  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:11:43.0983 0x2940  Wecsvc - ok
10:11:43.0995 0x2940  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:11:44.0034 0x2940  wercplsupport - ok
10:11:44.0056 0x2940  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:11:44.0094 0x2940  WerSvc - ok
10:11:44.0117 0x2940  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:11:44.0154 0x2940  WfpLwf - ok
10:11:44.0172 0x2940  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:11:44.0184 0x2940  WIMMount - ok
10:11:44.0201 0x2940  WinDefend - ok
10:11:44.0219 0x2940  WinHttpAutoProxySvc - ok
10:11:44.0297 0x2940  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:11:44.0356 0x2940  Winmgmt - ok
10:11:44.0445 0x2940  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
10:11:44.0568 0x2940  WinRM - ok
10:11:44.0617 0x2940  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
10:11:44.0632 0x2940  WinUsb - ok
10:11:44.0683 0x2940  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:11:44.0758 0x2940  Wlansvc - ok
10:11:44.0906 0x2940  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:11:45.0004 0x2940  wlidsvc - ok
10:11:45.0032 0x2940  [ 6DB47E66DCCF04342C5F2A67A0EDB17E, 3456BE95AF414297443E20D85221AF54EDC207277896E096F5822F9AE3988EED ] wltrysvc        C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
10:11:45.0081 0x2940  wltrysvc - detected UnsignedFile.Multi.Generic ( 1 )
10:11:47.0771 0x2940  Detect skipped due to KSN trusted
10:11:47.0771 0x2940  wltrysvc - ok
10:11:47.0808 0x2940  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:11:47.0824 0x2940  WmiAcpi - ok
10:11:47.0862 0x2940  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:11:47.0882 0x2940  wmiApSrv - ok
10:11:47.0905 0x2940  WMPNetworkSvc - ok
10:11:47.0923 0x2940  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:11:47.0975 0x2940  WPCSvc - ok
10:11:48.0004 0x2940  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:11:48.0040 0x2940  WPDBusEnum - ok
10:11:48.0053 0x2940  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:11:48.0091 0x2940  ws2ifsl - ok
10:11:48.0105 0x2940  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
10:11:48.0125 0x2940  wscsvc - ok
10:11:48.0128 0x2940  WSearch - ok
10:11:48.0226 0x2940  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:11:48.0365 0x2940  wuauserv - ok
10:11:48.0393 0x2940  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:11:48.0434 0x2940  WudfPf - ok
10:11:48.0473 0x2940  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
10:11:48.0507 0x2940  WUDFRd - ok
10:11:48.0544 0x2940  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:11:48.0578 0x2940  wudfsvc - ok
10:11:48.0614 0x2940  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:11:48.0657 0x2940  WwanSvc - ok
10:11:48.0692 0x2940  X5XSEx_Pr143 - ok
10:11:48.0800 0x2940  X6va005 - ok
10:11:48.0892 0x2940  X6va009 - ok
10:11:48.0902 0x2940  X6va011 - ok
10:11:48.0915 0x2940  X6va015 - ok
10:11:48.0927 0x2940  xhunter1 - ok
10:11:48.0942 0x2940  xsherlock - ok
10:11:48.0949 0x2940  ================ Scan global ===============================
10:11:48.0977 0x2940  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
10:11:49.0020 0x2940  [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
10:11:49.0037 0x2940  [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
10:11:49.0109 0x2940  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
10:11:49.0149 0x2940  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
10:11:49.0166 0x2940  [ Global ] - ok
10:11:49.0166 0x2940  ================ Scan MBR ==================================
10:11:49.0178 0x2940  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:11:49.0630 0x2940  \Device\Harddisk0\DR0 - ok
10:11:49.0631 0x2940  ================ Scan VBR ==================================
10:11:49.0634 0x2940  [ 9932A2EAF286A5DCABE0863F6B5206B5 ] \Device\Harddisk0\DR0\Partition1
10:11:49.0636 0x2940  \Device\Harddisk0\DR0\Partition1 - ok
10:11:49.0639 0x2940  [ 56D25FB9BB9D4B88193833CA773CCAFC ] \Device\Harddisk0\DR0\Partition2
10:11:49.0680 0x2940  \Device\Harddisk0\DR0\Partition2 - ok
10:11:49.0681 0x2940  ================ Scan generic autorun ======================
10:11:49.0686 0x2940  SpUninstallCleanUp - ok
10:11:49.0762 0x2940  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:11:49.0854 0x2940  Sidebar - ok
10:11:49.0856 0x2940  Exetender - ok
10:11:49.0882 0x2940  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:11:49.0902 0x2940  mctadmin - ok
10:11:49.0953 0x2940  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:11:49.0993 0x2940  Sidebar - ok
10:11:49.0995 0x2940  Exetender - ok
10:11:50.0003 0x2940  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:11:50.0022 0x2940  mctadmin - ok
10:11:50.0066 0x2940  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe
10:11:50.0078 0x2940  Google Update - ok
10:11:50.0269 0x2940  [ D6E2ED7F1F7BE7CCB8676491BF950B57, CBF07EE746F2C27ACC532E83ADC43FBE954DC3C598C4333F13B1A7615AEA9AD5 ] C:\Users\Jimmy\AppData\Local\Akamai\netsession_win.exe
10:11:50.0442 0x2940  Akamai NetSession Interface - ok
10:11:50.0462 0x2940  HydraVisionDesktopManager - ok
10:11:50.0543 0x2940  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
10:11:50.0611 0x2940  Sidebar - ok
10:11:50.0647 0x2940  [ 432BE6CF7311062633459EEF6B242FB5, 890C1734ED1EF6B2422A9B21D6205CF91E014ADD8A7F41AA5A294FCF60631A7B ] C:\Windows\SysWOW64\regsvr32.exe
10:11:50.0660 0x2940  Axxhworks - ok
10:11:50.0662 0x2940  Etxltion - ok
10:11:50.0682 0x2940  ChromeUpdate - ok
10:11:50.0750 0x2940  [ 7E6B4AD487ED241D8224108E8E86A351, 8246F75DF64BBCC35CDC8DFF2F5157AD9523179344AC0517D42BAC99F2E87E8D ] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe
10:11:50.0795 0x2940  FlashPlayerUpdate - ok
10:11:50.0797 0x2940  Waiting for KSN requests completion. In queue: 20
10:11:51.0797 0x2940  Waiting for KSN requests completion. In queue: 20
10:11:52.0797 0x2940  Waiting for KSN requests completion. In queue: 20
10:11:53.0809 0x2940  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
10:11:53.0836 0x2940  Win FW state via NFP2: enabled
10:12:07.0513 0x2940  ============================================================
10:12:07.0513 0x2940  Scan finished
10:12:07.0513 0x2940  ============================================================
10:12:07.0522 0x6ff8  Detected object count: 0
10:12:07.0522 0x6ff8  Actual detected object count: 0
 



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 09 June 2015 - 09:45 AM

Ok, let's start the cleaning:


Step 1

Please download this attached Attached File  fixlist.txt   3.35KB   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download AdwCleaner (by Xplode) and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.


Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 Cepse

Cepse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 09 June 2015 - 12:11 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Jimmy at 2015-06-09 11:56:59 Run:1
Running from C:\Users\Jimmy\Desktop
Loaded Profiles: Jimmy (Available Profiles: Jimmy)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Run: [Axxhworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Jimmy\AppData\Local\Olqics\dasdfg21.dll
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Run: [Etxltion] => regsvr32.exe C:\Users\Jimmy\AppData\Local\Etxltion\3resdfss.dll <===== ATTENTION
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Run: [ChromeUpdate] => C:\Users\Jimmy\AppData\Roaming\ChromeUpdate\GoogleUpdate.exe
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll [2015-05-15] ()
C:\ProgramData\Microsoft\Performance
2015-05-15 22:12 - 2015-06-07 16:06 - 00000000 ____D C:\Users\Jimmy\AppData\Local\Etxltion
2015-05-15 22:11 - 2015-05-31 02:15 - 00000000 ____D C:\Users\Jimmy\AppData\Local\Olqics
2015-06-07 16:06 - 2015-06-07 16:15 - 00000000 ___HD C:\926f15e0
2015-06-07 16:05 - 2015-06-07 16:15 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\ChromeUpdate
2015-06-07 16:05 - 2015-06-07 16:05 - 00000616 ____H C:\ProgramData\@system.temp
2015-06-07 16:05 - 2015-06-07 16:05 - 00000480 ____H C:\Users\Jimmy\AppData\Roaming\麽鎒駓覜
2015-06-07 16:05 - 2015-06-07 16:05 - 00000352 ____H C:\ProgramData\@system3.att
2011-07-24 09:27 - 2010-11-20 08:17 - 0104448 ___SH () C:\ProgramData\mscboxv.exe
2011-07-24 09:27 - 2010-11-20 08:17 - 0104448 ___SH () C:\ProgramData\mshmbrat.exe
2011-07-24 09:27 - 2010-11-20 08:17 - 0104448 ___SH () C:\ProgramData\msmsycils.exe
2011-07-24 09:27 - 2010-11-20 08:17 - 0104448 ___SH () C:\ProgramData\msrvtzg.exe
2011-07-24 09:27 - 2010-11-20 08:17 - 0104448 ___SH () C:\ProgramData\msslmeqf.exe
EmptyTemp:
*****************

Processes closed successfully.
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Axxhworks => value removed successfully
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Etxltion => value removed successfully
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ChromeUpdate => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0PerformanceMonitor" => key removed successfully
"HKCR\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208}" => key removed successfully

"C:\ProgramData\Microsoft\Performance" folder move:

Could not move "C:\ProgramData\Microsoft\Performance" folder => Scheduled to move on reboot.

C:\Users\Jimmy\AppData\Local\Etxltion => moved successfully.
C:\Users\Jimmy\AppData\Local\Olqics => moved successfully.
C:\926f15e0 => moved successfully.
C:\Users\Jimmy\AppData\Roaming\ChromeUpdate => moved successfully.
C:\ProgramData\@system.temp => moved successfully.
C:\Users\Jimmy\AppData\Roaming\麽鎒駓覜 => moved successfully.
C:\ProgramData\@system3.att => moved successfully.
C:\ProgramData\mscboxv.exe => moved successfully.
C:\ProgramData\mshmbrat.exe => moved successfully.
C:\ProgramData\msmsycils.exe => moved successfully.
C:\ProgramData\msrvtzg.exe => moved successfully.
C:\ProgramData\msslmeqf.exe => moved successfully.
EmptyTemp: => 2.6 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-09 12:00:47)<=

C:\ProgramData\Microsoft\Performance => Is moved successfully

==== End of Fixlog 12:00:47 ====

 

# AdwCleaner v4.206 - Logfile created 09/06/2015 at 12:08:00
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Jimmy - JIMMY-PC
# Running from : C:\Users\Jimmy\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ftb
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Free Ride Games
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\TheBflix
Folder Deleted : C:\ProgramData\{1d0837e3-8a7e-a0b4-1d08-837e38a7df8e}
Folder Deleted : C:\Program Files (x86)\Delta
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Jimmy\AppData\Local\Conduit
Folder Deleted : C:\Users\Jimmy\AppData\Local\LhootSA
Folder Deleted : C:\Users\Jimmy\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\Jimmy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Jimmy\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Yontoo
Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Delta
Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\60nn5930.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Folder Deleted : C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Folder Deleted : C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
File Deleted : C:\END
File Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\60nn5930.default\user.js

***** [ Scheduled tasks ] *****

Task Deleted : RunAsStdUser Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{904EC61F-1109-43BD-9745-8D257C197720}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3291326
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{83820DD2-3B83-4E65-9EEF-93EE035EF0BE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ED707578-C769-4DA2-A5A8-785FA5F39FEC}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\DriverTuner_Init
Key Deleted : HKCU\Software\DriverTuner
Key Deleted : HKCU\Software\Condut
Key Deleted : HKCU\Software\DownLite
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\W3I
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;<local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v38.0.5 (x86 en-US)

[60nn5930.default\prefs.js] - Line Deleted : user_pref("CT3291326.smartbar.homepage", "true");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3291326&octid=CT3291326&SearchSource=61&CUI=UN38220075139051522&UM=2&UP=SP12C0A603-5884-4CA6-BBA0-EF03C38AAE8A");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "KeyBar 1.13 Customized Web Search");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291326&CUI=UN38220075139051522&UM=2&SearchSource=3&q={searchTerms}");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.4fa26799828eb.scode", "\n(function(){var bdomains={\"search.babylon.com\":1,\"search.sweetim.com\":1,\"mystart.incredimail.com\":1,\"mystart.incredibar.com\":1,\"search.iminent.c[...]
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.SimilarSitesStorage-pid2", "b93ed8f57e1f8015");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.admin", false);
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.aflt", "adknlg");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.cntry", "CA");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dfltSrch", false);
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hdrMd5", "C996C1F8F58053A8A27504699A09B913");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hmpg", false);
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.id", "4a3a64760000000000000026b9ff04c4");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.instlDay", "15442");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.instlRef", "");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.isDcmntCmplt", true);
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.11.163:47:46");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.newTab", false);
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.noFFXTlbr", false);
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.sg", "none");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.smplGrp", "none");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=adknlg&q=");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.11.16");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.11.163:47:46");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.11.16");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.aflt", "adknlg");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.dfltLng", "");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.excTlbr", false);
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.id", "4a3a64760000000000000026b9ff04c4");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.instlDay", "15442");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.instlRef", "");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.newTab", false);
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.prdct", "funmoods");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.tlbrId", "base");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=adknlg&q=");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.163:47:46");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291326&SearchSource=2&CUI=UN38220075139051522&UM=2&q=");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3291326");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3291326&CUI=UN38220075139051522&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3291326&octid=CT3291326&SearchSource[...]
[60nn5930.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291326&SearchSource=2&CUI=UN38220075139051522&UM=2&q=");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3291326");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3291326");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "HLKSVHFIFAYLZAKWFJFX8SOZHPFKMC4FFUOMZ0ZUXWWHR39URUVH5UJAFQBVPO7XCHG1UQGGCMDTNZM9WHCIXA");
[60nn5930.default\prefs.js] - Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3291326&CUI=UN38220075139051522&UM=2&SearchSource=13");

-\\ Google Chrome v

[C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_46_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0BtAyCtAtAzyyByCyEyByCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0CyByE0CtB0C0AtGtBtBtBtDtG0B0F0EtAtG0A0C0AzztGyD0AtD0D0A0D0EzztD0EyBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0D0Dzz0Fzz0BtDtG0BtCyDyBtGyEyC0EyDtGzy0E0B0EtGzytA0C0D0DzyzytAyCzzzz0E2Q&cr=365991183&ir=
[C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3318522&octid=EB_ORIGINAL_CTID&ISID=MDF5DEB8F-D909-4D59-9905-BE5B976DC8DD&SearchSource=58&CUI=&UM=8&UP=SP02EBCCFF-692F-4D9E-9623-158810FF8F85&D=060715&q={searchTerms}&SSPV=
[C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3318522&octid=EB_ORIGINAL_CTID&ISID=MDF5DEB8F-D909-4D59-9905-BE5B976DC8DD&SearchSource=55&CUI=&UM=8&UP=SP02EBCCFF-692F-4D9E-9623-158810FF8F85&D=060715&SSPV=
[C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 39A01776536F4665E35EB7CFAF33036C4D24DEF8328066BD0DAEE7F537D61F7B"},"software_reporter":{"prompt_reason":"ED49981BC4536BCCE5120BD8478B359DCBC5DFEE52121B605D411C1DF16738BF","prompt_seed":"1BD7B9DCC9CAB0EE91F6C0FC6B5F4E694DE607468D83832A6164E8F2FC546539","prompt_version":"766F866A858385EFD0585DAFD6BF458CA1FB62C7DE7CF5BF902C2F10E5A4FCFF"},"sync":{"remaining_rollback_tries":"40F1516291AECC8778D82FE1B2D8C22F368B39D108ED4E4EA52C88FAA1BF2D48"}},"super_mac":"E086E7D32C08E4F1DE197452DB8C4273557B2BD04EB31D337B675B1B3F00EE81"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.trovi.com/?gd=&ctid=CT3318522&octid=EB_ORIGINAL_CTID&ISID=MDF5DEB8F-D909-4D59-9905-BE5B976DC8DD&SearchSource=55&CUI=&UM=8&UP=SP02EBCCFF-692F-4D9E-9623-158810FF8F85&D=060715&SSPV=

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [15434 bytes] - [09/06/2015 12:04:17]
AdwCleaner[S0].txt - [14924 bytes] - [09/06/2015 12:08:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14984  bytes] ##########
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Jimmy (administrator) on JIMMY-PC on 09-06-2015 13:03:50
Running from C:\Users\Jimmy\Desktop
Loaded Profiles: Jimmy (Available Profiles: Jimmy)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe
(Akamai Technologies, Inc.) C:\Users\Jimmy\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Jimmy\AppData\Local\Akamai\netsession_win.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5107712 2009-11-17] (Dell Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-14] (Raptr, Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
Winlogon\Notify\FastAccess: C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll [2010-04-04] ()
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Run: [Google Update] => C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jimmy\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Run: [HydraVisionDesktopManager] => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: G - G:\baldur.exe
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: H - H:\autorun.exe
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: J - J:\SETUP.EXE
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: K - K:\SETUP.EXE
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: {046d38c1-91c8-11e3-883c-0026b9ff04c4} - I:\Startme.exe
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: {793de550-573c-11e3-a5fa-0026b9ff04c4} - H:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: {f5daf906-9c63-11e2-b435-0026b9ff04c4} - G:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: {f5daf910-9c63-11e2-b435-0026b9ff04c4} - H:\setup\rsrc\Autorun.exe
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
Lsa: [Notification Packages] scecli FAPassSync
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-14] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SSOIEAddonBHO Class -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll [2010-04-04] (Sensible Vision )
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3757311312-923654551-2957644542-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{333A6FDA-C862-494E-8D5D-10287C0DB5E6}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\60nn5930.default
FF DefaultSearchEngine: Trovi
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Trovi
FF Homepage: https://www.google.ca/?gfe_rd=cr&ei=OPR0VbeBFcOC8Qfv_oCYAQ&gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @gentek.com/thinclient -> C:\IGG\twclient_us\npthinclient.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> G:\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: @fancyguo.com/FancyGame,version=1.0.0.1 -> C:\Users\Jimmy\AppData\Local\Fancy\npfancygame.dll [2012-01-03] (Beijing FancyGuo Tech Ltd)
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: @gentek.com/thinclient -> C:\IGG\twclient_us\npthinclient.dll No File
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: @leeuu.com/npgboxruner;version= -> C:\Users\Jimmy\AppData\Roaming\gbox\npgboxruner.dll No File
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jimmy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Strict Pop-up Blocker - C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\60nn5930.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2015-05-30]
FF HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-02-06]

Chrome:
=======
CHR Profile: C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (So Many Me - Demo) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjkhidjaocnkjchjfpgbfdegeiljcdn [2013-09-20]
CHR Extension: (YouTube) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-13]
CHR Extension: (Google Search) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-13]
CHR Extension: (Polycraft) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopfmbpfhhfnklgmjpoehcjaajhpbhbl [2013-09-19]
CHR Extension: (PSO2 Extension) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\febdkhimnahpmjpbidcofjdpjjggojhj [2014-07-03]
CHR Extension: (Bookmark Manager) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-07]
CHR Extension: (Google Wallet) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Famous Logos Quiz) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\opojgjpgafjmjiiglgknephkjmdmdcfo [2013-10-22]
CHR Extension: (Gmail) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-13]
CHR HKU\S-1-5-21-3757311312-923654551-2957644542-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cpcidiiiodpbjdkbhldlebfbnidpgaih] - C:\Users\Jimmy\AppData\Local\CRE\cpcidiiiodpbjdkbhldlebfbnidpgaih.crx [2013-05-13]
CHR HKU\S-1-5-21-3757311312-923654551-2957644542-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Jimmy\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [cpcidiiiodpbjdkbhldlebfbnidpgaih] - C:\Users\Jimmy\AppData\Local\CRE\cpcidiiiodpbjdkbhldlebfbnidpgaih.crx [2013-05-13]
CHR HKLM-x32\...\Chrome\Extension: [fpdcjjiepplekfppfpcmkfgfagpmdmgc] - C:\Program Files (x86)\Lyrics-Show\126.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Jimmy\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [pofcchimbbmpjnaeolplajfcjaphdpnf] - C:\ProgramData\TheBflix\pofcchimbbmpjnaeolplajfcjaphdpnf.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-11-22] (EasyAntiCheat Ltd)
S4 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2409800 2010-04-04] (Sensible Vision )
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5267776 2014-01-22] (INCA Internet Co., Ltd.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [3066368 2009-10-29] (Broadcom Corporation) [File not signed]
S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [666720 2012-09-20] (Wellbia.com Co., Ltd.) [File not signed]
S4 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [X]
S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-04-26] (Duplex Secure Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
U3 a6cpo784; No ImagePath
S3 AtiHdmiService; system32\drivers\AtiHdmi.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 slb; \??\C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [X]
S3 usj; \??\C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
S3 X6va005; \??\C:\Users\Jimmy\AppData\Local\Temp\005C882.tmp [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 12:04 - 2015-06-09 12:57 - 00000000 ____D C:\AdwCleaner
2015-06-09 12:03 - 2015-06-09 12:03 - 02231296 _____ C:\Users\Jimmy\Desktop\AdwCleaner.exe
2015-06-09 10:09 - 2015-06-09 10:09 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Jimmy\Desktop\tdsskiller.exe
2015-06-08 19:01 - 2015-06-09 13:04 - 00020760 _____ C:\Users\Jimmy\Desktop\FRST.txt
2015-06-08 18:59 - 2015-06-09 13:03 - 00000000 ____D C:\FRST
2015-06-08 18:54 - 2015-06-08 18:55 - 02108928 _____ (Farbar) C:\Users\Jimmy\Desktop\FRST64.exe
2015-06-08 17:43 - 2015-06-08 17:44 - 00347816 _____ (Microsoft Corporation) C:\Users\Jimmy\Desktop\MicrosoftFixit.WindowsFirewall.RNP.203572540165236.3.1.Run.exe
2015-06-08 17:16 - 2015-06-08 17:19 - 51789024 _____ (Microsoft Corporation) C:\Users\Jimmy\Desktop\Windows-KB890830-x64-V5.24.exe
2015-06-08 17:14 - 2015-06-08 17:14 - 00347816 _____ (Microsoft Corporation) C:\Users\Jimmy\Desktop\MicrosoftFixit.WinSecurity.Run.exe
2015-06-08 15:40 - 2015-06-09 13:00 - 00000000 ____D C:\Users\Jimmy\AppData\Local\LogMeIn Hamachi
2015-06-08 15:39 - 2015-06-08 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-06-08 15:39 - 2015-06-08 15:39 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-06-08 15:38 - 2015-06-08 15:39 - 08552448 _____ C:\Users\Jimmy\Desktop\hamachi.msi
2015-05-17 02:01 - 2015-05-17 02:01 - 00000938 _____ C:\Users\Jimmy\Desktop\ElfBot NG.lnk
2015-05-17 02:01 - 2015-05-17 02:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElfBot NG
2015-05-17 02:01 - 2015-05-17 02:01 - 00000000 ____D C:\Program Files (x86)\ElfBot NG
2015-05-16 21:26 - 2015-05-16 21:32 - 00001048 _____ C:\Users\Public\Desktop\TUGBot.exe.lnk
2015-05-16 21:26 - 2015-05-16 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TUGBot
2015-05-16 12:00 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 12:00 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 01:37 - 2015-06-08 21:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-16 00:07 - 2015-05-16 00:07 - 00000000 ____D C:\Program Files (x86)\TUGBot
2015-05-15 23:44 - 2015-05-15 23:44 - 00001945 _____ C:\Windows\epplauncher.mif
2015-05-15 23:38 - 2015-05-15 23:38 - 00002119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-15 23:37 - 2015-05-15 23:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-05-15 23:37 - 2015-05-15 23:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-05-15 23:04 - 2015-05-15 23:04 - 00000000 ____D C:\Program Files (x86)\Dungeon Defenders Eternity
2015-05-15 22:48 - 2015-05-15 22:48 - 00002808 _____ C:\Users\Public\Desktop\Dungeon Defenders Eternity.lnk
2015-05-15 22:48 - 2015-05-15 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trendy Entertainment
2015-05-15 22:41 - 2015-05-15 22:41 - 00000000 ____D C:\Program Files (x86)\Trendy Entertainment
2015-05-15 22:00 - 2015-05-15 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-15 19:04 - 2015-06-07 19:55 - 00000000 ____D C:\Users\Jimmy\Desktop\Starbound.Beta.Build.27.04.2015
2015-05-15 12:41 - 2011-11-01 12:52 - 00000000 ____D C:\Users\Jimmy\Desktop\NoxiousOT.com
2015-05-14 23:40 - 2015-05-14 23:40 - 00000000 ____D C:\Program Files (x86)\Google
2015-05-12 20:03 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 20:03 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 20:03 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 20:03 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 20:03 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 20:03 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 20:03 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 20:03 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 20:03 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 20:03 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 20:03 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 20:03 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 20:03 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 20:03 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 20:03 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 20:03 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 20:03 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 20:03 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 20:03 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 20:03 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 20:03 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 20:03 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 20:03 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 20:03 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 20:03 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 20:03 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 20:03 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 20:03 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 20:03 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 20:03 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 20:03 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 20:03 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 20:03 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 20:03 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 20:03 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 20:03 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 20:03 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 20:03 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 20:03 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 20:03 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 20:03 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 20:03 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 20:03 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 20:03 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 20:03 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 20:03 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 20:03 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 20:03 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 20:03 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 20:03 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 20:03 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 20:03 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 20:03 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 20:03 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 20:03 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 20:03 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 20:03 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 20:03 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 20:03 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 20:03 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 20:03 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 20:03 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 20:03 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 20:03 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 20:01 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 20:01 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 20:01 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 20:01 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-12 20:01 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 20:01 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 20:01 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 20:01 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 20:01 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 20:01 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 20:01 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-12 20:01 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 20:01 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 20:01 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-12 20:01 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-12 20:01 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-12 20:01 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 20:01 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 20:01 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 20:01 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 20:01 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 20:01 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 20:01 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-12 20:01 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 20:01 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 20:01 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 20:01 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 20:01 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 20:01 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 20:01 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 20:00 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 20:00 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 20:00 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 20:00 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 20:00 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 20:00 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 20:00 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 20:00 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 20:00 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 20:00 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 20:00 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 20:00 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 20:00 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 20:00 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 20:00 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 20:00 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 20:00 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 20:00 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 13:02 - 2011-07-23 07:57 - 01705596 _____ C:\Windows\WindowsUpdate.log
2015-06-09 13:01 - 2015-01-21 19:04 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\Raptr
2015-06-09 12:58 - 2014-06-27 21:53 - 00026404 _____ C:\Windows\setupact.log
2015-06-09 12:58 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-09 12:57 - 2011-07-23 06:04 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3757311312-923654551-2957644542-1000UA.job
2015-06-09 12:34 - 2015-01-08 01:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-09 12:25 - 2009-07-14 00:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-09 12:25 - 2009-07-14 00:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-09 11:58 - 2011-08-05 18:33 - 00935716 _____ C:\Windows\PFRO.log
2015-06-09 11:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-08 23:45 - 2011-07-23 06:04 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3757311312-923654551-2957644542-1000Core.job
2015-06-08 16:17 - 2015-03-30 16:56 - 00003504 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-06-08 15:48 - 2009-07-14 01:13 - 00812530 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-07 21:05 - 2012-05-05 02:04 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\BitTorrent
2015-06-07 16:24 - 2015-01-21 19:04 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-05-30 21:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-05-28 09:33 - 2011-07-23 06:45 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\Skype
2015-05-25 07:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-25 07:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-17 02:56 - 2013-11-20 01:43 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\Tibia
2015-05-16 21:12 - 2009-07-14 00:45 - 04996648 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-16 21:08 - 2009-07-14 03:47 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-16 21:08 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-16 12:08 - 2014-05-10 09:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-16 12:00 - 2012-12-23 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-16 11:59 - 2012-12-23 23:34 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-16 11:59 - 2012-12-23 23:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 23:36 - 2011-07-23 06:45 - 00000000 ____D C:\ProgramData\Skype
2015-05-15 23:35 - 2015-04-21 03:05 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-15 23:04 - 2012-08-28 09:41 - 00083577 _____ C:\Windows\DirectX.log
2015-05-15 22:58 - 2014-11-13 03:04 - 00000000 ____D C:\Program Files (x86)\Steam
2015-05-15 22:19 - 2015-03-15 19:31 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\vlc
2015-05-14 23:40 - 2011-07-23 06:04 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3757311312-923654551-2957644542-1000UA
2015-05-14 23:40 - 2011-07-23 06:04 - 00003486 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3757311312-923654551-2957644542-1000Core
2015-05-13 18:56 - 2015-01-02 04:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======

2013-01-04 03:22 - 2013-01-10 00:54 - 0000125 _____ () C:\Users\Jimmy\AppData\Roaming\D2Info0
2013-01-04 03:32 - 2013-01-09 19:51 - 0000008 _____ () C:\Users\Jimmy\AppData\Roaming\DofusAppId0_1
2013-01-04 03:22 - 2013-01-10 03:46 - 0000008 _____ () C:\Users\Jimmy\AppData\Roaming\DofusAppId0_2
2013-01-08 03:47 - 2013-01-08 03:47 - 0000008 _____ () C:\Users\Jimmy\AppData\Roaming\DofusAppId0_3
2013-08-14 05:48 - 2013-08-14 17:21 - 0037376 ___SH () C:\Users\Jimmy\AppData\Roaming\Thumbs.db
2014-11-12 10:09 - 2014-11-29 01:09 - 0000154 _____ () C:\Users\Jimmy\AppData\Roaming\WB.CFG
2014-11-13 23:09 - 2014-11-13 23:09 - 0022528 _____ () C:\Users\Jimmy\AppData\Local\32760506dsisetup327628302.exe
2014-11-13 23:09 - 2014-11-21 18:09 - 0000001 _____ () C:\Users\Jimmy\AppData\Local\DSI.DAT
2014-11-21 18:09 - 2014-11-21 18:09 - 0022528 _____ () C:\Users\Jimmy\AppData\Local\dsisetup2226785252.exe
2011-12-24 17:52 - 2011-12-24 17:52 - 0000093 _____ () C:\Users\Jimmy\AppData\Local\fusioncache.dat
2014-07-01 22:53 - 2014-07-01 22:55 - 0000600 _____ () C:\Users\Jimmy\AppData\Local\PUTTY.RND
2014-06-20 09:12 - 2015-04-16 16:34 - 0007596 _____ () C:\Users\Jimmy\AppData\Local\Resmon.ResmonCfg
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\Jimmy\AppData\Local\setup.txt
2012-10-16 11:55 - 2012-08-17 11:55 - 0000032 ____R () C:\ProgramData\hash.dat

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Jimmy\jagex_runescape_preferences.dat
C:\Users\Jimmy\jagex_runescape_preferences2.dat


Some files in TEMP:
====================
C:\Users\Jimmy\AppData\Local\Temp\{F7DAAB0B-5A61-42AC-9C0C-9AB330887B8E}-43.0.2357.124_43.0.2357.81_chrome_updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-07 17:15

==================== End of log ============================



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 09 June 2015 - 12:50 PM

How is your computer running after the following steps?
Which problems are still present?


Step 1

Please download this attached Attached File  fixlist.txt   1.88KB   1 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#7 Cepse

Cepse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 09 June 2015 - 03:46 PM

I haven't really had much time to give it a thorough use as I've been running the scans and doing errands.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Jimmy at 2015-06-09 14:17:00 Run:2
Running from C:\Users\Jimmy\Desktop
Loaded Profiles: Jimmy (Available Profiles: Jimmy)
Boot Mode: Normal
==============================================

fixlist content:
*****************
FF DefaultSearchEngine: Trovi
FF SelectedSearchEngine: Trovi
CHR HKLM-x32\...\Chrome\Extension: [fpdcjjiepplekfppfpcmkfgfagpmdmgc] - C:\Program Files (x86)\Lyrics-Show\126.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cpcidiiiodpbjdkbhldlebfbnidpgaih] - C:\Users\Jimmy\AppData\Local\CRE\cpcidiiiodpbjdkbhldlebfbnidpgaih.crx [2013-05-13]
CHR HKU\S-1-5-21-3757311312-923654551-2957644542-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cpcidiiiodpbjdkbhldlebfbnidpgaih] - C:\Users\Jimmy\AppData\Local\CRE\cpcidiiiodpbjdkbhldlebfbnidpgaih.crx [2013-05-13]
CHR HKU\S-1-5-21-3757311312-923654551-2957644542-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Jimmy\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Jimmy\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2013-10-09]
*****************

Firefox DefaultSearchEngine removed successfully
Firefox SelectedSearchEngine removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fpdcjjiepplekfppfpcmkfgfagpmdmgc" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cpcidiiiodpbjdkbhldlebfbnidpgaih" => key removed successfully
C:\Users\Jimmy\AppData\Local\CRE\cpcidiiiodpbjdkbhldlebfbnidpgaih.crx => moved successfully.
"HKU\S-1-5-21-3757311312-923654551-2957644542-1000\SOFTWARE\Google\Chrome\Extensions\cpcidiiiodpbjdkbhldlebfbnidpgaih" => key removed successfully
"C:\Users\Jimmy\AppData\Local\CRE\cpcidiiiodpbjdkbhldlebfbnidpgaih.crx" => File/Folder not found.
"HKU\S-1-5-21-3757311312-923654551-2957644542-1000\SOFTWARE\Google\Chrome\Extensions\njljkdinboobkmkihgcohanchjnjpgjk" => key removed successfully
C:\Users\Jimmy\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx => moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\njljkdinboobkmkihgcohanchjnjpgjk" => key removed successfully
"C:\Users\Jimmy\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx" => File/Folder not found.

==== End of Fixlog 14:17:01 ====

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8951b79294a6cf4fb4eaea93f799a342
# end=init
# utc_time=2015-06-09 06:20:30
# local_time=2015-06-09 02:20:30 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24248
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8951b79294a6cf4fb4eaea93f799a342
# end=updated
# utc_time=2015-06-09 06:29:01
# local_time=2015-06-09 02:29:01 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=8951b79294a6cf4fb4eaea93f799a342
# engine=24248
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-09 08:39:48
# local_time=2015-06-09 04:39:48 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 1213298 56758382 0 0
# scanned=355914
# found=120
# cleaned=0
# scan_time=7847
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\$Recycle.Bin\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3757311312-923654551-2957644542-1000\HELP_DECRYPT.TXT"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=75F83D0E2071210C11B550863EC82F53D0E195A9 ft=1 fh=71573f5a1c96d142 vn="Win32/Toolbar.Conduit.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\IE\CT3291326\UninstallerUI.exe.vir"
sh=338901240FEDCEF4E3892FD4C723C89154F4DE05 ft=1 fh=020823327ce5bc47 vn="Win32/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\TheBflix\bhoclass.dll.vir"
sh=6EFDB89F46B07E0D6625D67021CE96C575F56195 ft=1 fh=f45d3665485d974e vn="a variant of Win32/Adware.MultiPlug.HW application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{1d0837e3-8a7e-a0b4-1d08-837e38a7df8e}\Planet Centauri v0.1c - Steam Greenlight.exe.vir"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\AMD-Catalyst-Omega-14.12-With-DOTNet45-Win7-64bit\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\AMD-Catalyst-Omega-14.12-With-DOTNet45-Win7-64bit\Config\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\AMD-Catalyst-Omega-14.12-With-DOTNet45-Win7-64bit\Images\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\12-10_mobility_vista_win7_win8_64_dd_ccc_whql_net4\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\12-10_mobility_vista_win7_win8_64_dd_ccc_whql_net4\Config\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\12-10_mobility_vista_win7_win8_64_dd_ccc_whql_net4\Images\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\12-6_mobility_vista_win7_64_dd_ccc_whql\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\12-6_mobility_vista_win7_64_dd_ccc_whql\Config\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\12-6_mobility_vista_win7_64_dd_ccc_whql\Images\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\12-8_mobility_vista_win7_win8_32-64_hydravision\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\12-8_mobility_vista_win7_win8_32-64_hydravision\Config\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\12-8_mobility_vista_win7_win8_32-64_hydravision\Images\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\12-8_vista_win7_win8_64_dd_ccc_whql\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\12-8_vista_win7_win8_64_dd_ccc_whql\Config\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\12-8_vista_win7_win8_64_dd_ccc_whql\Images\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\13-12_win7_win8_64_dd_ccc_whql\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\13-12_win7_win8_64_dd_ccc_whql\Config\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\13-12_win7_win8_64_dd_ccc_whql\Images\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\13-1_vista_win7_win8_64_dd_ccc_whql\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\13-1_vista_win7_win8_64_dd_ccc_whql\Config\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\13-1_vista_win7_win8_64_dd_ccc_whql\Images\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\13-4_mobility_win7_win8_64_dd_ccc_whql\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\13-4_mobility_win7_win8_64_dd_ccc_whql\Config\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\AMD\Support\13-4_mobility_win7_win8_64_dd_ccc_whql\Images\HELP_DECRYPT.TXT"
sh=AE4C9896756B8E162C1F29C831C066805AA55DC9 ft=1 fh=d70ab19a2dca7424 vn="Win32/TrojanDownloader.Wauchos.AK trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\mscboxv.exe.xBAD"
sh=AE4C9896756B8E162C1F29C831C066805AA55DC9 ft=1 fh=d70ab19a2dca7424 vn="Win32/TrojanDownloader.Wauchos.AK trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\mshmbrat.exe.xBAD"
sh=AE4C9896756B8E162C1F29C831C066805AA55DC9 ft=1 fh=d70ab19a2dca7424 vn="Win32/TrojanDownloader.Wauchos.AK trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\msmsycils.exe.xBAD"
sh=AE4C9896756B8E162C1F29C831C066805AA55DC9 ft=1 fh=d70ab19a2dca7424 vn="Win32/TrojanDownloader.Wauchos.AK trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\msrvtzg.exe.xBAD"
sh=AE4C9896756B8E162C1F29C831C066805AA55DC9 ft=1 fh=d70ab19a2dca7424 vn="Win32/TrojanDownloader.Wauchos.AK trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\msslmeqf.exe.xBAD"
sh=B92F7E87486F17B571E6132330D5735C564DC3F7 ft=1 fh=c71c001114577060 vn="a variant of Win64/Sathurbot.A trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Microsoft\Performance\Monitor\SecurityHelper.dll"
sh=CAE9378EFED58B641ED7C93D966FD8AF6F49C66E ft=1 fh=8777c1e3a2ff2323 vn="Win32/Boaxxe.BR trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Microsoft\Performance\Monitor\temp\tmp31F8.exe"
sh=D7C647F1D36F91746B0B35158081C2688094AF31 ft=1 fh=843a5273271818b1 vn="a variant of Win32/TrojanDownloader.Agent.BHQ trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Microsoft\Performance\Monitor\temp\tmp63D4.exe"
sh=1157E020EDCEB4A3CDCC80B359C6D054DCF14B7C ft=1 fh=3826c25500b82ae7 vn="Win32/Kovter.B trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Microsoft\Performance\Monitor\temp\tmp71C7.exe"
sh=1D4863642003F8870B298720BA0E5E6DF49C00A7 ft=1 fh=9935b089b344c593 vn="Win32/Agent.WOG trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Microsoft\Performance\Monitor\temp\tmp8AF1.exe"
sh=F58E6FF4A9AAF93E9D2F66F93AC75B4E2B662DD7 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Jimmy\AppData\Local\CRE\cpcidiiiodpbjdkbhldlebfbnidpgaih.crx.xBAD"
sh=EF366FB1497119FF1E011FF852B512C7E343F5E6 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Jimmy\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx.xBAD"
sh=DE3C2053DD4F236ED515A7532B4AEB4058ED2FD3 ft=1 fh=104235d16bcdf867 vn="Win32/Boaxxe.CS trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Jimmy\AppData\Local\Etxltion\3resdfss.dll"
sh=385A14C6DDB7288AD1931D64E9D85CC69AD30DC1 ft=1 fh=4daa625bd1955bce vn="a variant of Win32/Kryptik.DJTI trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Jimmy\AppData\Local\Olqics\dasdfg21.dll"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=81C2C3354F11ECE49D7667538CEFE9F2B2395319 ft=1 fh=cca4b3788ffc60aa vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnIC.dll"
sh=FDC2005CED8ACF86C68FE1B86B0698D0539E8CE0 ft=1 fh=1aa6a68885750335 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnStub.exe"
sh=99DD33D629341F95D9853B1E63FCE454EC654560 ft=1 fh=08803d4e54260720 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe"
sh=6408D61C9809E743126596AF762ABA61C67626F2 ft=1 fh=11b2d7f1750c67b8 vn="Win32/Adware.DsiLoad.A application" ac=I fn="C:\Users\Jimmy\AppData\Local\32760506dsisetup327628302.exe"
sh=6408D61C9809E743126596AF762ABA61C67626F2 ft=1 fh=11b2d7f1750c67b8 vn="Win32/Adware.DsiLoad.A application" ac=I fn="C:\Users\Jimmy\AppData\Local\dsisetup2226785252.exe"
sh=0B32FF8D2F7C37579CC12DE01CFC267FF12E0222 ft=1 fh=4458d9815af8aab4 vn="Win32/Somoto.N potentially unwanted application" ac=I fn="C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000"
sh=87B07E95070009C344EA2DF8F50D2C8D104C4961 ft=1 fh=f891df4f93911ea4 vn="Win32/Somoto.N potentially unwanted application" ac=I fn="C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000001"
sh=9B9A40C286297F2796311EDE40C607004A7C07C5 ft=1 fh=19871db976166fd7 vn="Win32/DownWare.V potentially unwanted application" ac=I fn="C:\Users\Jimmy\AppData\Roaming\5264402e140ba03d0800e751\5264402e140ba03d0800e751.exe"
sh=B6C45530FB13D657CC052C4C6F27C12E9FBBC46B ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Windows\Installer\307dab46.msi"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\environment\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\footstep\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\impact\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\item\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\monster\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\monster\bat\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\monster\pig\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\monster\tiger\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\npc\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\others\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\role\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\role\humanity\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\role\humanity\man\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\role\humanity\woamn\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\role\vampire\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\role\vampire\man\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\skill\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\skill\mage\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\skill\priest\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\skill\rogue\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\skill\warrior\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\audio\sfx\weapon\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\clusternew\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\clusternew\corpseeffect\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\effect_start\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\model\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\model\model-fire\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\model\model-fire\model-fire02\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\model\model-fire\model_blazingfireball\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\model\model-fire\model_fireball02\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\model\model-fire\model_phoenixscreen\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\model\model-mist\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\model\model-mist\dersert_fog\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\model\model-mist\model-mist01\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\model\model_ice\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\model\model_ice\model_ice03\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\model\model_levelup\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\model\model_mauley_skill_01\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\model\model_mission\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\model\model_negative_buff09\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\model\model_recovery\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\model\model_soul\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\model\model_vampire_form_change\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\model\model_wing01\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\texmap\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\texmap\effect_texmap_151\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\texmap\environment\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\texmap\environment\butterfly\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\texmap\fire\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\texmap\fire\fire03\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\effect\texmap\help\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\lang_en\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\lang_en\minimap\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\lang_en\minimap\mainland\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\lang_en\minimap\mainland\instance07\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\lang_en\skin\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\lang_en\skin\gui_start\HELP_DECRYPT.TXT"
sh=5978B69A6B6AD2C1A07BC9DF33B8C82EA1C6EE12 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="E:\gencache\twclient_us\level\mainland\battlefield02\merge\HELP_DECRYPT.TXT"
 



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 10 June 2015 - 04:18 AM

Most of the threats that ESET has found are already quarantined.
Let's remove a few remnants now.
Also please test your computer and give me some feedback about remaining problems.


Step 1

Please download this attached Attached File  fixlist.txt   406bytes   1 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#9 Cepse

Cepse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 10 June 2015 - 10:52 AM

Well so far I've noticed my process list has been reduced quite the bit and I no longer see any instances of "iexplorer". Google searches seem to be working fine again and I'm no longer seeing my home page change.

 

I'm not sure if it's worth noting or just coincedence, but after I ran the fix and rebooted I had a rather large windows update download and install.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Jimmy at 2015-06-10 10:51:52 Run:3
Running from C:\Users\Jimmy\Desktop
Loaded Profiles: Jimmy (Available Profiles: Jimmy)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Program Files\WinZip
C:\Users\Jimmy\AppData\Roaming\5264402e140ba03d0800e751
C:\Windows\Installer\307dab46.msi
CMD: del /f /s /q c:\HELP_DECRYPT.TXT
CMD: del /f /s /q e:\HELP_DECRYPT.TXT
Reboot:
*****************

C:\Program Files\WinZip => moved successfully.
C:\Users\Jimmy\AppData\Roaming\5264402e140ba03d0800e751 => moved successfully.
C:\Windows\Installer\307dab46.msi => moved successfully.

=========  del /f /s /q c:\HELP_DECRYPT.TXT =========

Deleted file - c:\$Recycle.Bin\HELP_DECRYPT.TXT
Deleted file - c:\$Recycle.Bin\S-1-5-21-3757311312-923654551-2957644542-1000\HELP_DECRYPT.TXT
Deleted file - c:\AMD\AMD-Catalyst-Omega-14.12-With-DOTNet45-Win7-64bit\HELP_DECRYPT.TXT
Deleted file - c:\AMD\AMD-Catalyst-Omega-14.12-With-DOTNet45-Win7-64bit\Config\HELP_DECRYPT.TXT
Deleted file - c:\AMD\AMD-Catalyst-Omega-14.12-With-DOTNet45-Win7-64bit\Images\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\12-10_mobility_vista_win7_win8_64_dd_ccc_whql_net4\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\12-10_mobility_vista_win7_win8_64_dd_ccc_whql_net4\Config\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\12-10_mobility_vista_win7_win8_64_dd_ccc_whql_net4\Images\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\12-6_mobility_vista_win7_64_dd_ccc_whql\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\12-6_mobility_vista_win7_64_dd_ccc_whql\Config\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\12-6_mobility_vista_win7_64_dd_ccc_whql\Images\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\12-8_mobility_vista_win7_win8_32-64_hydravision\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\12-8_mobility_vista_win7_win8_32-64_hydravision\Config\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\12-8_mobility_vista_win7_win8_32-64_hydravision\Images\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\12-8_vista_win7_win8_64_dd_ccc_whql\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\12-8_vista_win7_win8_64_dd_ccc_whql\Config\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\12-8_vista_win7_win8_64_dd_ccc_whql\Images\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\13-12_win7_win8_64_dd_ccc_whql\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\13-12_win7_win8_64_dd_ccc_whql\Config\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\13-12_win7_win8_64_dd_ccc_whql\Images\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\13-1_vista_win7_win8_64_dd_ccc_whql\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\13-1_vista_win7_win8_64_dd_ccc_whql\Config\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\13-1_vista_win7_win8_64_dd_ccc_whql\Images\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\13-4_mobility_win7_win8_64_dd_ccc_whql\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\13-4_mobility_win7_win8_64_dd_ccc_whql\Config\HELP_DECRYPT.TXT
Deleted file - c:\AMD\Support\13-4_mobility_win7_win8_64_dd_ccc_whql\Images\HELP_DECRYPT.TXT

========= End of CMD: =========


=========  del /f /s /q e:\HELP_DECRYPT.TXT =========

Deleted file - e:\gencache\twclient_us\audio\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\environment\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\footstep\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\impact\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\item\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\monster\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\monster\bat\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\monster\pig\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\monster\tiger\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\npc\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\others\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\role\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\role\humanity\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\role\humanity\man\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\role\humanity\woamn\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\role\vampire\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\role\vampire\man\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\skill\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\skill\mage\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\skill\priest\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\skill\rogue\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\skill\warrior\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\audio\sfx\weapon\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\clusternew\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\clusternew\corpseeffect\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\effect_start\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\model\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\model\model-fire\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\model\model-fire\model-fire02\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\model\model-fire\model_blazingfireball\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\model\model-fire\model_fireball02\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\model\model-fire\model_phoenixscreen\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\model\model-mist\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\model\model-mist\dersert_fog\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\model\model-mist\model-mist01\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\model\model_ice\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\model\model_ice\model_ice03\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\model\model_levelup\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\model\model_mauley_skill_01\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\model\model_mission\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\model\model_negative_buff09\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\model\model_recovery\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\model\model_soul\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\model\model_vampire_form_change\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\model\model_wing01\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\texmap\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\texmap\effect_texmap_151\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\texmap\environment\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\texmap\environment\butterfly\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\texmap\fire\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\texmap\fire\fire03\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\effect\texmap\help\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\lang_en\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\lang_en\minimap\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\lang_en\minimap\mainland\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\lang_en\minimap\mainland\instance07\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\lang_en\skin\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\lang_en\skin\gui_start\HELP_DECRYPT.TXT
Deleted file - e:\gencache\twclient_us\level\mainland\battlefield02\merge\HELP_DECRYPT.TXT

========= End of CMD: =========



The system needed a reboot..

==== End of Fixlog 10:53:30 ====

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Jimmy (administrator) on JIMMY-PC on 10-06-2015 10:57:05
Running from C:\Users\Jimmy\Desktop
Loaded Profiles: Jimmy (Available Profiles: Jimmy)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Akamai Technologies, Inc.) C:\Users\Jimmy\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Jimmy\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5107712 2009-11-17] (Dell Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-14] (Raptr, Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
Winlogon\Notify\FastAccess: C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll [2010-04-04] ()
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Run: [Google Update] => C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jimmy\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Run: [HydraVisionDesktopManager] => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: G - G:\baldur.exe
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: H - H:\autorun.exe
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: J - J:\SETUP.EXE
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: K - K:\SETUP.EXE
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: {046d38c1-91c8-11e3-883c-0026b9ff04c4} - I:\Startme.exe
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: {793de550-573c-11e3-a5fa-0026b9ff04c4} - H:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: {f5daf906-9c63-11e2-b435-0026b9ff04c4} - G:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\MountPoints2: {f5daf910-9c63-11e2-b435-0026b9ff04c4} - H:\setup\rsrc\Autorun.exe
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
Lsa: [Notification Packages] scecli FAPassSync
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3757311312-923654551-2957644542-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-14] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SSOIEAddonBHO Class -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll [2010-04-04] (Sensible Vision )
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3757311312-923654551-2957644542-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{333A6FDA-C862-494E-8D5D-10287C0DB5E6}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\60nn5930.default
FF DefaultSearchEngine.US: Google
FF Homepage: https://www.google.ca/?gfe_rd=cr&ei=OPR0VbeBFcOC8Qfv_oCYAQ&gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @gentek.com/thinclient -> C:\IGG\twclient_us\npthinclient.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> G:\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: @fancyguo.com/FancyGame,version=1.0.0.1 -> C:\Users\Jimmy\AppData\Local\Fancy\npfancygame.dll [2012-01-03] (Beijing FancyGuo Tech Ltd)
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: @gentek.com/thinclient -> C:\IGG\twclient_us\npthinclient.dll No File
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: @leeuu.com/npgboxruner;version= -> C:\Users\Jimmy\AppData\Roaming\gbox\npgboxruner.dll No File
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jimmy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)
FF Plugin HKU\S-1-5-21-3757311312-923654551-2957644542-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Strict Pop-up Blocker - C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\60nn5930.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2015-05-30]
FF HKU\S-1-5-21-3757311312-923654551-2957644542-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-02-06]

Chrome:
=======
CHR Profile: C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (So Many Me - Demo) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjkhidjaocnkjchjfpgbfdegeiljcdn [2013-09-20]
CHR Extension: (YouTube) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-13]
CHR Extension: (Google Search) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-13]
CHR Extension: (Polycraft) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopfmbpfhhfnklgmjpoehcjaajhpbhbl [2013-09-19]
CHR Extension: (PSO2 Extension) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\febdkhimnahpmjpbidcofjdpjjggojhj [2014-07-03]
CHR Extension: (Bookmark Manager) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-07]
CHR Extension: (Google Wallet) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Famous Logos Quiz) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\opojgjpgafjmjiiglgknephkjmdmdcfo [2013-10-22]
CHR Extension: (Gmail) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-13]
CHR HKLM-x32\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [pofcchimbbmpjnaeolplajfcjaphdpnf] - C:\ProgramData\TheBflix\pofcchimbbmpjnaeolplajfcjaphdpnf.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-11-22] (EasyAntiCheat Ltd)
S4 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2409800 2010-04-04] (Sensible Vision )
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5267776 2014-01-22] (INCA Internet Co., Ltd.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [3066368 2009-10-29] (Broadcom Corporation) [File not signed]
S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [666720 2012-09-20] (Wellbia.com Co., Ltd.) [File not signed]
S4 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [X]
S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-04-26] (Duplex Secure Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
U3 a7olgos9; No ImagePath
S3 AtiHdmiService; system32\drivers\AtiHdmi.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 slb; \??\C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [X]
S3 usj; \??\C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
S3 X6va005; \??\C:\Users\Jimmy\AppData\Local\Temp\005C882.tmp [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 10:57 - 2015-06-10 10:58 - 00019501 _____ C:\Users\Jimmy\Desktop\FRST.txt
2015-06-09 19:37 - 2015-06-09 19:37 - 18169520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-06-09 14:20 - 2015-06-09 14:20 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-09 12:04 - 2015-06-09 12:57 - 00000000 ____D C:\AdwCleaner
2015-06-09 12:03 - 2015-06-09 12:03 - 02231296 _____ C:\Users\Jimmy\Desktop\AdwCleaner.exe
2015-06-09 10:09 - 2015-06-09 10:09 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Jimmy\Desktop\tdsskiller.exe
2015-06-08 18:59 - 2015-06-10 10:57 - 00000000 ____D C:\FRST
2015-06-08 18:54 - 2015-06-08 18:55 - 02108928 _____ (Farbar) C:\Users\Jimmy\Desktop\FRST64.exe
2015-06-08 15:40 - 2015-06-10 10:56 - 00000000 ____D C:\Users\Jimmy\AppData\Local\LogMeIn Hamachi
2015-06-08 15:39 - 2015-06-08 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-06-08 15:39 - 2015-06-08 15:39 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-06-07 21:09 - 2015-06-09 17:52 - 00000000 ____D C:\Users\Jimmy\Desktop\universe
2015-06-07 21:09 - 2015-06-09 17:52 - 00000000 ____D C:\Users\Jimmy\Desktop\player
2015-05-17 02:01 - 2015-05-17 02:01 - 00000938 _____ C:\Users\Jimmy\Desktop\ElfBot NG.lnk
2015-05-17 02:01 - 2015-05-17 02:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElfBot NG
2015-05-17 02:01 - 2015-05-17 02:01 - 00000000 ____D C:\Program Files (x86)\ElfBot NG
2015-05-16 21:26 - 2015-05-16 21:32 - 00001048 _____ C:\Users\Public\Desktop\TUGBot.exe.lnk
2015-05-16 21:26 - 2015-05-16 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TUGBot
2015-05-16 12:00 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 12:00 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 01:37 - 2015-06-08 21:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-16 00:07 - 2015-05-16 00:07 - 00000000 ____D C:\Program Files (x86)\TUGBot
2015-05-15 23:44 - 2015-05-15 23:44 - 00001945 _____ C:\Windows\epplauncher.mif
2015-05-15 23:38 - 2015-05-15 23:38 - 00002119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-15 23:37 - 2015-05-15 23:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-05-15 23:37 - 2015-05-15 23:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-05-15 23:04 - 2015-05-15 23:04 - 00000000 ____D C:\Program Files (x86)\Dungeon Defenders Eternity
2015-05-15 22:48 - 2015-05-15 22:48 - 00002808 _____ C:\Users\Public\Desktop\Dungeon Defenders Eternity.lnk
2015-05-15 22:48 - 2015-05-15 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trendy Entertainment
2015-05-15 22:41 - 2015-05-15 22:41 - 00000000 ____D C:\Program Files (x86)\Trendy Entertainment
2015-05-15 22:00 - 2015-05-15 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-15 19:04 - 2015-06-09 17:38 - 00000000 ____D C:\Users\Jimmy\Desktop\Starbound.Beta.Build.27.04.2015
2015-05-15 12:41 - 2011-11-01 12:52 - 00000000 ____D C:\Users\Jimmy\Desktop\NoxiousOT.com
2015-05-14 23:40 - 2015-05-14 23:40 - 00000000 ____D C:\Program Files (x86)\Google
2015-05-12 20:03 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 20:03 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 20:03 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 20:03 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 20:03 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 20:03 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 20:03 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 20:03 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 20:03 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 20:03 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 20:03 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 20:03 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 20:03 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 20:03 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 20:03 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 20:03 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 20:03 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 20:03 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 20:03 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 20:03 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 20:03 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 20:03 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 20:03 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 20:03 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 20:03 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 20:03 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 20:03 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 20:03 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 20:03 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 20:03 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 20:03 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 20:03 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 20:03 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 20:03 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 20:03 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 20:03 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 20:03 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 20:03 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 20:03 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 20:03 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 20:03 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 20:03 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 20:03 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 20:03 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 20:03 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 20:03 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 20:03 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 20:03 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 20:03 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 20:03 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 20:03 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 20:03 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 20:03 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 20:03 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 20:03 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 20:03 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 20:03 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 20:03 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 20:03 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 20:03 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 20:03 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 20:03 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 20:03 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 20:03 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 20:01 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 20:01 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 20:01 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 20:01 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-12 20:01 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-12 20:01 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 20:01 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 20:01 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 20:01 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 20:01 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 20:01 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 20:01 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 20:01 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 20:01 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-12 20:01 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 20:01 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 20:01 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-12 20:01 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-12 20:01 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-12 20:01 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 20:01 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 20:01 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 20:01 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 20:01 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 20:01 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 20:01 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-12 20:01 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 20:01 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 20:01 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 20:01 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 20:01 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 20:01 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 20:01 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 20:01 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 20:00 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 20:00 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 20:00 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 20:00 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 20:00 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 20:00 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 20:00 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 20:00 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 20:00 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 20:00 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 20:00 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 20:00 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 20:00 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 20:00 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 20:00 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 20:00 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 20:00 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 20:00 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 10:57 - 2015-01-21 19:04 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\Raptr
2015-06-10 10:55 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-10 10:54 - 2014-06-27 21:53 - 00026460 _____ C:\Windows\setupact.log
2015-06-10 10:53 - 2011-07-23 07:57 - 01869697 _____ C:\Windows\WindowsUpdate.log
2015-06-10 10:45 - 2011-07-23 06:04 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3757311312-923654551-2957644542-1000UA.job
2015-06-10 10:34 - 2015-01-08 01:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-10 08:42 - 2009-07-14 00:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-10 08:42 - 2009-07-14 00:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-09 23:55 - 2011-07-23 06:04 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3757311312-923654551-2957644542-1000Core.job
2015-06-09 19:37 - 2015-01-08 01:36 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-09 19:37 - 2015-01-08 01:36 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 19:37 - 2015-01-08 01:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-09 18:39 - 2015-03-30 16:56 - 00003504 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-06-09 14:17 - 2013-05-24 22:19 - 00000000 ____D C:\Users\Jimmy\AppData\Local\CRE
2015-06-09 11:58 - 2011-08-05 18:33 - 00935716 _____ C:\Windows\PFRO.log
2015-06-09 11:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-08 15:48 - 2009-07-14 01:13 - 00812530 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-07 21:05 - 2012-05-05 02:04 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\BitTorrent
2015-06-07 16:24 - 2015-01-21 19:04 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-05-30 21:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-05-28 09:33 - 2011-07-23 06:45 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\Skype
2015-05-25 07:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-25 07:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-17 02:56 - 2013-11-20 01:43 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\Tibia
2015-05-16 21:12 - 2009-07-14 00:45 - 04996648 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-16 21:08 - 2009-07-14 03:47 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-16 21:08 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-16 12:08 - 2014-05-10 09:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-16 12:00 - 2012-12-23 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-16 11:59 - 2012-12-23 23:34 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-16 11:59 - 2012-12-23 23:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 23:36 - 2011-07-23 06:45 - 00000000 ____D C:\ProgramData\Skype
2015-05-15 23:35 - 2015-04-21 03:05 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-15 23:04 - 2012-08-28 09:41 - 00083577 _____ C:\Windows\DirectX.log
2015-05-15 22:58 - 2014-11-13 03:04 - 00000000 ____D C:\Program Files (x86)\Steam
2015-05-15 22:19 - 2015-03-15 19:31 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\vlc
2015-05-14 23:40 - 2011-07-23 06:04 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3757311312-923654551-2957644542-1000UA
2015-05-14 23:40 - 2011-07-23 06:04 - 00003486 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3757311312-923654551-2957644542-1000Core
2015-05-13 18:56 - 2015-01-02 04:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======

2013-01-04 03:22 - 2013-01-10 00:54 - 0000125 _____ () C:\Users\Jimmy\AppData\Roaming\D2Info0
2013-01-04 03:32 - 2013-01-09 19:51 - 0000008 _____ () C:\Users\Jimmy\AppData\Roaming\DofusAppId0_1
2013-01-04 03:22 - 2013-01-10 03:46 - 0000008 _____ () C:\Users\Jimmy\AppData\Roaming\DofusAppId0_2
2013-01-08 03:47 - 2013-01-08 03:47 - 0000008 _____ () C:\Users\Jimmy\AppData\Roaming\DofusAppId0_3
2013-08-14 05:48 - 2013-08-14 17:21 - 0037376 ___SH () C:\Users\Jimmy\AppData\Roaming\Thumbs.db
2014-11-12 10:09 - 2014-11-29 01:09 - 0000154 _____ () C:\Users\Jimmy\AppData\Roaming\WB.CFG
2014-11-13 23:09 - 2014-11-13 23:09 - 0022528 _____ () C:\Users\Jimmy\AppData\Local\32760506dsisetup327628302.exe
2014-11-13 23:09 - 2014-11-21 18:09 - 0000001 _____ () C:\Users\Jimmy\AppData\Local\DSI.DAT
2014-11-21 18:09 - 2014-11-21 18:09 - 0022528 _____ () C:\Users\Jimmy\AppData\Local\dsisetup2226785252.exe
2011-12-24 17:52 - 2011-12-24 17:52 - 0000093 _____ () C:\Users\Jimmy\AppData\Local\fusioncache.dat
2014-07-01 22:53 - 2014-07-01 22:55 - 0000600 _____ () C:\Users\Jimmy\AppData\Local\PUTTY.RND
2014-06-20 09:12 - 2015-04-16 16:34 - 0007596 _____ () C:\Users\Jimmy\AppData\Local\Resmon.ResmonCfg
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\Jimmy\AppData\Local\setup.txt
2012-10-16 11:55 - 2012-08-17 11:55 - 0000032 ____R () C:\ProgramData\hash.dat

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Jimmy\jagex_runescape_preferences.dat
C:\Users\Jimmy\jagex_runescape_preferences2.dat


Some files in TEMP:
====================
C:\Users\Jimmy\AppData\Local\Temp\{F7DAAB0B-5A61-42AC-9C0C-9AB330887B8E}-43.0.2357.124_43.0.2357.81_chrome_updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-07 17:15

==================== End of log ============================



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 10 June 2015 - 12:36 PM

I'm not sure if it's worth noting or just coincedence, but after I ran the fix and rebooted I had a rather large windows update download and install.

That's a conincidence. It's the monthly Microsoft patchday that usually takes place around the second Tuesday of the month.


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Java 7 Update 72 (64-bit)




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#11 Cepse

Cepse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 10 June 2015 - 09:46 PM

I greatly appreciate all the help you've given so far. And I'll def be buying you that beer.

Tho I do have one concern remaining.

After logging onto my laptop to post this, I noticed my RAM running high, so I ran a Dxdiag and it's only showing 4gb instead of 6. Yesterday morning it was still showing 6, is there any steps we did that may have caused this? I have already reseated both sticks and it still shows the same.



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 11 June 2015 - 06:25 AM

That's strange. I have never seen this happening before. And I don't see a step that could have something to do with it. Because none of these tools do anything about physical memory settings or even come close to it..
My guess is that this is an indepentend event.
As this is not my field of expertise I suggest that you create a new thread in the hardware forum here at BC and ask for assistance to diagnose this problem.

#13 Cepse

Cepse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 11 June 2015 - 10:07 AM

Alrighty, thanks so much. You've been a great help with everything and super fast responses.



#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 11 June 2015 - 10:34 AM

You're welcome.
Take care.

#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 11 June 2015 - 10:34 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users