Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Install any antivirus or run Rkiller


  • This topic is locked This topic is locked
20 replies to this topic

#1 druid9

druid9

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 13 October 2015 - 11:58 PM

Hi,

 

I think i have a virus infection which managed to deliver a man in the middle attack on my internet banking. Thankfully resolved with the bank, noe to clean up.

 

The machine in question used to be used as a media centre but has now been repurposed as a general duties machine. The issue came to light when I had the problem with online baking and realised I had no AV installed - idiot!

 

HAve tried to install a number of AV programs including AVG, MAlwarebytes, and all of the chameleon varieties, have tried to run Rkiller, tdsskiller and a few others suggested elsewhere. Nothing will run. In most cases I get a splash screen then when I click run, nothing happens.

 

Below FRST Log, attached, addition.txt. Please help I'm stuck, thanks in advance.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-10-2015
Ran by Paul (administrator) on ACER-REVO (14-10-2015 10:16:04)
Running from C:\Users\Paul\Desktop
Loaded Profiles: Paul (Available Profiles: Paul & LogMeInRemoteUser & Admin)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10867816 2010-06-08] (Realtek Semiconductor)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-11-29] (LogMeIn, Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-13] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-09-30] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-09-30] (Acer Corp.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\TightVNC\tvnserver.exe [804952 2010-04-07] (GlavSoft LLC.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [{810C7B94-BE0B-18C7-D663-BA6DE5295A25}] => C:\Users\Paul\AppData\Roaming\tjTrLkVV\AVatGhyy\KLwXGqry\tOVOkNxdj.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\...\Run: [ASRockOCTuner] => [X]
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\...\Run: [MPExtended Configurator] => C:\Program Files (x86)\MPExtended\Service\MPExtended.Applications.ServiceConfigurator.exe [1174528 2012-12-03] (mpextended.github.com)
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\...\Run: [GoogleChromeAutoLaunch_29EBA8C2ED1206321A8B41FC997F63B8] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-24] (Google Inc.)
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Paul\Downloads\rkill.scr [2019656 2015-10-11] (Bleeping Computer, LLC)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-09-11] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-09-11] (Egis Technology Inc.)
Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk [2010-04-24]
ShortcutTarget: EventGhost.lnk -> C:\Program Files (x86)\EventGhost\EventGhost.exe (EventGhost Project)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{B1112E69-32A8-4AE0-AF67-AE909508D6AB}: [DhcpNameServer] 192.168.178.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_r3610&r=17360410d416p0445v1k5w45i1t520
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_r3610&r=17360410d416p0445v1k5w45i1t520
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_r3610&r=17360410d416p0445v1k5w45i1t520
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://au.search.yahoo.com/?type=994519&fr=spigot-yhp-ie
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-412289508-1068612743-3965786959-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-412289508-1068612743-3965786959-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-412289508-1068612743-3965786959-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-09-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-28] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-28] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-23] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-09-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-28] (Oracle Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-02-23] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-02-23] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-02-23] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-02-23] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-04-29] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-04-29] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll [2010-01-06] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-11] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2014-09-11] (Telstra Corporation Ltd.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-01-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-10] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com.au/
CHR StartupUrls: Default -> "hxxp://www.google.com.au/","hxxp://www.search.ask.com/?tpid=ORJ-V7C&o=APN11412&pf=V7&trgb=CR&p2=%5EBBK%5EOSJ000%5EYY%5EAU&gct=hp&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EAU&apn_dbr=cr_35.0.1916.114&apn_uid=9E4D2450-8643-48A4-BE11-327E8B82DCE5&itbv=12.12.2.83&doi=2014-06-05&psv=&pt=tb","hxxp://websearch.calcitapp.info/","hxxps://au.search.yahoo.com/?type=994519&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> google.com.au_
CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-29]
CHR Extension: (Google Docs) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-29]
CHR Extension: (Sortd Smart Skin for Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohlfneeliakfcefeffppfplagbccbni [2015-09-26]
CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-12]
CHR Extension: (Mindjet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgpkinhfhnglbhoeoeooekalejbhbhgl [2015-01-29]
CHR Extension: (Block Sender) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bklnjbfcmglhiaoppcckdodanccbelcg [2015-07-03]
CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-29]
CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-29]
CHR Extension: (HelloSign for Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\dciflieigdmogpmamcgbigingaodhnil [2015-09-25]
CHR Extension: (Telstra Extension) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2015-02-05]
CHR Extension: (Gmail Offline) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-04-16]
CHR Extension: (Google Sheets) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-29]
CHR Extension: (Google Docs Offline) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Speed Dial 2) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2015-01-29]
CHR Extension: (LinkedIn Export Tool) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgipmhdegifoehfbbffcfbmpfmbjaiem [2015-01-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-28]
CHR Extension: (HTML Live) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhnnniabbinkphbhmjdaigcbdicakdfn [2015-05-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-29]
CHR Extension: (Sidekick by HubSpot) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2015-01-29]
CHR Extension: (WiseStamp - Email Signatures for Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcgnkmbeodkmiijjfnliicelkjfcldg [2015-01-29]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2015-09-26]
CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-29]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2015-01-31]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417640 2015-10-10] (LogMeIn, Inc.)
S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507752 2015-10-10] (LogMeIn, Inc.)
S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.)
S2 MPExtended Service; C:\Program Files (x86)\MPExtended\Service\MPExtended.ServiceHosts.CoreService.exe [6144 2012-12-03] (Microsoft) [File not signed]
S2 MPExtended WebMediaPortal; C:\Program Files (x86)\MPExtended\WebMediaPortal\MPExtended.ServiceHosts.WebMediaPortal.exe [13824 2012-11-25] () [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
S2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe [7599616 2009-08-18] () [File not signed]
S2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-12] (TeamViewer GmbH)
S2 TV4HomeCoreService; C:\Program Files (x86)\TV4Home Core Service\TV4Home.Server.CoreService.exe [6656 2011-07-16] (tv4home.codeplex.com) [File not signed]
S2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [804952 2010-04-07] (GlavSoft LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-28] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 zremote; C:\Windows\System32\Drivers\zremote.sys [19456 2010-04-26] (Streamzap, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dpclat_driver; \??\C:\Windows\system32\drivers\dpclat_driver.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-14 10:16 - 2015-10-14 10:16 - 00022200 _____ C:\Users\Paul\Desktop\FRST.txt
2015-10-14 10:13 - 2015-10-14 10:13 - 02196480 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2015-10-14 09:53 - 2015-10-14 09:53 - 04404952 _____ (Kaspersky Lab ZAO) C:\tdsskiller.exe
2015-10-14 09:15 - 2015-10-14 09:15 - 00019041 _____ C:\ComboFix.txt
2015-10-14 08:44 - 2015-10-14 08:44 - 05636349 ____R (Swearware) C:\Users\Paul\Desktop\sega.com.exe
2015-10-14 08:43 - 2015-10-14 08:44 - 05636349 _____ (Swearware) C:\Users\Paul\Downloads\ComboFix.exe
2015-10-13 19:35 - 2015-10-13 20:25 - 93282968 _____ (Kaspersky Lab ZAO) C:\Users\Paul\Desktop\sadface.exe
2015-10-13 18:23 - 2015-10-13 18:23 - 00642155 _____ C:\Users\Paul\Downloads\Unconfirmed 924176.crdownload
2015-10-13 18:21 - 2011-06-26 17:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-13 18:21 - 2010-11-08 04:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-13 18:21 - 2009-04-20 15:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-13 18:21 - 2000-08-31 11:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-13 18:21 - 2000-08-31 11:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-13 06:58 - 2015-10-13 06:58 - 00290848 _____ C:\Windows\Minidump\101315-23166-01.dmp
2015-10-13 06:13 - 2015-10-13 06:14 - 00290848 _____ C:\Windows\Minidump\101315-21668-01.dmp
2015-10-13 06:08 - 2015-10-13 06:08 - 00290848 _____ C:\Windows\Minidump\101315-22479-01.dmp
2015-10-13 06:00 - 2015-10-13 06:00 - 00380416 _____ C:\Users\Paul\Downloads\qz5811iq.exe
2015-10-13 05:44 - 2015-10-13 05:45 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Paul\Downloads\mbar-1.09.3.1001.exe
2015-10-11 08:11 - 2015-10-11 08:11 - 00000000 ____D C:\Users\Admin\AppData\Local\Apps\2.0
2015-10-11 08:11 - 2015-10-11 07:09 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Admin\Desktop\rkill.exe
2015-10-11 08:09 - 2015-10-11 08:09 - 00000020 ___SH C:\Users\Admin\ntuser.ini
2015-10-11 08:09 - 2015-10-11 08:09 - 00000000 ____D C:\Users\Admin
2015-10-11 08:09 - 2015-01-31 11:01 - 00002104 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-10-11 08:09 - 2010-04-25 15:52 - 00000000 ____D C:\Users\Admin\AppData\Local\Microsoft Help
2015-10-11 08:09 - 2009-07-14 15:54 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-11 08:09 - 2009-07-14 15:49 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-11 07:59 - 2015-10-11 07:59 - 00000335 _____ C:\Users\Paul\Downloads\FixExe.reg
2015-10-11 07:14 - 2015-10-11 07:14 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Paul\Downloads\rkill.scr
2015-10-11 07:13 - 2015-10-11 07:13 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Paul\Downloads\uSeRiNiT.exe
2015-10-11 07:08 - 2015-10-11 07:09 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Paul\Desktop\rkill.exe
2015-10-10 18:01 - 2015-10-13 10:34 - 00025060 _____ C:\Windows\system32\CFG4041501513
2015-10-10 12:38 - 2015-10-10 18:00 - 00000000 ____D C:\VIPRERESCUE
2015-10-10 05:50 - 2015-10-10 05:50 - 00000000 ____D C:\Users\Paul\AppData\Roaming\SUPERAntiSpyware.com
2015-10-10 05:49 - 2015-10-10 19:02 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-10 05:49 - 2015-10-10 05:49 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-10-09 07:04 - 2015-10-09 07:04 - 12270747 _____ C:\Users\Paul\Downloads\MPBY-Your Backyard Supermarket FRONT.ppt.zip
2015-10-08 18:22 - 2015-10-08 18:22 - 02243333 _____ C:\Users\Paul\Downloads\MPBY-Your Backyard Supermarket V3.zip
2015-10-08 18:08 - 2015-10-08 18:11 - 31625202 _____ C:\Users\Paul\Downloads\MPBY-Your Backyard Supermarket V3.pptx
2015-10-08 05:25 - 2015-10-08 05:28 - 00043809 _____ C:\Users\Paul\Downloads\Addition.txt
2015-10-08 05:21 - 2015-10-08 05:28 - 00049265 _____ C:\Users\Paul\Downloads\FRST.txt
2015-10-08 05:19 - 2015-10-14 10:16 - 00000000 ____D C:\FRST
2015-10-08 05:08 - 2015-10-08 05:08 - 00000000 ____D C:\Users\Paul\Downloads\mbam-chameleon-3.1.25.0
2015-10-08 05:07 - 2015-10-08 05:08 - 06383209 _____ C:\Users\Paul\Downloads\mbam-chameleon-3.1.25.0.zip
2015-10-07 06:31 - 2015-10-10 18:00 - 00000000 ____D C:\Program Files (x86)\TrojanHunter
2015-10-07 06:31 - 2015-10-07 06:31 - 00000000 ____D C:\ProgramData\TrojanHunter
2015-10-07 06:00 - 2015-10-07 06:01 - 04383777 _____ C:\Users\Paul\Downloads\tdsskiller.zip
2015-10-07 05:59 - 2015-10-07 06:00 - 00392012 _____ C:\Users\Paul\Downloads\rannohdecryptor.zip
2015-10-07 05:15 - 2015-10-10 17:42 - 00000000 ____D C:\Users\Paul\AppData\Local\CrashDumps
2015-10-07 05:15 - 2015-10-10 17:38 - 00002192 _____ C:\Users\Paul\AppData\Local\multiscan.log
2015-10-06 21:44 - 2015-10-06 21:44 - 00199467 _____ C:\Users\Paul\AppData\Local\census.cache
2015-10-06 21:44 - 2015-10-06 21:44 - 00116321 _____ C:\Users\Paul\AppData\Local\ars.cache
2015-10-06 20:29 - 2015-10-06 20:29 - 00000036 _____ C:\Users\Paul\AppData\Local\housecall.guid.cache
2015-10-06 19:44 - 2015-10-06 19:44 - 00000000 ____D C:\Users\Paul\AppData\Local\TempTaskUpdateDetectionDDCA5D8B-17A7-4CCE-A3C6-AA3E2641B185
2015-10-06 19:30 - 2015-10-14 09:15 - 00000000 ____D C:\Qoobox
2015-10-06 19:30 - 2000-08-31 11:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-06 19:30 - 2000-08-31 11:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-06 19:30 - 2000-08-31 11:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-06 19:29 - 2015-10-13 19:03 - 00000000 ____D C:\Windows\erdnt
2015-10-05 13:43 - 2015-10-05 13:43 - 00011985 _____ C:\Users\Paul\Downloads\Downton_Abbey_S06E03_HDTV_x264-ORGANiC[sltv].torrent
2015-09-30 22:00 - 2015-09-30 22:00 - 01593524 _____ C:\Users\Paul\Downloads\4411337+The+Trials+of+Jim.ace
2015-09-30 21:58 - 2015-09-30 21:58 - 01920428 _____ C:\Users\Paul\Downloads\4396279+The+Trials+of+Jim.ace
2015-09-30 14:46 - 2015-09-30 14:46 - 00009641 _____ C:\Users\Paul\Desktop\GRS Cash Expenses.xlsx
2015-09-30 14:46 - 2015-09-30 14:46 - 00000165 ____H C:\Users\Paul\Desktop\~$GRS Cash Expenses.xlsx
2015-09-30 11:51 - 2015-09-30 11:52 - 12698101 _____ C:\Users\Paul\Downloads\New video 810 - 720p.mp4
2015-09-29 07:00 - 2015-09-29 07:01 - 10903184 _____ C:\Users\Paul\Downloads\Video 810 - 720p.mp4
2015-09-28 08:06 - 2015-09-28 08:06 - 00000000 ____D C:\Users\Paul\AppData\Roaming\java
2015-09-28 08:05 - 2015-10-10 18:00 - 00000000 ____D C:\Users\Paul\Downloads\FileBot_4.6-portable
2015-09-28 08:04 - 2015-09-28 08:05 - 27663315 _____ C:\Users\Paul\Downloads\FileBot_4.6-portable.zip
2015-09-27 17:59 - 2015-09-27 17:59 - 00017152 _____ C:\Users\Paul\Downloads\The_Trials_of_Jimmy_Rose_S01E01_PreAir_HDTVx264-JIVE.torrent
2015-09-27 17:29 - 2015-09-27 17:29 - 00098921 _____ C:\Users\Paul\Downloads\An_Inspector_Calls_720p_HDTV_x264-TLA[rartv].torrent
2015-09-27 16:50 - 2015-09-27 16:50 - 00000807 _____ C:\Users\Paul\Downloads\FRITZ!Box_Fon_WLAN_7360_124.06.05_27.09.2015_15-50-diagnose.csv
2015-09-26 11:23 - 2015-09-26 17:19 - 15281050 _____ C:\Users\Paul\Documents\Your  Backyard supermarket.pptx
2015-09-24 20:33 - 2015-09-24 20:33 - 00000874 _____ C:\Users\Paul\Desktop\DSC_5043 - Shortcut.lnk
2015-09-21 07:13 - 2015-09-21 07:13 - 00000525 _____ C:\Users\Paul\Downloads\iCalEvent.ics
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-14 09:15 - 2013-03-20 13:37 - 00000000 ____D C:\Users\Paul\AppData\Local\Apps\2.0
2015-10-14 09:09 - 2009-07-14 13:34 - 00000215 _____ C:\Windows\system.ini
2015-10-14 08:34 - 2010-03-14 14:05 - 01948929 _____ C:\Windows\WindowsUpdate.log
2015-10-14 08:26 - 2009-07-14 15:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-14 08:26 - 2009-07-14 15:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-14 08:21 - 2009-07-14 16:13 - 00798598 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-14 08:18 - 2011-07-10 12:24 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2015-10-14 08:16 - 2011-07-24 18:00 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-14 08:15 - 2014-01-27 18:30 - 00001008 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-10-14 08:15 - 2014-01-27 18:30 - 00000992 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-10-14 08:15 - 2010-09-08 10:55 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-14 08:15 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-14 08:15 - 2009-07-14 15:51 - 00063863 _____ C:\Windows\setupact.log
2015-10-14 07:10 - 2011-07-24 18:00 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-14 07:02 - 2013-03-20 13:40 - 00000000 ____D C:\ProgramData\LogMeIn
2015-10-13 19:27 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-13 18:52 - 2009-10-13 09:12 - 00871784 _____ C:\Windows\PFRO.log
2015-10-13 18:52 - 2009-07-14 13:34 - 74973184 _____ C:\Windows\system32\config\software.bak
2015-10-13 18:52 - 2009-07-14 13:34 - 18874368 _____ C:\Windows\system32\config\system.bak
2015-10-13 18:52 - 2009-07-14 13:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2015-10-13 18:52 - 2009-07-14 13:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2015-10-13 18:52 - 2009-07-14 13:34 - 00262144 _____ C:\Windows\system32\config\default.bak
2015-10-13 07:00 - 2010-04-23 21:30 - 00000000 ____D C:\Users\Paul\Tracing
2015-10-13 06:58 - 2010-09-08 21:09 - 412297370 _____ C:\Windows\MEMORY.DMP
2015-10-13 06:58 - 2010-09-08 21:09 - 00000000 ____D C:\Windows\Minidump
2015-10-12 06:49 - 2015-07-19 09:55 - 00000000 ____D C:\Users\Paul\Documents\Outlook Files
2015-10-11 07:04 - 2015-03-22 06:13 - 00000000 ____D C:\ProgramData\Freemake
2015-10-11 07:04 - 2015-03-22 06:12 - 00000000 ____D C:\Program Files (x86)\Freemake
2015-10-11 06:56 - 2015-02-07 05:58 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-10-11 00:15 - 2015-01-29 06:20 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-10 20:59 - 2015-01-31 10:34 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-10 19:26 - 2015-08-05 18:43 - 00000975 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-10-10 19:26 - 2015-08-05 18:43 - 00000963 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-10-10 19:12 - 2010-04-21 18:41 - 00000000 ____D C:\Users\Paul
2015-10-10 19:05 - 2011-07-24 18:00 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-10 19:05 - 2011-07-24 18:00 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-10 19:04 - 2013-03-20 13:41 - 00122752 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-10-10 19:04 - 2013-03-20 13:41 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-10-10 19:04 - 2013-03-20 13:41 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-10-10 18:01 - 2015-09-02 11:34 - 00000000 ___HD C:\Users\Paul\AppData\Roaming\OCFanEeZ
2015-10-10 18:01 - 2015-03-17 19:48 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Azureus
2015-10-10 18:01 - 2015-01-29 06:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-10 18:01 - 2010-04-26 19:58 - 00000000 ____D C:\Users\Paul\AppData\Roaming\vlc
2015-10-10 18:01 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\AppCompat
2015-10-10 18:00 - 2013-03-20 13:40 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2015-10-10 17:59 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\registration
2015-10-10 17:57 - 2011-07-24 18:00 - 00000000 ____D C:\Users\Paul\AppData\Local\Google
2015-10-10 17:57 - 2010-04-25 11:09 - 00000000 ____D C:\ProgramData\MySQL
2015-10-10 17:57 - 2010-03-14 14:16 - 00000000 ____D C:\ProgramData\Temp
2015-10-10 17:57 - 2009-07-14 14:20 - 00000000 __RHD C:\Users\Default
 
==================== Files in the root of some directories =======
 
2010-08-14 18:19 - 2010-08-14 18:19 - 0000917 _____ () C:\Users\Paul\AppData\Roaming\coreavc.ini
2015-10-06 21:44 - 2015-10-06 21:44 - 0116321 _____ () C:\Users\Paul\AppData\Local\ars.cache
2015-10-06 21:44 - 2015-10-06 21:44 - 0199467 _____ () C:\Users\Paul\AppData\Local\census.cache
2015-10-06 20:29 - 2015-10-06 20:29 - 0000036 _____ () C:\Users\Paul\AppData\Local\housecall.guid.cache
2015-10-07 05:15 - 2015-10-10 17:38 - 0002192 _____ () C:\Users\Paul\AppData\Local\multiscan.log
2010-06-06 19:04 - 2015-03-24 05:39 - 0007597 _____ () C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp1999.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp19A9.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp19BA.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\Temptmp19BB.txt
2010-08-30 11:57 - 2010-08-30 11:57 - 0166143 _____ () C:\Users\Paul\AppData\Local\Temptmp1FEF.png
2010-08-30 11:50 - 2010-08-30 11:50 - 0014302 _____ () C:\Users\Paul\AppData\Local\Temptmp201F.png
2010-09-10 14:12 - 2010-09-10 14:12 - 0157323 _____ () C:\Users\Paul\AppData\Local\Temptmp203F.jpg
2010-08-31 11:06 - 2010-08-31 11:06 - 0482183 _____ () C:\Users\Paul\AppData\Local\Temptmp206F.jpg
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\Temptmp2C58.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\Temptmp2C78.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\Temptmp2C89.png
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp304F.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp3050.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp3061.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\Temptmp3062.txt
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp35BC.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp35CC.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp35DD.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\Temptmp35ED.txt
2010-03-20 22:17 - 2010-03-20 22:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp3F31.png
2010-03-20 04:07 - 2010-03-20 04:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp3F42.png
2010-03-20 15:51 - 2010-03-20 15:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp3F52.png
2011-03-11 17:26 - 2011-03-11 17:26 - 0011566 _____ () C:\Users\Paul\AppData\Local\Temptmp3F53.txt
2010-02-01 15:30 - 2010-02-01 15:30 - 0082726 _____ () C:\Users\Paul\AppData\Local\Temptmp5129.ico
2011-06-27 10:40 - 2011-06-27 10:40 - 0014100 _____ () C:\Users\Paul\AppData\Local\Temptmp520F.png
2010-08-30 11:57 - 2010-08-30 11:57 - 0166143 _____ () C:\Users\Paul\AppData\Local\Temptmp5848.png
2010-08-30 11:50 - 2010-08-30 11:50 - 0014302 _____ () C:\Users\Paul\AppData\Local\Temptmp5897.png
2010-09-10 14:12 - 2010-09-10 14:12 - 0157323 _____ () C:\Users\Paul\AppData\Local\Temptmp58B7.jpg
2010-08-31 11:06 - 2010-08-31 11:06 - 0482183 _____ () C:\Users\Paul\AppData\Local\Temptmp58E7.jpg
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\Temptmp5F7E.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\Temptmp5FBE.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\Temptmp5FCE.png
2010-04-04 21:37 - 2010-04-04 21:37 - 0006092 _____ () C:\Users\Paul\AppData\Local\Temptmp6323.png
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\Temptmp6D42.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\Temptmp6D81.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\Temptmp6DA1.png
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp77CE.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp77DF.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp77F0.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\Temptmp7800.txt
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp89A5.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp89B5.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp89C6.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\Temptmp89C7.txt
2011-06-27 10:40 - 2011-06-27 10:40 - 0014100 _____ () C:\Users\Paul\AppData\Local\Temptmp8CDD.png
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\Temptmp8E1A.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\Temptmp8E4A.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\Temptmp8E6A.png
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp9E33.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp9E34.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp9E45.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\Temptmp9E46.txt
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\TemptmpA380.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\TemptmpA391.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\TemptmpA392.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\TemptmpA393.txt
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\TemptmpA741.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\TemptmpA752.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\TemptmpA753.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\TemptmpA763.txt
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\TemptmpBCE3.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\TemptmpBCE4.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\TemptmpBCF4.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\TemptmpBCF5.txt
2011-06-27 10:40 - 2011-06-27 10:40 - 0014100 _____ () C:\Users\Paul\AppData\Local\TemptmpC7DA.png
2010-12-07 22:50 - 2010-12-07 22:50 - 0024053 _____ () C:\Users\Paul\AppData\Local\TemptmpD0D8.png
2011-06-27 10:40 - 2011-06-27 10:40 - 0014100 _____ () C:\Users\Paul\AppData\Local\TemptmpD33.png
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\TemptmpD65F.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\TemptmpD6CD.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\TemptmpD75A.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\TemptmpD7F7.txt
2009-09-19 16:05 - 2009-09-19 16:05 - 0046980 _____ () C:\Users\Paul\AppData\Local\TemptmpD836.jpg
2011-06-27 10:40 - 2011-06-27 10:40 - 0013040 _____ () C:\Users\Paul\AppData\Local\TemptmpED25.png
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\TemptmpED65.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\TemptmpED85.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\TemptmpEDA5.png
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\TemptmpEF00.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\TemptmpEF11.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\TemptmpEF12.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\TemptmpEF13.txt
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\TemptmpEFA9.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\TemptmpEFE8.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\TemptmpF008.png
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\TemptmpF4EA.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\TemptmpF50A.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\TemptmpF51B.png
2013-08-21 12:52 - 2013-08-21 12:52 - 0112640 ___SH () C:\Users\Paul\AppData\Local\Thumbs.db
2015-02-14 11:48 - 2015-02-14 11:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-03-14 14:16 - 2010-03-14 14:24 - 0008440 _____ () C:\ProgramData\ArcadeDeluxe3.log
2010-08-23 20:56 - 2012-06-03 10:46 - 0051087 _____ () C:\ProgramData\DirectShowSpy.log
2009-10-13 09:26 - 2009-07-18 12:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe
2010-08-30 22:45 - 2010-09-06 23:32 - 0000846 _____ () C:\ProgramData\nvUnsupRes.dat
 
Files to move or delete:
====================
C:\ProgramData\nvUnsupRes.dat
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-11 00:27
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:13 AM

Posted 14 October 2015 - 03:25 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Please upload the following files to my channel.
 
Under "Browse to the file you want to submit:" copy & paste the paths into the filename search:

C:\Users\Paul\AppData\Roaming\tjTrLkVV\AVatGhyy\KLwXGqry\tOVOkNxdj.exe
C:\Users\Paul\AppData\Roaming\OCFanEeZ\zwfIilTa\nMymaPEn\NpclwZKzF.exe

 
Thank you!
 
 Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following options are checked:
    90.PNG
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt ) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 druid9

druid9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 14 October 2015 - 04:14 AM

Hi Jurgen,

 

I have attached the second of your requested files to your channel. 

 

The first cannot be found



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:13 AM

Posted 14 October 2015 - 04:28 AM

OK. Thanks. Please go ahead and run FRST with 90days parameter. You can attach the log as well.

attachlogs.png
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 druid9

druid9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 14 October 2015 - 05:10 AM

OK Scan completed, FRST Log attached,

 

Time difference may affect us here, it is 9:10 p.m. where I am sitting

Attached Files

  • Attached File  FRST.txt   49.73KB   1 downloads


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:13 AM

Posted 14 October 2015 - 05:25 AM

Time difference may affect us here, it is 9:10 p.m. where I am sitting


Why? All helpers here a volunteers. Average response time is one reply every 24 hours. :)

Step 1

drweb1.PNGScan with Dr.Web CureIt!®
Download

Save it to the Desktop (If this is not possible, this program is portable, and runs right from the location it is downloaded to, like a USB drive or SD card.)

Double-click the drweb-cureit.exe or the random named file (i.e. 5mkuvc4z.exe) to run the program.

When first launched, Dr.Web CureIt loads in Enhanced Protection Mode (EPM).
For this mode, at the warning: To continue working in the EPM...(recommended), press: OK

  • EPM allows the program to operate even if malicious programs block access to Windows.
  • All four corners of the Desktop show: Dr.Web CureIt - Enhanced Protection Mode.
  • Functions of the Operating System are not accessible until the scan completes.

At the License and Updates window, check the box to Agree.

  • Only when an update is needed, the License and Updates window displays a notification.
  • To update Dr.Web CureIt!!, click: Update the program
  • At he Dr.Web CureIt! official website you can download the latest virus definitions and/or version of the program.
  • If needed, click: Select objects for scanning. Here you can specify which drives or files and directories to scan.

Next, click: Continue

At the Scan Mode window, press: Start Scanning

An Express Scan window appears where Dr.Web CureIt! displays general information on its progress and lists detected threats.
This scan may take a while depending on the number of drives or directories, so please be patient.

When the scan is done, a Scanning Completed window appears.
If viruses or other threats are identified, press: Neutralize
(Note: If you need to apply a different action to a threat, click the Action for it, and select whether to Cure, Move or Delete.)
When Neutralize is selected, a window appears with the neutralizing progress.

A Curing Completed window shows when the threats are neutralized successfully.
Close the window to return to the Desktop.
Also, restart the computer so files in use can be moved or deleted.
When back in Windows, search for the CureIt log:

  • Press Start, and in the Search programs and files area, type in (or copy/paste) the following: %USERPROFILE%\Doctor Web
  • When the Doctor Web folder appears in the search area, open the folder, and then open the CureIt log.

>> Please post the CureIt.log in your reply.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 druid9

druid9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 14 October 2015 - 06:46 PM

Hi Jurgen,

 

Thanks for your help so far

 

I successfully ran Dr Web, it detected 2 trojans

 

win32.downloader

Mayachok.5

 

I neutralised these of course.

 

RKill ran after eboot successfully, without prompting, I guess this is normal.

 

Do I need to go further? I am out of town on business for the next 36 hours.

 

CureIT Log File attached

 

Attached Files



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:13 AM

Posted 14 October 2015 - 11:52 PM

We're not done yet! :)

Next steps for you:

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

tdss.gif


Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by deeprybka, 14 October 2015 - 11:53 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 druid9

druid9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 16 October 2015 - 01:40 PM

Hi Jurgen,

 

Back to work. Below TDSSKiller log

 

05:33:22.0396 0x0148  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
05:33:30.0727 0x0148  ============================================================
05:33:30.0727 0x0148  Current date / time: 2015/10/17 05:33:30.0727
05:33:30.0727 0x0148  SystemInfo:
05:33:30.0727 0x0148  
05:33:30.0727 0x0148  OS Version: 6.1.7600 ServicePack: 0.0
05:33:30.0727 0x0148  Product type: Workstation
05:33:30.0727 0x0148  ComputerName: ACER-REVO
05:33:30.0727 0x0148  UserName: Paul
05:33:30.0727 0x0148  Windows directory: C:\Windows
05:33:30.0727 0x0148  System windows directory: C:\Windows
05:33:30.0727 0x0148  Running under WOW64
05:33:30.0727 0x0148  Processor architecture: Intel x64
05:33:30.0727 0x0148  Number of processors: 4
05:33:30.0727 0x0148  Page size: 0x1000
05:33:30.0727 0x0148  Boot type: Normal boot
05:33:30.0727 0x0148  ============================================================
05:33:32.0457 0x0148  KLMD registered as C:\Windows\system32\drivers\88632769.sys
05:33:32.0867 0x0148  System UUID: {889F14CC-E99F-0B4A-4549-6C7DF67F65C7}
05:33:33.0781 0x0148  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
05:33:33.0871 0x0148  Drive \Device\Harddisk1\DR1 - Size: 0x3BA400000 ( 14.91 Gb ), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
05:33:33.0881 0x0148  Drive \Device\Harddisk2\DR2 - Size: 0xE7400000 ( 3.61 Gb ), SectorSize: 0x200, Cylinders: 0x1D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
05:33:33.0891 0x0148  ============================================================
05:33:33.0891 0x0148  \Device\Harddisk0\DR0:
05:33:33.0891 0x0148  MBR partitions:
05:33:33.0891 0x0148  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
05:33:33.0901 0x0148  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x1C2E7000
05:33:33.0901 0x0148  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1DF19800, BlocksNum 0x1C46C000
05:33:33.0901 0x0148  \Device\Harddisk1\DR1:
05:33:33.0901 0x0148  MBR partitions:
05:33:33.0901 0x0148  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DD0000
05:33:33.0901 0x0148  \Device\Harddisk2\DR2:
05:33:33.0901 0x0148  MBR partitions:
05:33:33.0901 0x0148  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0x738080
05:33:33.0901 0x0148  ============================================================
05:33:34.0021 0x0148  C: <-> \Device\Harddisk0\DR0\Partition2
05:33:34.0041 0x0148  D: <-> \Device\Harddisk0\DR0\Partition3
05:33:34.0041 0x0148  ============================================================
05:33:34.0041 0x0148  Initialize success
05:33:34.0041 0x0148  ============================================================
05:34:21.0296 0x1b60  ============================================================
05:34:21.0296 0x1b60  Scan started
05:34:21.0296 0x1b60  Mode: Manual; SigCheck; TDLFS; 
05:34:21.0296 0x1b60  ============================================================
05:34:21.0296 0x1b60  KSN ping started
05:34:35.0277 0x1b60  KSN ping finished: true
05:34:37.0172 0x1b60  ================ Scan system memory ========================
05:34:37.0172 0x1b60  System memory - ok
05:34:37.0172 0x1b60  ================ Scan services =============================
05:34:37.0362 0x1b60  [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
05:34:37.0562 0x1b60  1394ohci - ok
05:34:37.0712 0x1b60  [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
05:34:37.0762 0x1b60  ACPI - ok
05:34:37.0792 0x1b60  [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
05:34:37.0899 0x1b60  AcpiPmi - ok
05:34:37.0983 0x1b60  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
05:34:38.0043 0x1b60  adp94xx - ok
05:34:38.0103 0x1b60  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
05:34:38.0153 0x1b60  adpahci - ok
05:34:38.0193 0x1b60  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
05:34:38.0233 0x1b60  adpu320 - ok
05:34:38.0283 0x1b60  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
05:34:38.0473 0x1b60  AeLookupSvc - ok
05:34:38.0533 0x1b60  [ B9384E03479D2506BC924C16A3DB87BC, AB5FD2BC1F005E7D664F5DE3D5CB54499024A83B716DD52C56582DB7EFB4F01B ] AFD             C:\Windows\system32\drivers\afd.sys
05:34:38.0663 0x1b60  AFD - ok
05:34:38.0703 0x1b60  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
05:34:38.0733 0x1b60  agp440 - ok
05:34:38.0773 0x1b60  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
05:34:38.0843 0x1b60  ALG - ok
05:34:38.0897 0x1b60  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
05:34:38.0927 0x1b60  aliide - ok
05:34:38.0947 0x1b60  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
05:34:38.0977 0x1b60  amdide - ok
05:34:39.0007 0x1b60  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
05:34:39.0057 0x1b60  AmdK8 - ok
05:34:39.0077 0x1b60  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
05:34:39.0126 0x1b60  AmdPPM - ok
05:34:39.0163 0x1b60  [ 7A4B413614C055935567CF88A9734D38, A3BB7CDF3EE0EEF67F89263E81145E73C7142EF5F0AF265375C2ECCE74F932C4 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
05:34:39.0193 0x1b60  amdsata - ok
05:34:39.0233 0x1b60  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
05:34:39.0263 0x1b60  amdsbs - ok
05:34:39.0303 0x1b60  [ B4AD0CACBAB298671DD6F6EF7E20679D, FB566C892D0A3DC0A523AE20F35011996958D670937DD5C1A1FCCD36AAC714D7 ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
05:34:39.0333 0x1b60  amdxata - ok
05:34:39.0363 0x1b60  [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID           C:\Windows\system32\drivers\appid.sys
05:34:39.0503 0x1b60  AppID - ok
05:34:39.0543 0x1b60  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
05:34:39.0673 0x1b60  AppIDSvc - ok
05:34:39.0723 0x1b60  [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo         C:\Windows\System32\appinfo.dll
05:34:39.0843 0x1b60  Appinfo - ok
05:34:39.0903 0x1b60  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
05:34:39.0963 0x1b60  arc - ok
05:34:39.0993 0x1b60  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
05:34:40.0033 0x1b60  arcsas - ok
05:34:40.0143 0x1b60  [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
05:34:40.0173 0x1b60  aspnet_state - ok
05:34:40.0233 0x1b60  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
05:34:40.0333 0x1b60  AsyncMac - ok
05:34:40.0373 0x1b60  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
05:34:40.0403 0x1b60  atapi - ok
05:34:40.0533 0x1b60  [ 5D4529AC4156E16BEDB01441AE0CF984, 6E108BA8FF93277A9F8DA3EB8E4CC3082A7EF0DF963A00E347FD6E2105CA9E06 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
05:34:40.0803 0x1b60  athr - ok
05:34:40.0873 0x1b60  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
05:34:41.0077 0x1b60  AudioEndpointBuilder - ok
05:34:41.0130 0x1b60  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
05:34:41.0272 0x1b60  AudioSrv - ok
05:34:41.0322 0x1b60  [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
05:34:41.0412 0x1b60  AxInstSV - ok
05:34:41.0492 0x1b60  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
05:34:41.0592 0x1b60  b06bdrv - ok
05:34:41.0642 0x1b60  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
05:34:41.0712 0x1b60  b57nd60a - ok
05:34:41.0792 0x1b60  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
05:34:41.0852 0x1b60  BDESVC - ok
05:34:41.0872 0x1b60  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
05:34:41.0982 0x1b60  Beep - ok
05:34:42.0069 0x1b60  [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE             C:\Windows\System32\bfe.dll
05:34:42.0239 0x1b60  BFE - ok
05:34:42.0339 0x1b60  [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS            C:\Windows\system32\qmgr.dll
05:34:42.0519 0x1b60  BITS - ok
05:34:42.0559 0x1b60  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
05:34:42.0609 0x1b60  blbdrive - ok
05:34:42.0729 0x1b60  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
05:34:42.0779 0x1b60  Bonjour Service - ok
05:34:42.0819 0x1b60  [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
05:34:42.0939 0x1b60  bowser - ok
05:34:42.0969 0x1b60  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
05:34:43.0029 0x1b60  BrFiltLo - ok
05:34:43.0059 0x1b60  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
05:34:43.0109 0x1b60  BrFiltUp - ok
05:34:43.0174 0x1b60  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
05:34:43.0294 0x1b60  BridgeMP - ok
05:34:43.0334 0x1b60  [ 94FBC06F294D58D02361918418F996E3, 62C7CC2AF8F5A0BB0C262DACDE3F72C6AC318C3840CE60E46EE2064B32BDA5EF ] Browser         C:\Windows\System32\browser.dll
05:34:43.0454 0x1b60  Browser - ok
05:34:43.0514 0x1b60  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
05:34:43.0594 0x1b60  Brserid - ok
05:34:43.0624 0x1b60  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
05:34:43.0694 0x1b60  BrSerWdm - ok
05:34:43.0744 0x1b60  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
05:34:43.0814 0x1b60  BrUsbMdm - ok
05:34:43.0824 0x1b60  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
05:34:43.0864 0x1b60  BrUsbSer - ok
05:34:43.0894 0x1b60  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
05:34:43.0964 0x1b60  BTHMODEM - ok
05:34:44.0014 0x1b60  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
05:34:44.0145 0x1b60  bthserv - ok
05:34:44.0181 0x1b60  catchme - ok
05:34:44.0225 0x1b60  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
05:34:44.0345 0x1b60  cdfs - ok
05:34:44.0395 0x1b60  [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
05:34:44.0455 0x1b60  cdrom - ok
05:34:44.0505 0x1b60  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc     C:\Windows\System32\certprop.dll
05:34:44.0625 0x1b60  CertPropSvc - ok
05:34:44.0685 0x1b60  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
05:34:44.0755 0x1b60  circlass - ok
05:34:44.0805 0x1b60  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
05:34:44.0855 0x1b60  CLFS - ok
05:34:45.0178 0x1b60  [ EC44010BAFA116B6ED200AB18A29E560, 0261CBABF18158FB836DB4569201035F702A5CE27C64551E29C2AC4BC6C3851C ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
05:34:45.0502 0x1b60  ClickToRunSvc - ok
05:34:45.0615 0x1b60  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:34:45.0645 0x1b60  clr_optimization_v2.0.50727_32 - ok
05:34:45.0695 0x1b60  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
05:34:45.0725 0x1b60  clr_optimization_v2.0.50727_64 - ok
05:34:45.0815 0x1b60  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:34:45.0845 0x1b60  clr_optimization_v4.0.30319_32 - ok
05:34:45.0875 0x1b60  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
05:34:45.0905 0x1b60  clr_optimization_v4.0.30319_64 - ok
05:34:45.0955 0x1b60  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
05:34:46.0005 0x1b60  CmBatt - ok
05:34:46.0055 0x1b60  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
05:34:46.0075 0x1b60  cmdide - ok
05:34:46.0125 0x1b60  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1, D1FBCA0416D38B9CA510FB01CF251E60B244D38080E6668948ED927D2350ED49 ] CNG             C:\Windows\system32\Drivers\cng.sys
05:34:46.0225 0x1b60  CNG - ok
05:34:46.0265 0x1b60  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
05:34:46.0295 0x1b60  Compbatt - ok
05:34:46.0345 0x1b60  [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
05:34:46.0405 0x1b60  CompositeBus - ok
05:34:46.0425 0x1b60  COMSysApp - ok
05:34:46.0515 0x1b60  [ 17719A7F571D4CD08223F0B30F71B8B8, 1F4D4DB4ABE26E765A33AFB2501AC134D14CADEAA74AE8A0FAE420E4ECF58E0C ] cpuz134         C:\Windows\system32\drivers\cpuz134_x64.sys
05:34:46.0565 0x1b60  cpuz134 - ok
05:34:46.0605 0x1b60  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
05:34:46.0625 0x1b60  crcdisk - ok
05:34:46.0685 0x1b60  [ 8C57411B66282C01533CB776F98AD384, 65BCF1B0BA521CBE39E974C7ACAEA9C9E3F89D86754275C6B2616E7691876AEE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
05:34:46.0815 0x1b60  CryptSvc - ok
05:34:46.0895 0x1b60  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch      C:\Windows\system32\rpcss.dll
05:34:47.0065 0x1b60  DcomLaunch - ok
05:34:47.0115 0x1b60  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
05:34:47.0245 0x1b60  defragsvc - ok
05:34:47.0311 0x1b60  [ 3F1DC527070ACB87E40AFE46EF6DA749, 5CB9CB94854AF06BEA02AF3E0562B8ECF72B2B23ED657A3F5E17CD3552F3EF84 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
05:34:47.0432 0x1b60  DfsC - ok
05:34:47.0492 0x1b60  [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
05:34:47.0602 0x1b60  Dhcp - ok
05:34:47.0622 0x1b60  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
05:34:47.0742 0x1b60  discache - ok
05:34:47.0802 0x1b60  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
05:34:47.0842 0x1b60  Disk - ok
05:34:47.0872 0x1b60  [ 676108C4E3AA6F6B34633748BD0BEBD9, 953286126E482EF3A9A1833680EFF86D657BD6C5411B9AEC2D7828ADE63D25AD ] Dnscache        C:\Windows\System32\dnsrslvr.dll
05:34:48.0012 0x1b60  Dnscache - ok
05:34:48.0042 0x1b60  [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc         C:\Windows\System32\dot3svc.dll
05:34:48.0172 0x1b60  dot3svc - ok
05:34:48.0262 0x1b60  dpclat_driver - ok
05:34:48.0318 0x1b60  [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS             C:\Windows\system32\dps.dll
05:34:48.0438 0x1b60  DPS - ok
05:34:48.0478 0x1b60  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
05:34:48.0568 0x1b60  drmkaud - ok
05:34:48.0658 0x1b60  [ EBCE0B0924835F635F620D19F0529DCE, 15BF803765373264390879FCA86C6D89C92DAFD0B1A36DEFA78EF01EBA2F9C26 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
05:34:48.0760 0x1b60  DXGKrnl - ok
05:34:48.0810 0x1b60  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
05:34:48.0940 0x1b60  EapHost - ok
05:34:49.0200 0x1b60  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
05:34:49.0610 0x1b60  ebdrv - ok
05:34:49.0660 0x1b60  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS             C:\Windows\System32\lsass.exe
05:34:49.0700 0x1b60  EFS - ok
05:34:49.0810 0x1b60  [ B91D81B3B54A54CCAFC03733DBC2E29E, B08CFD3136F678CF902722B32CA55C4983EEE5AEBDCEE036BEB746914742141C ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
05:34:50.0012 0x1b60  ehRecvr - ok
05:34:50.0042 0x1b60  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
05:34:50.0092 0x1b60  ehSched - ok
05:34:50.0162 0x1b60  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
05:34:50.0232 0x1b60  elxstor - ok
05:34:50.0272 0x1b60  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
05:34:50.0322 0x1b60  ErrDev - ok
05:34:50.0412 0x1b60  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
05:34:50.0578 0x1b60  EventSystem - ok
05:34:50.0618 0x1b60  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
05:34:50.0748 0x1b60  exfat - ok
05:34:50.0788 0x1b60  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
05:34:50.0908 0x1b60  fastfat - ok
05:34:50.0998 0x1b60  [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax             C:\Windows\system32\fxssvc.exe
05:34:51.0108 0x1b60  Fax - ok
05:34:51.0148 0x1b60  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
05:34:51.0201 0x1b60  fdc - ok
05:34:51.0251 0x1b60  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
05:34:51.0351 0x1b60  fdPHost - ok
05:34:51.0371 0x1b60  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
05:34:51.0471 0x1b60  FDResPub - ok
05:34:51.0491 0x1b60  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
05:34:51.0521 0x1b60  FileInfo - ok
05:34:51.0561 0x1b60  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
05:34:51.0671 0x1b60  Filetrace - ok
05:34:51.0701 0x1b60  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
05:34:51.0731 0x1b60  flpydisk - ok
05:34:51.0791 0x1b60  [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
05:34:51.0831 0x1b60  FltMgr - ok
05:34:51.0931 0x1b60  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A, 6587B22ED91F98D3E3614967F62D7A58F42C12F45F8E1D47835D195CD350BC54 ] FontCache       C:\Windows\system32\FntCache.dll
05:34:52.0141 0x1b60  FontCache - ok
05:34:52.0211 0x1b60  [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
05:34:52.0231 0x1b60  FontCache3.0.0.0 - ok
05:34:52.0461 0x1b60  [ 52B58A46BEEFB238C580B69FD051CB5B, 6C3B92F953DD55619BD6F0876850A441CAF7774EB873196F567F6A1C0D8CF182 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
05:34:52.0531 0x1b60  ForceWare Intelligent Application Manager (IAM) - ok
05:34:52.0561 0x1b60  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
05:34:52.0591 0x1b60  FsDepends - ok
05:34:52.0631 0x1b60  [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
05:34:52.0651 0x1b60  Fs_Rec - ok
05:34:52.0701 0x1b60  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09, 24A9F04A0622681A4E4B6BCC47C45016787C6036EAD828920812D9FAD49A71E3 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
05:34:52.0751 0x1b60  fvevol - ok
05:34:52.0791 0x1b60  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
05:34:52.0821 0x1b60  gagp30kx - ok
05:34:52.0911 0x1b60  [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc           C:\Windows\System32\gpsvc.dll
05:34:53.0041 0x1b60  gpsvc - ok
05:34:53.0212 0x1b60  [ 816FD5A6F3C2F3D600900096632FC60E, D92401C4B56663F8A12B6390562608A125713408B00266C53844129679E48E9C ] Greg_Service    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
05:34:53.0312 0x1b60  Greg_Service - ok
05:34:53.0412 0x1b60  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
05:34:53.0442 0x1b60  gupdate - ok
05:34:53.0462 0x1b60  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
05:34:53.0492 0x1b60  gupdatem - ok
05:34:53.0542 0x1b60  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
05:34:53.0616 0x1b60  hcw85cir - ok
05:34:53.0692 0x1b60  [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
05:34:53.0772 0x1b60  HdAudAddService - ok
05:34:53.0832 0x1b60  [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
05:34:53.0912 0x1b60  HDAudBus - ok
05:34:53.0942 0x1b60  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
05:34:54.0022 0x1b60  HidBatt - ok
05:34:54.0132 0x1b60  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
05:34:54.0192 0x1b60  HidBth - ok
05:34:54.0212 0x1b60  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
05:34:54.0262 0x1b60  HidIr - ok
05:34:54.0312 0x1b60  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
05:34:54.0432 0x1b60  hidserv - ok
05:34:54.0482 0x1b60  [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
05:34:54.0532 0x1b60  HidUsb - ok
05:34:54.0562 0x1b60  [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc          C:\Windows\system32\kmsvc.dll
05:34:54.0688 0x1b60  hkmsvc - ok
05:34:54.0738 0x1b60  [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
05:34:54.0828 0x1b60  HomeGroupListener - ok
05:34:54.0878 0x1b60  [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
05:34:54.0948 0x1b60  HomeGroupProvider - ok
05:34:54.0998 0x1b60  [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
05:34:55.0028 0x1b60  HpSAMD - ok
05:34:55.0118 0x1b60  [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
05:34:55.0288 0x1b60  HTTP - ok
05:34:55.0318 0x1b60  [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
05:34:55.0348 0x1b60  hwpolicy - ok
05:34:55.0378 0x1b60  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
05:34:55.0428 0x1b60  i8042prt - ok
05:34:55.0468 0x1b60  [ D83EFB6FD45DF9D55E9A1AFC63640D50, 0494F8F7CB3ED11FD8D0B838CB71271AF7A3CBFCB7F2CB043A9392B5106A3C7B ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
05:34:55.0528 0x1b60  iaStorV - ok
05:34:55.0638 0x1b60  [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
05:34:55.0718 0x1b60  idsvc - ok
05:34:55.0778 0x1b60  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
05:34:55.0808 0x1b60  iirsp - ok
05:34:55.0948 0x1b60  [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT          C:\Windows\System32\ikeext.dll
05:34:56.0138 0x1b60  IKEEXT - ok
05:34:56.0368 0x1b60  [ 2B888BBDF6962E608A5E1A1D7A626ADF, FF747B0D37FCE8CE8ED76532658AB325734D8F475A322884DB25729C4F8E2B50 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
05:34:56.0558 0x1b60  IntcAzAudAddService - ok
05:34:56.0668 0x1b60  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
05:34:56.0698 0x1b60  intelide - ok
05:34:56.0740 0x1b60  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
05:34:56.0992 0x1b60  intelppm - ok
05:34:57.0142 0x1b60  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
05:34:57.0333 0x1b60  IPBusEnum - ok
05:34:57.0433 0x1b60  [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:34:57.0613 0x1b60  IpFilterDriver - ok
05:34:57.0878 0x1b60  [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
05:34:58.0088 0x1b60  iphlpsvc - ok
05:34:58.0148 0x1b60  [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
05:34:58.0188 0x1b60  IPMIDRV - ok
05:34:58.0218 0x1b60  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
05:34:58.0348 0x1b60  IPNAT - ok
05:34:58.0388 0x1b60  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
05:34:58.0448 0x1b60  IRENUM - ok
05:34:58.0478 0x1b60  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
05:34:58.0508 0x1b60  isapnp - ok
05:34:58.0548 0x1b60  [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
05:34:58.0598 0x1b60  iScsiPrt - ok
05:34:58.0638 0x1b60  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
05:34:58.0668 0x1b60  kbdclass - ok
05:34:58.0708 0x1b60  [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
05:34:58.0768 0x1b60  kbdhid - ok
05:34:58.0808 0x1b60  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso          C:\Windows\system32\lsass.exe
05:34:58.0848 0x1b60  KeyIso - ok
05:34:58.0888 0x1b60  [ E8B6FCC9C83535C67F835D407620BD27, 74B63F3BFB756FF0B0AD6A6C1535C0A1A0630295ECCBC078B00F2449718B0870 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
05:34:58.0928 0x1b60  KSecDD - ok
05:34:58.0988 0x1b60  [ A8C63880EF6F4D3FEC7B616B9C060215, 036AE3ABBF991F5748C5C46E1DF62FBBC832BCDBF8C1B6E3C22A22A3703BBBCA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
05:34:59.0028 0x1b60  KSecPkg - ok
05:34:59.0078 0x1b60  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
05:34:59.0208 0x1b60  ksthunk - ok
05:34:59.0273 0x1b60  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
05:34:59.0443 0x1b60  KtmRm - ok
05:34:59.0503 0x1b60  [ C926920B8978DE6ACFE9E15C709E9B57, 33B8002ABC30372B1CA8B6EC046757794CD7C9DA3CA4715B515B6894DC7E45CA ] LanmanServer    C:\Windows\System32\srvsvc.dll
05:34:59.0663 0x1b60  LanmanServer - ok
05:34:59.0693 0x1b60  [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
05:34:59.0813 0x1b60  LanmanWorkstation - ok
05:34:59.0863 0x1b60  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
05:34:59.0987 0x1b60  lltdio - ok
05:35:00.0102 0x1b60  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
05:35:00.0222 0x1b60  lltdsvc - ok
05:35:00.0262 0x1b60  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
05:35:00.0362 0x1b60  lmhosts - ok
05:35:00.0492 0x1b60  [ 3031E7DF2EFAB63B52DCEA6A2BD4E44D, EA349DAF6661B1761EC6AC5F0B99BB58C809F0171CCACE4F11B387619CCF2FBB ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
05:35:00.0542 0x1b60  LMIGuardianSvc - ok
05:35:00.0622 0x1b60  [ 0F28935ECF1FBDEC22BAF720A5A94564, A4E8E13FD7FE1882243AD7139D5E0925F09069616920382F952D79586A4936E7 ] LMIInfo         C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
05:35:00.0642 0x1b60  LMIInfo - ok
05:35:00.0732 0x1b60  [ 51E05761775416DDEFC4D62D85AF14F7, D6668887C3EF3928415EB288F3AD5D4E53FE3F710C4B5259213879094D7006A0 ] LMIMaint        C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
05:35:00.0792 0x1b60  LMIMaint - ok
05:35:00.0842 0x1b60  [ 413ECDCFAD9A82804D3674C8D7EEC24E, C8A65ED0B079D16D1A4449E840B4A9475388FBE61B5A84DFEFC35F4FB3B9A9B1 ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
05:35:00.0862 0x1b60  lmimirr - ok
05:35:00.0882 0x1b60  LMIRfsClientNP - ok
05:35:00.0915 0x1b60  [ C57D3FAA50E6F395759FFB7C709BD944, 7B0B86F0E710934D57801E1F7BB048AD878F871147B2A16BBF81219A4022B499 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
05:35:00.0935 0x1b60  LMIRfsDriver - ok
05:35:01.0025 0x1b60  [ D3760BC17E1755091B7120CF32DBF56B, 2B31CA0CD838BEE0103054520E2FBEA2436A07D99E711B14543B85F3A511478F ] LogMeIn         C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
05:35:01.0065 0x1b60  LogMeIn - ok
05:35:01.0115 0x1b60  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
05:35:01.0155 0x1b60  LSI_FC - ok
05:35:01.0185 0x1b60  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
05:35:01.0215 0x1b60  LSI_SAS - ok
05:35:01.0239 0x1b60  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
05:35:01.0262 0x1b60  LSI_SAS2 - ok
05:35:01.0292 0x1b60  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
05:35:01.0332 0x1b60  LSI_SCSI - ok
05:35:01.0382 0x1b60  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
05:35:01.0492 0x1b60  luafv - ok
05:35:01.0542 0x1b60  [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
05:35:01.0592 0x1b60  Mcx2Svc - ok
05:35:01.0642 0x1b60  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
05:35:01.0672 0x1b60  megasas - ok
05:35:01.0732 0x1b60  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
05:35:01.0782 0x1b60  MegaSR - ok
05:35:01.0812 0x1b60  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
05:35:01.0962 0x1b60  MMCSS - ok
05:35:02.0062 0x1b60  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
05:35:02.0182 0x1b60  Modem - ok
05:35:02.0212 0x1b60  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
05:35:02.0262 0x1b60  monitor - ok
05:35:02.0322 0x1b60  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
05:35:02.0352 0x1b60  mouclass - ok
05:35:02.0392 0x1b60  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
05:35:02.0432 0x1b60  mouhid - ok
05:35:02.0452 0x1b60  [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
05:35:02.0492 0x1b60  mountmgr - ok
05:35:02.0592 0x1b60  [ 0B3C6B3D5187B5D3B6F3178ABA673999, D41FB0F9FC872EAEDEFA8A69636CAD10BED8BDD3A1FC7477ED031CF9C32B04B9 ] MPExtended Service C:\Program Files (x86)\MPExtended\Service\MPExtended.ServiceHosts.CoreService.exe
05:35:02.0602 0x1b60  MPExtended Service - detected UnsignedFile.Multi.Generic ( 1 )
05:35:05.0597 0x1b60  MPExtended Service ( UnsignedFile.Multi.Generic ) - warning
05:35:08.0575 0x1b60  [ DF15927F127BE82DABD83B9CFF3C0EC2, 3B9A2F83F0CA5350DBB009C556D11B07BFF8923E8D7FBB74CAC0598FD4A0AA8A ] MPExtended WebMediaPortal C:\Program Files (x86)\MPExtended\WebMediaPortal\MPExtended.ServiceHosts.WebMediaPortal.exe
05:35:08.0595 0x1b60  MPExtended WebMediaPortal - detected UnsignedFile.Multi.Generic ( 1 )
05:35:11.0285 0x1b60  Detect skipped due to KSN trusted
05:35:11.0285 0x1b60  MPExtended WebMediaPortal - ok
05:35:11.0325 0x1b60  [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
05:35:11.0365 0x1b60  mpio - ok
05:35:11.0405 0x1b60  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
05:35:11.0515 0x1b60  mpsdrv - ok
05:35:11.0635 0x1b60  [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc          C:\Windows\system32\mpssvc.dll
05:35:11.0815 0x1b60  MpsSvc - ok
05:35:11.0895 0x1b60  [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50         C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
05:35:11.0915 0x1b60  MREMP50 - detected UnsignedFile.Multi.Generic ( 1 )
05:35:14.0585 0x1b60  Detect skipped due to KSN trusted
05:35:14.0585 0x1b60  MREMP50 - ok
05:35:14.0595 0x1b60  MREMPR5 - ok
05:35:14.0605 0x1b60  MRENDIS5 - ok
05:35:14.0655 0x1b60  [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50         C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
05:35:14.0685 0x1b60  MRESP50 - detected UnsignedFile.Multi.Generic ( 1 )
05:35:17.0365 0x1b60  Detect skipped due to KSN trusted
05:35:17.0365 0x1b60  MRESP50 - ok
05:35:17.0405 0x1b60  [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
05:35:17.0485 0x1b60  MRxDAV - ok
05:35:17.0535 0x1b60  [ 767A4C3BCF9410C286CED15A2DB17108, D9EA9EF7D4048081B132B804E0AE5A60A58FA6B25B7F5B87D5D7E354B2D94C79 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
05:35:17.0605 0x1b60  mrxsmb - ok
05:35:17.0645 0x1b60  [ 920EE0FF995FCFDEB08C41605A959E1C, 977195011912166F7C7E209D90B973E3F507B5297504AF9B6797FA8D1051534C ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:35:17.0695 0x1b60  mrxsmb10 - ok
05:35:17.0725 0x1b60  [ 740D7EA9D72C981510A5292CF6ADC941, C55C2F73410C008F829D194EF072721A8D7945BCC48458982D2409761908E7AE ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:35:17.0775 0x1b60  mrxsmb20 - ok
05:35:17.0805 0x1b60  [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
05:35:17.0835 0x1b60  msahci - ok
05:35:17.0865 0x1b60  [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
05:35:17.0905 0x1b60  msdsm - ok
05:35:17.0955 0x1b60  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
05:35:18.0035 0x1b60  MSDTC - ok
05:35:18.0075 0x1b60  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
05:35:18.0185 0x1b60  Msfs - ok
05:35:18.0205 0x1b60  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
05:35:18.0325 0x1b60  mshidkmdf - ok
05:35:18.0355 0x1b60  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
05:35:18.0385 0x1b60  msisadrv - ok
05:35:18.0425 0x1b60  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
05:35:18.0555 0x1b60  MSiSCSI - ok
05:35:18.0565 0x1b60  msiserver - ok
05:35:18.0675 0x1b60  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
05:35:18.0804 0x1b60  MSKSSRV - ok
05:35:18.0840 0x1b60  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
05:35:18.0938 0x1b60  MSPCLOCK - ok
05:35:18.0968 0x1b60  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
05:35:19.0078 0x1b60  MSPQM - ok
05:35:19.0128 0x1b60  [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
05:35:19.0178 0x1b60  MsRPC - ok
05:35:19.0208 0x1b60  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
05:35:19.0238 0x1b60  mssmbios - ok
05:35:19.0279 0x1b60  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
05:35:19.0389 0x1b60  MSTEE - ok
05:35:19.0419 0x1b60  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
05:35:19.0469 0x1b60  MTConfig - ok
05:35:19.0519 0x1b60  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
05:35:19.0559 0x1b60  Mup - ok
05:35:19.0609 0x1b60  [ 6FFECC25B39DC7652A0CEC0ADA9DB589, 927EF066CBBA8353149F8C3B7C4299AC06FED439DA874D25CFB583E5912611A2 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
05:35:19.0629 0x1b60  mwlPSDFilter - ok
05:35:19.0649 0x1b60  [ 0BEFE32CA56D6EE89D58175725596A85, E36B9E6159AF7F67D549F7178896CCCB8FC3964531B1DA20CBDD465E632D8FCF ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
05:35:19.0669 0x1b60  mwlPSDNServ - ok
05:35:19.0699 0x1b60  [ D43BC633B8660463E446E28E14A51262, C55F235B5E08FAC6D70B0FAC737D714E318A93F8E43FF8095B86A76559AF211D ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
05:35:19.0719 0x1b60  mwlPSDVDisk - ok
05:35:19.0789 0x1b60  [ 2F139207F618EC2933830227EEFFDDB4, 2942452EC631BF11CCCDA397C756CBBC0337F58B215A3F02DA263818CB3BE9A9 ] MWLService      C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
05:35:19.0824 0x1b60  MWLService - ok
05:35:19.0934 0x1b60  MySQL - ok
05:35:19.0994 0x1b60  [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent        C:\Windows\system32\qagentRT.dll
05:35:20.0144 0x1b60  napagent - ok
05:35:20.0224 0x1b60  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
05:35:20.0314 0x1b60  NativeWifiP - ok
05:35:20.0414 0x1b60  [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS            C:\Windows\system32\drivers\ndis.sys
05:35:20.0504 0x1b60  NDIS - ok
05:35:20.0554 0x1b60  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
05:35:20.0674 0x1b60  NdisCap - ok
05:35:20.0704 0x1b60  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
05:35:20.0824 0x1b60  NdisTapi - ok
05:35:20.0854 0x1b60  [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
05:35:20.0974 0x1b60  Ndisuio - ok
05:35:21.0024 0x1b60  [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
05:35:21.0154 0x1b60  NdisWan - ok
05:35:21.0184 0x1b60  [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
05:35:21.0295 0x1b60  NDProxy - ok
05:35:21.0435 0x1b60  [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
05:35:21.0515 0x1b60  Nero BackItUp Scheduler 4.0 - ok
05:35:21.0565 0x1b60  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
05:35:21.0685 0x1b60  NetBIOS - ok
05:35:21.0725 0x1b60  [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
05:35:21.0865 0x1b60  NetBT - ok
05:35:21.0895 0x1b60  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon        C:\Windows\system32\lsass.exe
05:35:21.0944 0x1b60  Netlogon - ok
05:35:22.0020 0x1b60  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
05:35:22.0167 0x1b60  Netman - ok
05:35:22.0227 0x1b60  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
05:35:22.0247 0x1b60  NetMsmqActivator - ok
05:35:22.0267 0x1b60  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
05:35:22.0297 0x1b60  NetPipeActivator - ok
05:35:22.0357 0x1b60  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
05:35:22.0497 0x1b60  netprofm - ok
05:35:22.0637 0x1b60  [ 254AF6DF67EAFA8C6E0AA0D316487673, AF90F697B0230F3B0CE3453A77238FE521850A93235190A22AADCEA951D2016B ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
05:35:22.0757 0x1b60  netr28x - ok
05:35:22.0797 0x1b60  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
05:35:22.0827 0x1b60  NetTcpActivator - ok
05:35:22.0847 0x1b60  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
05:35:22.0877 0x1b60  NetTcpPortSharing - ok
05:35:22.0917 0x1b60  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
05:35:22.0947 0x1b60  nfrd960 - ok
05:35:23.0001 0x1b60  [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc          C:\Windows\System32\nlasvc.dll
05:35:23.0141 0x1b60  NlaSvc - ok
05:35:23.0171 0x1b60  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
05:35:23.0311 0x1b60  Npfs - ok
05:35:23.0341 0x1b60  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
05:35:23.0451 0x1b60  nsi - ok
05:35:23.0481 0x1b60  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
05:35:23.0601 0x1b60  nsiproxy - ok
05:35:23.0691 0x1b60  [ 20E179A7FE78B37A02D30C4D34C870E7, 3E720CD52749E2F86897A89A2B7D3DE4C14255638111DB644C8F2C15174A6A2A ] nSvcIp          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
05:35:23.0731 0x1b60  nSvcIp - ok
05:35:23.0861 0x1b60  [ 356698A13C4630D5B31C37378D469196, BF5704AADE5C3DA370501747F12ED6E9C3349E342CCF89005AAE132B570BB42B ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
05:35:24.0001 0x1b60  Ntfs - ok
05:35:24.0071 0x1b60  [ BD691091AC7D9713D8F0B07C6B099E6C, 4A69ED227CCBBCB76F78078CEE42506A875759FFB519CB9C40173EF8ACD6D6D2 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
05:35:24.0111 0x1b60  NTI IScheduleSvc - ok
05:35:24.0131 0x1b60  [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
05:35:24.0151 0x1b60  NTIDrvr - ok
05:35:24.0201 0x1b60  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
05:35:24.0311 0x1b60  Null - ok
05:35:24.0391 0x1b60  [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
05:35:24.0461 0x1b60  NVENETFD - ok
05:35:24.0511 0x1b60  [ CB599955CE2CE9694721562F9481CD84, DC8B802396E9D0F11D1855A622E7438711C029D3B76550A953A44CEB8A7E468F ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
05:35:24.0531 0x1b60  NVHDA - ok
05:35:25.0511 0x1b60  [ 6F9CBE52517660B68694ACCEE35EC4D5, FCD396EECF3C71CBB4EE40F9D98F1B7AB3D8FA14D0EEEB071DA20C82E77001E4 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
05:35:26.0645 0x1b60  nvlddmkm - ok
05:35:26.0765 0x1b60  [ 909EEDCBD365BB81027D8E742E6B3416, 6C346C7B0E26A12BB0F56918E5324BC8C1024FEEE5952BFEB02DB2BC47182B61 ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
05:35:26.0815 0x1b60  NVNET - ok
05:35:26.0885 0x1b60  [ E58D81FB8616D0CB55C1E36AA0B213C9, D83F78615889A466ADE2BFEF7AB357C0D31B7FA9A1A52668DED32A51FEFA87B5 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
05:35:26.0905 0x1b60  nvsmu - ok
05:35:26.0945 0x1b60  [ 1E45F96342429D63DC30E0D9117DA3D8, 3D6DB9514594377CACFD766F0153B8DCF51DDF4172864DAF589CB1EE480D2027 ] nvstor64        C:\Windows\system32\DRIVERS\nvstor64.sys
05:35:26.0985 0x1b60  nvstor64 - ok
05:35:27.0035 0x1b60  [ 97F1A24AC0255C6E0A075C9CC772784A, F3611301186CF9DF464C80A63301DF8040DDF9932A31F18507601D515E497672 ] nvsvc           C:\Windows\system32\nvvsvc.exe
05:35:27.0075 0x1b60  nvsvc - ok
05:35:27.0165 0x1b60  [ 1F0E05DFF4F5A833168E49BE1256F002, A858267572033C185293B0FD15B2BFDA679D0771A14C0ADF24461B529DBAD8DF ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
05:35:27.0215 0x1b60  odserv - ok
05:35:27.0245 0x1b60  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
05:35:27.0290 0x1b60  ohci1394 - ok
05:35:27.0346 0x1b60  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
05:35:27.0396 0x1b60  ose - ok
05:35:27.0836 0x1b60  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
05:35:28.0322 0x1b60  osppsvc - ok
05:35:28.0408 0x1b60  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
05:35:28.0498 0x1b60  p2pimsvc - ok
05:35:28.0568 0x1b60  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
05:35:28.0648 0x1b60  p2psvc - ok
05:35:28.0688 0x1b60  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
05:35:28.0728 0x1b60  Parport - ok
05:35:28.0768 0x1b60  [ 7DAA117143316C4A1537E074A5A9EAF0, D4F31F67BE09B6904C1B9702DC042BC0DAB628055B956C79FF760A9027679E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
05:35:28.0798 0x1b60  partmgr - ok
05:35:28.0838 0x1b60  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
05:35:28.0918 0x1b60  PcaSvc - ok
05:35:28.0958 0x1b60  [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci             C:\Windows\system32\DRIVERS\pci.sys
05:35:28.0998 0x1b60  pci - ok
05:35:29.0018 0x1b60  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
05:35:29.0048 0x1b60  pciide - ok
05:35:29.0138 0x1b60  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
05:35:29.0188 0x1b60  pcmcia - ok
05:35:29.0208 0x1b60  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
05:35:29.0238 0x1b60  pcw - ok
05:35:29.0303 0x1b60  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
05:35:29.0453 0x1b60  PEAUTH - ok
05:35:29.0623 0x1b60  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
05:35:29.0673 0x1b60  PerfHost - ok
05:35:29.0823 0x1b60  [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla             C:\Windows\system32\pla.dll
05:35:30.0153 0x1b60  pla - ok
05:35:30.0223 0x1b60  [ 23157D583244400E1D7FBAEE2E4B31B7, 4E8D93F746C727CE1A89B53FEFFCFB080AC3CC8F3CF2F8613E692E989794C52F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
05:35:30.0353 0x1b60  PlugPlay - ok
05:35:30.0383 0x1b60  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
05:35:30.0443 0x1b60  PNRPAutoReg - ok
05:35:30.0483 0x1b60  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
05:35:30.0553 0x1b60  PNRPsvc - ok
05:35:30.0623 0x1b60  [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
05:35:30.0783 0x1b60  PolicyAgent - ok
05:35:30.0833 0x1b60  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
05:35:30.0963 0x1b60  Power - ok
05:35:31.0023 0x1b60  [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
05:35:31.0143 0x1b60  PptpMiniport - ok
05:35:31.0173 0x1b60  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
05:35:31.0233 0x1b60  Processor - ok
05:35:31.0283 0x1b60  [ F381975E1F4346DE875CB07339CE8D3A, 867BFC2E9A08E026289794019B8DE651A8604D06DD6A9BF166C29AFC24B6D26E ] ProfSvc         C:\Windows\system32\profsvc.dll
05:35:31.0436 0x1b60  ProfSvc - ok
05:35:31.0479 0x1b60  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
05:35:31.0531 0x1b60  ProtectedStorage - ok
05:35:31.0580 0x1b60  [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
05:35:31.0690 0x1b60  Psched - ok
05:35:31.0820 0x1b60  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
05:35:31.0990 0x1b60  ql2300 - ok
05:35:32.0030 0x1b60  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
05:35:32.0070 0x1b60  ql40xx - ok
05:35:32.0130 0x1b60  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
05:35:32.0210 0x1b60  QWAVE - ok
05:35:32.0240 0x1b60  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
05:35:32.0320 0x1b60  QWAVEdrv - ok
05:35:32.0340 0x1b60  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
05:35:32.0460 0x1b60  RasAcd - ok
05:35:32.0508 0x1b60  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
05:35:32.0608 0x1b60  RasAgileVpn - ok
05:35:32.0668 0x1b60  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
05:35:32.0808 0x1b60  RasAuto - ok
05:35:32.0848 0x1b60  [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
05:35:32.0978 0x1b60  Rasl2tp - ok
05:35:33.0018 0x1b60  [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan          C:\Windows\System32\rasmans.dll
05:35:33.0168 0x1b60  RasMan - ok
05:35:33.0198 0x1b60  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
05:35:33.0329 0x1b60  RasPppoe - ok
05:35:33.0369 0x1b60  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
05:35:33.0519 0x1b60  RasSstp - ok
05:35:33.0569 0x1b60  [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
05:35:33.0739 0x1b60  rdbss - ok
05:35:33.0779 0x1b60  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
05:35:33.0823 0x1b60  rdpbus - ok
05:35:33.0843 0x1b60  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
05:35:33.0953 0x1b60  RDPCDD - ok
05:35:34.0023 0x1b60  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
05:35:34.0143 0x1b60  RDPENCDD - ok
05:35:34.0193 0x1b60  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
05:35:34.0310 0x1b60  RDPREFMP - ok
05:35:34.0350 0x1b60  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7, 02179089E0816AD544F370A8A3557498D09981F60CC94E497DC4A5A2BBBE1E48 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
05:35:34.0480 0x1b60  RDPWD - ok
05:35:34.0548 0x1b60  [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
05:35:34.0602 0x1b60  rdyboost - ok
05:35:34.0643 0x1b60  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
05:35:34.0773 0x1b60  RemoteAccess - ok
05:35:34.0823 0x1b60  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
05:35:34.0953 0x1b60  RemoteRegistry - ok
05:35:35.0003 0x1b60  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
05:35:35.0123 0x1b60  RpcEptMapper - ok
05:35:35.0163 0x1b60  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
05:35:35.0203 0x1b60  RpcLocator - ok
05:35:35.0273 0x1b60  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs           C:\Windows\system32\rpcss.dll
05:35:35.0416 0x1b60  RpcSs - ok
05:35:35.0496 0x1b60  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
05:35:35.0616 0x1b60  rspndr - ok
05:35:35.0636 0x1b60  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs           C:\Windows\system32\lsass.exe
05:35:35.0686 0x1b60  SamSs - ok
05:35:35.0716 0x1b60  [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
05:35:35.0746 0x1b60  sbp2port - ok
05:35:35.0776 0x1b60  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
05:35:35.0936 0x1b60  SCardSvr - ok
05:35:35.0966 0x1b60  [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
05:35:36.0086 0x1b60  scfilter - ok
05:35:36.0186 0x1b60  [ EC56B171F85C7E855E7B0588AC503EEA, EDBC0E52DF00D73356F4B886D6CA2397B571A9D2245FEDC347A6D52A5467EA5D ] Schedule        C:\Windows\system32\schedsvc.dll
05:35:36.0376 0x1b60  Schedule - ok
05:35:36.0486 0x1b60  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc     C:\Windows\System32\certprop.dll
05:35:36.0586 0x1b60  SCPolicySvc - ok
05:35:36.0636 0x1b60  [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
05:35:36.0726 0x1b60  SDRSVC - ok
05:35:36.0756 0x1b60  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
05:35:36.0876 0x1b60  secdrv - ok
05:35:36.0916 0x1b60  [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon        C:\Windows\system32\seclogon.dll
05:35:37.0036 0x1b60  seclogon - ok
05:35:37.0076 0x1b60  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
05:35:37.0176 0x1b60  SENS - ok
05:35:37.0216 0x1b60  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
05:35:37.0266 0x1b60  SensrSvc - ok
05:35:37.0286 0x1b60  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
05:35:37.0326 0x1b60  Serenum - ok
05:35:37.0381 0x1b60  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
05:35:37.0441 0x1b60  Serial - ok
05:35:37.0471 0x1b60  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
05:35:37.0521 0x1b60  sermouse - ok
05:35:37.0591 0x1b60  [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv      C:\Windows\system32\sessenv.dll
05:35:37.0720 0x1b60  SessionEnv - ok
05:35:37.0747 0x1b60  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
05:35:37.0797 0x1b60  sffdisk - ok
05:35:37.0827 0x1b60  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
05:35:37.0877 0x1b60  sffp_mmc - ok
05:35:37.0927 0x1b60  [ 5588B8C6193EB1522490C122EB94DFFA, 53AE3597D3305F2839130A2F3567F1690564B922035503EB418B9DE1586AEA43 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
05:35:37.0977 0x1b60  sffp_sd - ok
05:35:37.0987 0x1b60  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
05:35:38.0027 0x1b60  sfloppy - ok
05:35:38.0087 0x1b60  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
05:35:38.0237 0x1b60  SharedAccess - ok
05:35:38.0307 0x1b60  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
05:35:38.0407 0x1b60  ShellHWDetection - ok
05:35:38.0457 0x1b60  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
05:35:38.0487 0x1b60  SiSRaid2 - ok
05:35:38.0507 0x1b60  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
05:35:38.0537 0x1b60  SiSRaid4 - ok
05:35:38.0637 0x1b60  [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
05:35:38.0707 0x1b60  SkypeUpdate - ok
05:35:38.0740 0x1b60  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
05:35:38.0848 0x1b60  Smb - ok
05:35:38.0888 0x1b60  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
05:35:38.0928 0x1b60  SNMPTRAP - ok
05:35:38.0958 0x1b60  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
05:35:38.0988 0x1b60  spldr - ok
05:35:39.0051 0x1b60  [ 89E8550C5862999FCF482EA562B0E98E, 11BC94FD879DCD22E80DB8FA73CEBD0F072917C546AD9C8B92CCFBF4E0B83056 ] Spooler         C:\Windows\System32\spoolsv.exe
05:35:39.0142 0x1b60  Spooler - ok
05:35:39.0413 0x1b60  [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc          C:\Windows\system32\sppsvc.exe
05:35:39.0840 0x1b60  sppsvc - ok
05:35:39.0890 0x1b60  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
05:35:40.0000 0x1b60  sppuinotify - ok
05:35:40.0070 0x1b60  [ 37C3ABC2338010E110D2A6A3930F3149, EBEBC6677B914A18B02C185374A31A98FA65D81A14A21B6865EB8D4A31D3D3D9 ] srv             C:\Windows\system32\DRIVERS\srv.sys
05:35:40.0150 0x1b60  srv - ok
05:35:40.0210 0x1b60  [ F773D2ED090B7BAA1C1A034F3CA476C8, C8DD8BE37CFEA0DB1B7FC94946381B60553848002E6170E0BEC3FEE40295DF1F ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
05:35:40.0360 0x1b60  srv2 - ok
05:35:40.0410 0x1b60  [ CCE32BB223E9FF55D241099A858FA889, A284636D165D783CCC21B825CD382D55718544FE2061551718583DC1426C854F ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
05:35:40.0480 0x1b60  srvnet - ok
05:35:40.0530 0x1b60  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
05:35:40.0660 0x1b60  SSDPSRV - ok
05:35:40.0710 0x1b60  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
05:35:40.0827 0x1b60  SstpSvc - ok
05:35:40.0962 0x1b60  [ 6A36A1CE6E6C71559569A965183FF612, 1CAD5B72F1CE84084BCC2A643791DA25550F0423F35608ED903B787FF4EBC9DB ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
05:35:40.0990 0x1b60  Stereo Service - ok
05:35:41.0030 0x1b60  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
05:35:41.0060 0x1b60  stexstor - ok
05:35:41.0110 0x1b60  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
05:35:41.0170 0x1b60  StillCam - ok
05:35:41.0250 0x1b60  [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc          C:\Windows\System32\wiaservc.dll
05:35:41.0371 0x1b60  stisvc - ok
05:35:41.0409 0x1b60  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
05:35:41.0439 0x1b60  swenum - ok
05:35:41.0509 0x1b60  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
05:35:41.0649 0x1b60  swprv - ok
05:35:41.0789 0x1b60  [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain         C:\Windows\system32\sysmain.dll
05:35:42.0017 0x1b60  SysMain - ok
05:35:42.0077 0x1b60  [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
05:35:42.0147 0x1b60  TabletInputService - ok
05:35:42.0197 0x1b60  [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv         C:\Windows\System32\tapisrv.dll
05:35:42.0337 0x1b60  TapiSrv - ok
05:35:42.0367 0x1b60  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
05:35:42.0487 0x1b60  TBS - ok
05:35:42.0657 0x1b60  [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
05:35:42.0817 0x1b60  Tcpip - ok
05:35:42.0997 0x1b60  [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
05:35:43.0157 0x1b60  TCPIP6 - ok
05:35:43.0267 0x1b60  [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
05:35:43.0387 0x1b60  tcpipreg - ok
05:35:43.0433 0x1b60  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
05:35:43.0543 0x1b60  TDPIPE - ok
05:35:43.0573 0x1b60  [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
05:35:43.0673 0x1b60  TDTCP - ok
05:35:43.0713 0x1b60  [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
05:35:43.0833 0x1b60  tdx - ok
05:35:44.0387 0x1b60  [ 2AA61246A5B813C1B12BCCFAA6F23DD8, 74EE3DB839A0F4BC781294803281DB2248D013B8808FF05F2EE9597C14C6FEED ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
05:35:44.0927 0x1b60  TeamViewer - ok
05:35:44.0997 0x1b60  [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
05:35:45.0030 0x1b60  TermDD - ok
05:35:45.0103 0x1b60  [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService     C:\Windows\System32\termsrv.dll
05:35:45.0283 0x1b60  TermService - ok
05:35:45.0313 0x1b60  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
05:35:45.0373 0x1b60  Themes - ok
05:35:45.0403 0x1b60  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
05:35:45.0519 0x1b60  THREADORDER - ok
05:35:45.0579 0x1b60  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
05:35:45.0709 0x1b60  TrkWks - ok
05:35:45.0759 0x1b60  [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
05:35:45.0809 0x1b60  TrustedInstaller - ok
05:35:45.0859 0x1b60  [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
05:35:45.0979 0x1b60  tssecsrv - ok
05:35:46.0039 0x1b60  [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
05:35:46.0159 0x1b60  tunnel - ok
05:35:46.0209 0x1b60  [ B48C25CBE431DF3D6DD19ED3C444DD45, 32C14F32D7EE160CF90369076CD4CBAE2AB1BF526F57EE1858563EFDDCB7DF1D ] TV4HomeCoreService C:\Program Files (x86)\TV4Home Core Service\TV4Home.Server.CoreService.exe
05:35:46.0229 0x1b60  TV4HomeCoreService - detected UnsignedFile.Multi.Generic ( 1 )
05:35:56.0238 0x1b60  TV4HomeCoreService ( UnsignedFile.Multi.Generic ) - warning
05:36:00.0525 0x1b60  [ A8A12DA3EA722C976739CA8DC62835C9, F230335257DBEFB9AAF480550242EB51ADA0F02AFFCB5C8C668FC335EC018172 ] tvnserver       C:\Program Files (x86)\TightVNC\tvnserver.exe
05:36:00.0595 0x1b60  tvnserver - ok
05:36:00.0645 0x1b60  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
05:36:00.0675 0x1b60  uagp35 - ok
05:36:00.0695 0x1b60  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
05:36:00.0715 0x1b60  UBHelper - ok
05:36:00.0767 0x1b60  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
05:36:00.0897 0x1b60  udfs - ok
05:36:00.0967 0x1b60  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
05:36:01.0017 0x1b60  UI0Detect - ok
05:36:01.0047 0x1b60  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
05:36:01.0077 0x1b60  uliagpkx - ok
05:36:01.0127 0x1b60  [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
05:36:01.0167 0x1b60  umbus - ok
05:36:01.0187 0x1b60  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
05:36:01.0237 0x1b60  UmPass - ok
05:36:01.0307 0x1b60  [ 70DDE3A86DBEB1D6C3C30AD687B1877A, 2DAE797240DB8F521F1C9D1171524790052E186B060D58A1B102FBFFC80CE48E ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
05:36:01.0347 0x1b60  Updater Service - ok
05:36:01.0397 0x1b60  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
05:36:01.0528 0x1b60  upnphost - ok
05:36:01.0628 0x1b60  [ 77B01BC848298223A95D4EC23E1785A1, 7D0FBBA746588401400226BB966507EE34EEBB2F4F16607601E3D7383CAD34E2 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
05:36:01.0688 0x1b60  usbaudio - ok
05:36:01.0738 0x1b60  [ B26AFB54A534D634523C4FB66765B026, A219C9AE32D040BEA4DD69C2C826B1C52BACE26BEBFEE799BD56DFD442C5E0D8 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
05:36:01.0788 0x1b60  usbccgp - ok
05:36:01.0848 0x1b60  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
05:36:01.0908 0x1b60  usbcir - ok
05:36:01.0958 0x1b60  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5, CBECE7CEC0EFA4B283C63E9B6A270D595F5F3D006306DA5E5121BBFDCAB16376 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
05:36:01.0998 0x1b60  usbehci - ok
05:36:02.0048 0x1b60  [ 4C9042B8DF86C1E8E6240C218B99B39B, D286633311C047B9C4FB1AA89D7B02B9F943FDDCE473255DC8E14DD07CC9B292 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
05:36:02.0128 0x1b60  usbhub - ok
05:36:02.0148 0x1b60  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
05:36:02.0188 0x1b60  usbohci - ok
05:36:02.0208 0x1b60  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
05:36:02.0258 0x1b60  usbprint - ok
05:36:02.0298 0x1b60  [ 080D3820DA6C046BE82FC8B45A893E83, EF4829A2D5B8D47AA7E06093EC85244042ED1CCFF43CC80DC44EF018B434197A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
05:36:02.0348 0x1b60  USBSTOR - ok
05:36:02.0368 0x1b60  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
05:36:02.0438 0x1b60  usbuhci - ok
05:36:02.0638 0x1b60  [ D501E12614B00A3252073101D6A1A74B, DFA3A83978125B3CE45C71DD9069E8A7938366D0F4B4B2401CDD07251253FA8C ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
05:36:02.0708 0x1b60  usbvideo - ok
05:36:02.0748 0x1b60  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
05:36:02.0848 0x1b60  UxSms - ok
05:36:02.0882 0x1b60  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc        C:\Windows\system32\lsass.exe
05:36:02.0928 0x1b60  VaultSvc - ok
05:36:02.0963 0x1b60  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
05:36:02.0988 0x1b60  vdrvroot - ok
05:36:03.0062 0x1b60  [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds             C:\Windows\System32\vds.exe
05:36:03.0140 0x1b60  vds - ok
05:36:03.0180 0x1b60  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
05:36:03.0230 0x1b60  vga - ok
05:36:03.0250 0x1b60  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
05:36:03.0370 0x1b60  VgaSave - ok
05:36:03.0410 0x1b60  [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
05:36:03.0450 0x1b60  vhdmp - ok
05:36:03.0475 0x1b60  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
05:36:03.0496 0x1b60  viaide - ok
05:36:03.0526 0x1b60  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
05:36:03.0556 0x1b60  volmgr - ok
05:36:03.0596 0x1b60  [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
05:36:03.0646 0x1b60  volmgrx - ok
05:36:03.0686 0x1b60  [ 58F82EED8CA24B461441F9C3E4F0BF5C, 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
05:36:03.0736 0x1b60  volsnap - ok
05:36:03.0796 0x1b60  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
05:36:03.0836 0x1b60  vsmraid - ok
05:36:03.0969 0x1b60  [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS             C:\Windows\system32\vssvc.exe
05:36:04.0169 0x1b60  VSS - ok
05:36:04.0199 0x1b60  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
05:36:04.0249 0x1b60  vwifibus - ok
05:36:04.0299 0x1b60  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
05:36:04.0379 0x1b60  vwififlt - ok
05:36:04.0439 0x1b60  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
05:36:04.0489 0x1b60  vwifimp - ok
05:36:04.0549 0x1b60  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
05:36:04.0679 0x1b60  W32Time - ok
05:36:04.0769 0x1b60  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
05:36:04.0809 0x1b60  WacomPen - ok
05:36:04.0859 0x1b60  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
05:36:04.0959 0x1b60  WANARP - ok
05:36:04.0979 0x1b60  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
05:36:05.0089 0x1b60  Wanarpv6 - ok
05:36:05.0229 0x1b60  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
05:36:05.0339 0x1b60  WatAdminSvc - ok
05:36:05.0483 0x1b60  [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine        C:\Windows\system32\wbengine.exe
05:36:05.0670 0x1b60  wbengine - ok
05:36:05.0710 0x1b60  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
05:36:05.0780 0x1b60  WbioSrvc - ok
05:36:05.0830 0x1b60  [ 8321C2CA3B62B61B293CDA3451984468, 856A079C2CCC75D633EA23E410D7F3ECDF368EAAAFF634CB82DDA545FD3A2F9C ] wcncsvc         C:\Windows\System32\wcncsvc.dll
05:36:05.0910 0x1b60  wcncsvc - ok
05:36:05.0950 0x1b60  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
05:36:06.0010 0x1b60  WcsPlugInService - ok
05:36:06.0047 0x1b60  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
05:36:06.0082 0x1b60  Wd - ok
05:36:06.0135 0x1b60  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
05:36:06.0175 0x1b60  WDC_SAM - ok
05:36:06.0245 0x1b60  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
05:36:06.0335 0x1b60  Wdf01000 - ok
05:36:06.0355 0x1b60  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
05:36:06.0435 0x1b60  WdiServiceHost - ok
05:36:06.0445 0x1b60  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
05:36:06.0505 0x1b60  WdiSystemHost - ok
05:36:06.0555 0x1b60  [ 8A438CBB8C032A0C798B0C642FFBE572, 3200B9B6A7B87C1C47295FA416C99DE1FBB2DBBA3DA78D5CC88C26DCC4189D45 ] WebClient       C:\Windows\System32\webclnt.dll
05:36:06.0645 0x1b60  WebClient - ok
05:36:06.0695 0x1b60  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
05:36:06.0825 0x1b60  Wecsvc - ok
05:36:06.0865 0x1b60  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
05:36:06.0985 0x1b60  wercplsupport - ok
05:36:07.0025 0x1b60  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
05:36:07.0130 0x1b60  WerSvc - ok
05:36:07.0170 0x1b60  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
05:36:07.0260 0x1b60  WfpLwf - ok
05:36:07.0290 0x1b60  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
05:36:07.0320 0x1b60  WIMMount - ok
05:36:07.0340 0x1b60  WinDefend - ok
05:36:07.0370 0x1b60  WinHttpAutoProxySvc - ok
05:36:07.0430 0x1b60  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
05:36:07.0571 0x1b60  Winmgmt - ok
05:36:07.0791 0x1b60  [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM           C:\Windows\system32\WsmSvc.dll
05:36:08.0101 0x1b60  WinRM - ok
05:36:08.0191 0x1b60  [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
05:36:08.0241 0x1b60  WinUsb - ok
05:36:08.0351 0x1b60  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
05:36:08.0471 0x1b60  Wlansvc - ok
05:36:08.0581 0x1b60  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
05:36:08.0611 0x1b60  WmiAcpi - ok
05:36:08.0671 0x1b60  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
05:36:08.0731 0x1b60  wmiApSrv - ok
05:36:08.0771 0x1b60  WMPNetworkSvc - ok
05:36:08.0801 0x1b60  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
05:36:08.0848 0x1b60  WPCSvc - ok
05:36:08.0898 0x1b60  [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
05:36:08.0978 0x1b60  WPDBusEnum - ok
05:36:09.0018 0x1b60  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
05:36:09.0118 0x1b60  ws2ifsl - ok
05:36:09.0138 0x1b60  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
05:36:09.0206 0x1b60  wscsvc - ok
05:36:09.0267 0x1b60  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
05:36:09.0319 0x1b60  WSDPrintDevice - ok
05:36:09.0329 0x1b60  WSearch - ok
05:36:09.0531 0x1b60  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
05:36:09.0741 0x1b60  wuauserv - ok
05:36:09.0791 0x1b60  [ 7CADC74271DD6461C452C271B30BD378, D58C2094C36FC665C03A6A269EED80DC71F330C3DCF40A27A3C8F56AB7A96861 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
05:36:09.0941 0x1b60  WudfPf - ok
05:36:10.0001 0x1b60  [ 3B197AF0FFF08AA66B6B2241CA538D64, BC94E5EFF38B9C6A37717B2A6CA56679781A4872A0C4298056E074033571BE79 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
05:36:10.0121 0x1b60  WUDFRd - ok
05:36:10.0161 0x1b60  [ B551D6637AA0E132C18AC6E504F7B79B, FA6495533A14E01ABB0F6689AB7503B1B439D3ADA7457DFCB7D81714A9817327 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
05:36:10.0292 0x1b60  wudfsvc - ok
05:36:10.0332 0x1b60  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
05:36:10.0412 0x1b60  WwanSvc - ok
05:36:10.0482 0x1b60  [ 00AC063862215D7F74CE322129732154, D0BAAB2A294B8866ED719E4E90EEB23A354D2122947E7959DCC4215928C19A73 ] zremote         C:\Windows\system32\Drivers\zremote.sys
05:36:10.0532 0x1b60  zremote - ok
05:36:10.0572 0x1b60  ================ Scan global ===============================
05:36:10.0602 0x1b60  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
05:36:10.0642 0x1b60  [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
05:36:10.0682 0x1b60  [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
05:36:10.0732 0x1b60  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
05:36:10.0782 0x1b60  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
05:36:10.0802 0x1b60  [ Global ] - ok
05:36:10.0812 0x1b60  ================ Scan MBR ==================================
05:36:10.0832 0x1b60  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
05:36:11.0202 0x1b60  \Device\Harddisk0\DR0 - ok
05:36:11.0212 0x1b60  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
05:36:11.0332 0x1b60  \Device\Harddisk1\DR1 - ok
05:36:11.0352 0x1b60  [ 8CB37AFC263A219EBB7586F9C495114E ] \Device\Harddisk2\DR2
05:36:11.0725 0x1b60  \Device\Harddisk2\DR2 - ok
05:36:11.0725 0x1b60  ================ Scan VBR ==================================
05:36:11.0735 0x1b60  [ 5CBF65CEFFE616115B1FED84E9D9DC2E ] \Device\Harddisk0\DR0\Partition1
05:36:11.0735 0x1b60  \Device\Harddisk0\DR0\Partition1 - ok
05:36:11.0745 0x1b60  [ DBC81BDE08C3D6F43078466C37F6C1B4 ] \Device\Harddisk0\DR0\Partition2
05:36:11.0755 0x1b60  \Device\Harddisk0\DR0\Partition2 - ok
05:36:11.0765 0x1b60  [ 1B1D9339DAB9A6B21FDFA9B22C259A24 ] \Device\Harddisk0\DR0\Partition3
05:36:11.0765 0x1b60  \Device\Harddisk0\DR0\Partition3 - ok
05:36:11.0785 0x1b60  [ 492C873CA707DD3C5379D08293B22DC9 ] \Device\Harddisk1\DR1\Partition1
05:36:11.0785 0x1b60  \Device\Harddisk1\DR1\Partition1 - ok
05:36:11.0805 0x1b60  [ DF64464A72B137B964C2D9169FA32EA9 ] \Device\Harddisk2\DR2\Partition1
05:36:11.0805 0x1b60  \Device\Harddisk2\DR2\Partition1 - ok
05:36:11.0815 0x1b60  ================ Scan generic autorun ======================
05:36:11.0905 0x1b60  [ 3F09D12C0DF3BFF61E80309063F165D2, BE2EDF10141094112EE79A457E6C0B547C2F424E9ADEC3F5C89F6B2604F8288D ] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
05:36:11.0945 0x1b60  mwlDaemon - ok
05:36:12.0799 0x1b60  [ D549AA88FDBBC3DF67AC2D710D8E8B7B, 75ABC68C28C441EC31B82A009F3FF8EBD09A30DD076BCFB9F9B1B5F8657D1E46 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
05:36:13.0760 0x1b60  RtHDVCpl - ok
05:36:13.0860 0x1b60  [ 223A96BAC91792E1A954BFEB49FBE02C, 56582B1E48EB9AAE8C3AA0BCFB3B8DCBBA6AE26138BBE801DA2404A527DF5636 ] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
05:36:13.0880 0x1b60  LogMeIn GUI - ok
05:36:13.0980 0x1b60  [ D9CB30BF12B3670650C85637EA1AB6EA, AFA4943A853ACE460007D3AFE5D45B4C972BF51777ACF4C0E84684DA6A014131 ] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
05:36:14.0010 0x1b60  BackupManagerTray - ok
05:36:14.0110 0x1b60  [ 84F122BFFA0638CE735E891620EF7754, 5A3227301212C4F767258F8207268055B8EA672E82F64CD9CBDCD96858476D7F ] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
05:36:14.0170 0x1b60  Hotkey Utility - ok
05:36:14.0210 0x1b60  [ EF533F9D1E4F51C783D4349A7C3F518F, 5A4B84CFC96F13AF4B5EC1F693152A37DA37FC08150EE37913EC5D6EEEFD490E ] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
05:36:14.0240 0x1b60  EgisTecLiveUpdate - ok
05:36:14.0310 0x1b60  [ 981E539199217491DF663368C02F4B94, BF17C28733E94D986FEA311DCD6D6507A4FD58515FD5F7C6ABA5A2A92045A511 ] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
05:36:14.0360 0x1b60  NortonOnlineBackupReminder - ok
05:36:14.0430 0x1b60  [ 26E028BF39E893890A6FFA3178B56245, 85F4CACEEA9FE07C28F5DFEF21F9C3B3AA744C2EDCFBBEE3358C41B6F5A3E70E ] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
05:36:14.0450 0x1b60  ArcadeDeluxeAgent - ok
05:36:14.0510 0x1b60  [ 788AAFF20137081AD9705BBA3F816116, D2489F306FFCA8ACF3BFD40C52890FF45B3BD9BDA1F3D19696008083FE08763F ] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
05:36:14.0530 0x1b60  PlayMovie - ok
05:36:14.0600 0x1b60  [ A8A12DA3EA722C976739CA8DC62835C9, F230335257DBEFB9AAF480550242EB51ADA0F02AFFCB5C8C668FC335EC018172 ] C:\Program Files (x86)\TightVNC\tvnserver.exe
05:36:14.0670 0x1b60  tvncontrol - ok
05:36:14.0830 0x1b60  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
05:36:14.0850 0x1b60  HP Software Update - ok
05:36:14.0990 0x1b60  [ 973EFF420E0F6D525DD5625486605645, AC86AFAA8EE1151B42CBF0F99EB0AFCDF108BA07B86A3DDCB227F3C981222EC3 ] C:\Program Files (x86)\MPExtended\Service\MPExtended.Applications.ServiceConfigurator.exe
05:36:15.0120 0x1b60  MPExtended Configurator - detected UnsignedFile.Multi.Generic ( 1 )
05:36:17.0798 0x1b60  MPExtended Configurator ( UnsignedFile.Multi.Generic ) - warning
05:36:17.0798 0x1b60  Force sending object to P2P due to detect: C:\Program Files (x86)\MPExtended\Service\MPExtended.Applications.ServiceConfigurator.exe
05:36:21.0061 0x1b60  Object send P2P result: true
05:36:24.0074 0x1b60  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
05:36:24.0274 0x1b60  HP Officejet Pro 8600 (NET) - ok
05:36:24.0324 0x1b60  Skype - ok
05:36:24.0484 0x1b60  [ 1CD59A498A850F58D0C01EB1E913929D, B6D3BD3F47C317C48CDBA9095385FBAE86862D068ECD5E13D5268D941854CC21 ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
05:36:24.0554 0x1b60  GoogleChromeAutoLaunch_29EBA8C2ED1206321A8B41FC997F63B8 - ok
05:36:24.0684 0x1b60  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
05:36:24.0834 0x1b60  Sidebar - ok
05:36:24.0864 0x1b60  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
05:36:24.0934 0x1b60  mctadmin - ok
05:36:24.0940 0x1b60  ScrSav - ok
05:36:25.0038 0x1b60  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
05:36:25.0168 0x1b60  Sidebar - ok
05:36:25.0188 0x1b60  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
05:36:25.0238 0x1b60  mctadmin - ok
05:36:25.0238 0x1b60  ScrSav - ok
05:36:25.0248 0x1b60  Waiting for KSN requests completion. In queue: 6
05:36:26.0257 0x1b60  Waiting for KSN requests completion. In queue: 6
05:36:27.0257 0x1b60  Waiting for KSN requests completion. In queue: 6
05:36:28.0348 0x1b60  Win FW state via NFP2: enabled ( trusted )
05:36:31.0092 0x1b60  ============================================================
05:36:31.0092 0x1b60  Scan finished
05:36:31.0092 0x1b60  ============================================================
05:36:31.0122 0x1ad8  Detected object count: 3
05:36:31.0122 0x1ad8  Actual detected object count: 3
05:39:02.0819 0x1ad8  MPExtended Service ( UnsignedFile.Multi.Generic ) - skipped by user
05:39:02.0819 0x1ad8  MPExtended Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:39:02.0820 0x1ad8  TV4HomeCoreService ( UnsignedFile.Multi.Generic ) - skipped by user
05:39:02.0820 0x1ad8  TV4HomeCoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:39:02.0827 0x1ad8  MPExtended Configurator ( UnsignedFile.Multi.Generic ) - skipped by user
05:39:02.0828 0x1ad8  MPExtended Configurator ( UnsignedFile.Multi.Generic ) - User select action: Skip 


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:13 AM

Posted 16 October 2015 - 01:50 PM

OK, please go ahead with step 2...
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 druid9

druid9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 16 October 2015 - 02:02 PM

FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-10-2015
Ran by Paul (administrator) on ACER-REVO (17-10-2015 05:42:01)
Running from C:\Users\Paul\Desktop
Loaded Profiles: Paul (Available Profiles: Paul & LogMeInRemoteUser & Admin)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
() C:\Program Files (x86)\MPExtended\WebMediaPortal\MPExtended.ServiceHosts.WebMediaPortal.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files (x86)\IIS Express\iisexpress.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(mpextended.github.com) C:\Program Files (x86)\MPExtended\Service\MPExtended.Applications.ServiceConfigurator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(EventGhost Project) C:\Program Files (x86)\EventGhost\EventGhost.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Users\Paul\Desktop\tdsskiller.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10867816 2010-06-08] (Realtek Semiconductor)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-11-29] (LogMeIn, Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-13] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-09-30] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-09-30] (Acer Corp.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\TightVNC\tvnserver.exe [804952 2010-04-07] (GlavSoft LLC.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [{810C7B94-BE0B-18C7-D663-BA6DE5295A25}] => C:\Users\Paul\AppData\Roaming\tjTrLkVV\AVatGhyy\KLwXGqry\tOVOkNxdj.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\...\Run: [ASRockOCTuner] => [X]
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\...\Run: [MPExtended Configurator] => C:\Program Files (x86)\MPExtended\Service\MPExtended.Applications.ServiceConfigurator.exe [1174528 2012-12-03] (mpextended.github.com)
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\...\Run: [GoogleChromeAutoLaunch_29EBA8C2ED1206321A8B41FC997F63B8] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-09] (Google Inc.)
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Paul\Downloads\rkill.scr [2019656 2015-10-11] (Bleeping Computer, LLC)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-09-11] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-09-11] (Egis Technology Inc.)
Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk [2010-04-24]
ShortcutTarget: EventGhost.lnk -> C:\Program Files (x86)\EventGhost\EventGhost.exe (EventGhost Project)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Winsock: Catalog9-x64 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208 2009-08-10] (NVIDIA)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{B1112E69-32A8-4AE0-AF67-AE909508D6AB}: [DhcpNameServer] 192.168.178.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_r3610&r=17360410d416p0445v1k5w45i1t520
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_r3610&r=17360410d416p0445v1k5w45i1t520
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_r3610&r=17360410d416p0445v1k5w45i1t520
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://au.search.yahoo.com/?type=994519&fr=spigot-yhp-ie
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-412289508-1068612743-3965786959-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-412289508-1068612743-3965786959-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-412289508-1068612743-3965786959-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-09-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-28] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-28] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-23] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-09-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-28] (Oracle Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-02-23] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-02-23] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-02-23] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-02-23] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-04-29] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-04-29] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll [2010-01-06] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-11] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2014-09-11] (Telstra Corporation Ltd.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-01-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-10] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com.au/
CHR StartupUrls: Default -> "hxxp://www.google.com.au/","hxxp://www.search.ask.com/?tpid=ORJ-V7C&o=APN11412&pf=V7&trgb=CR&p2=%5EBBK%5EOSJ000%5EYY%5EAU&gct=hp&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EAU&apn_dbr=cr_35.0.1916.114&apn_uid=9E4D2450-8643-48A4-BE11-327E8B82DCE5&itbv=12.12.2.83&doi=2014-06-05&psv=&pt=tb","hxxp://websearch.calcitapp.info/","hxxps://au.search.yahoo.com/?type=994519&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> google.com.au_
CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-29]
CHR Extension: (Google Docs) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-29]
CHR Extension: (Sortd Smart Skin for Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohlfneeliakfcefeffppfplagbccbni [2015-09-26]
CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-12]
CHR Extension: (Mindjet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgpkinhfhnglbhoeoeooekalejbhbhgl [2015-01-29]
CHR Extension: (Block Sender) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bklnjbfcmglhiaoppcckdodanccbelcg [2015-07-03]
CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-29]
CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-29]
CHR Extension: (HelloSign for Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\dciflieigdmogpmamcgbigingaodhnil [2015-09-25]
CHR Extension: (Telstra Extension) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2015-02-05]
CHR Extension: (Gmail Offline) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-04-16]
CHR Extension: (Google Sheets) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-29]
CHR Extension: (Google Docs Offline) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Speed Dial 2) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2015-01-29]
CHR Extension: (LinkedIn Export Tool) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgipmhdegifoehfbbffcfbmpfmbjaiem [2015-01-29]
CHR Extension: (HTML Live) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhnnniabbinkphbhmjdaigcbdicakdfn [2015-05-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-29]
CHR Extension: (Sidekick by HubSpot) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2015-01-29]
CHR Extension: (WiseStamp - Email Signatures for Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcgnkmbeodkmiijjfnliicelkjfcldg [2015-01-29]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2015-09-26]
CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-29]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2015-01-31]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417640 2015-10-10] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507752 2015-10-10] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.)
S2 MPExtended Service; C:\Program Files (x86)\MPExtended\Service\MPExtended.ServiceHosts.CoreService.exe [6144 2012-12-03] (Microsoft) [File not signed]
R2 MPExtended WebMediaPortal; C:\Program Files (x86)\MPExtended\WebMediaPortal\MPExtended.ServiceHosts.WebMediaPortal.exe [13824 2012-11-25] () [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe [7599616 2009-08-18] () [File not signed]
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-12] (TeamViewer GmbH)
S2 TV4HomeCoreService; C:\Program Files (x86)\TV4Home Core Service\TV4Home.Server.CoreService.exe [6656 2011-07-16] (tv4home.codeplex.com) [File not signed]
R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [804952 2010-04-07] (GlavSoft LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-28] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 zremote; C:\Windows\System32\Drivers\zremote.sys [19456 2010-04-26] (Streamzap, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dpclat_driver; \??\C:\Windows\system32\drivers\dpclat_driver.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-17 05:31 - 2015-10-17 05:32 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Paul\Desktop\tdsskiller.exe
2015-10-16 18:40 - 2015-10-16 18:40 - 01101640 _____ (Bleeping Computer, LLC) C:\Users\Paul\Downloads\rkill64-10352.scr
2015-10-15 07:32 - 2015-10-15 07:32 - 01101640 _____ (Bleeping Computer, LLC) C:\Users\Paul\Downloads\rkill64.scr
2015-10-15 07:03 - 2015-10-16 18:40 - 00000920 _____ C:\Users\Paul\Desktop\Rkill.txt
2015-10-15 06:44 - 2015-10-15 06:41 - 01926829 _____ C:\Users\Paul\Desktop\cureit.log
2015-10-15 06:27 - 2015-10-15 06:27 - 00000000 ____D C:\Device
2015-10-15 05:42 - 2015-10-15 06:27 - 00000000 ____D C:\Users\Paul\Doctor Web
2015-10-14 21:27 - 2015-10-14 21:58 - 174676360 _____ C:\Users\Paul\Desktop\8cp30r68.exe
2015-10-14 10:17 - 2015-10-14 10:18 - 00036285 _____ C:\Users\Paul\Desktop\Addition.txt
2015-10-14 10:16 - 2015-10-17 05:42 - 00024629 _____ C:\Users\Paul\Desktop\FRST.txt
2015-10-14 10:13 - 2015-10-14 10:13 - 02196480 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2015-10-14 09:53 - 2015-10-14 09:53 - 04404952 _____ (Kaspersky Lab ZAO) C:\tdsskiller.exe
2015-10-14 09:15 - 2015-10-14 09:15 - 00019041 _____ C:\ComboFix.txt
2015-10-14 08:44 - 2015-10-14 08:44 - 05636349 ____R (Swearware) C:\Users\Paul\Desktop\sega.com.exe
2015-10-14 08:43 - 2015-10-14 08:44 - 05636349 _____ (Swearware) C:\Users\Paul\Downloads\ComboFix.exe
2015-10-13 19:35 - 2015-10-13 20:25 - 93282968 _____ (Kaspersky Lab ZAO) C:\Users\Paul\Desktop\sadface.exe
2015-10-13 18:23 - 2015-10-13 18:23 - 00642155 _____ C:\Users\Paul\Downloads\Unconfirmed 924176.crdownload
2015-10-13 18:21 - 2011-06-26 17:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-13 18:21 - 2010-11-08 04:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-13 18:21 - 2009-04-20 15:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-13 18:21 - 2000-08-31 11:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-13 18:21 - 2000-08-31 11:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-13 06:58 - 2015-10-13 06:58 - 00290848 _____ C:\Windows\Minidump\101315-23166-01.dmp
2015-10-13 06:13 - 2015-10-13 06:14 - 00290848 _____ C:\Windows\Minidump\101315-21668-01.dmp
2015-10-13 06:08 - 2015-10-13 06:08 - 00290848 _____ C:\Windows\Minidump\101315-22479-01.dmp
2015-10-13 06:00 - 2015-10-13 06:00 - 00380416 _____ C:\Users\Paul\Downloads\qz5811iq.exe
2015-10-13 05:44 - 2015-10-13 05:45 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Paul\Downloads\mbar-1.09.3.1001.exe
2015-10-11 08:11 - 2015-10-11 08:11 - 00000000 ____D C:\Users\Admin\AppData\Local\Apps\2.0
2015-10-11 08:11 - 2015-10-11 07:09 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Admin\Desktop\rkill.exe
2015-10-11 08:09 - 2015-10-11 08:09 - 00000020 ___SH C:\Users\Admin\ntuser.ini
2015-10-11 08:09 - 2015-10-11 08:09 - 00000000 ____D C:\Users\Admin
2015-10-11 08:09 - 2015-01-31 11:01 - 00002104 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-10-11 08:09 - 2010-04-25 15:52 - 00000000 ____D C:\Users\Admin\AppData\Local\Microsoft Help
2015-10-11 08:09 - 2009-07-14 15:54 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-11 08:09 - 2009-07-14 15:49 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-11 07:59 - 2015-10-11 07:59 - 00000335 _____ C:\Users\Paul\Downloads\FixExe.reg
2015-10-11 07:14 - 2015-10-11 07:14 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Paul\Downloads\rkill.scr
2015-10-11 07:13 - 2015-10-11 07:13 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Paul\Downloads\uSeRiNiT.exe
2015-10-11 07:08 - 2015-10-11 07:09 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Paul\Desktop\rkill.exe
2015-10-10 18:01 - 2015-10-15 06:11 - 00021404 _____ C:\Windows\system32\CFG4041501513
2015-10-10 12:38 - 2015-10-10 18:00 - 00000000 ____D C:\VIPRERESCUE
2015-10-10 05:50 - 2015-10-10 05:50 - 00000000 ____D C:\Users\Paul\AppData\Roaming\SUPERAntiSpyware.com
2015-10-10 05:49 - 2015-10-10 19:02 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-10 05:49 - 2015-10-10 05:49 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-10-09 07:04 - 2015-10-09 07:04 - 12270747 _____ C:\Users\Paul\Downloads\MPBY-Your Backyard Supermarket FRONT.ppt.zip
2015-10-08 18:22 - 2015-10-08 18:22 - 02243333 _____ C:\Users\Paul\Downloads\MPBY-Your Backyard Supermarket V3.zip
2015-10-08 18:08 - 2015-10-08 18:11 - 31625202 _____ C:\Users\Paul\Downloads\MPBY-Your Backyard Supermarket V3.pptx
2015-10-08 05:25 - 2015-10-08 05:28 - 00043809 _____ C:\Users\Paul\Downloads\Addition.txt
2015-10-08 05:21 - 2015-10-08 05:28 - 00049265 _____ C:\Users\Paul\Downloads\FRST.txt
2015-10-08 05:19 - 2015-10-17 05:42 - 00000000 ____D C:\FRST
2015-10-08 05:08 - 2015-10-08 05:08 - 00000000 ____D C:\Users\Paul\Downloads\mbam-chameleon-3.1.25.0
2015-10-08 05:07 - 2015-10-08 05:08 - 06383209 _____ C:\Users\Paul\Downloads\mbam-chameleon-3.1.25.0.zip
2015-10-07 06:31 - 2015-10-10 18:00 - 00000000 ____D C:\Program Files (x86)\TrojanHunter
2015-10-07 06:31 - 2015-10-07 06:31 - 00000000 ____D C:\ProgramData\TrojanHunter
2015-10-07 06:00 - 2015-10-07 06:01 - 04383777 _____ C:\Users\Paul\Downloads\tdsskiller.zip
2015-10-07 05:59 - 2015-10-07 06:00 - 00392012 _____ C:\Users\Paul\Downloads\rannohdecryptor.zip
2015-10-07 05:15 - 2015-10-10 17:42 - 00000000 ____D C:\Users\Paul\AppData\Local\CrashDumps
2015-10-07 05:15 - 2015-10-10 17:38 - 00002192 _____ C:\Users\Paul\AppData\Local\multiscan.log
2015-10-06 21:44 - 2015-10-06 21:44 - 00199467 _____ C:\Users\Paul\AppData\Local\census.cache
2015-10-06 21:44 - 2015-10-06 21:44 - 00116321 _____ C:\Users\Paul\AppData\Local\ars.cache
2015-10-06 20:29 - 2015-10-06 20:29 - 00000036 _____ C:\Users\Paul\AppData\Local\housecall.guid.cache
2015-10-06 19:44 - 2015-10-06 19:44 - 00000000 ____D C:\Users\Paul\AppData\Local\TempTaskUpdateDetectionDDCA5D8B-17A7-4CCE-A3C6-AA3E2641B185
2015-10-06 19:30 - 2015-10-14 09:15 - 00000000 ____D C:\Qoobox
2015-10-06 19:30 - 2000-08-31 11:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-06 19:30 - 2000-08-31 11:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-06 19:30 - 2000-08-31 11:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-06 19:29 - 2015-10-13 19:03 - 00000000 ____D C:\Windows\erdnt
2015-10-05 13:43 - 2015-10-05 13:43 - 00011985 _____ C:\Users\Paul\Downloads\Downton_Abbey_S06E03_HDTV_x264-ORGANiC[sltv].torrent
2015-09-30 22:00 - 2015-09-30 22:00 - 01593524 _____ C:\Users\Paul\Downloads\4411337+The+Trials+of+Jim.ace
2015-09-30 21:58 - 2015-09-30 21:58 - 01920428 _____ C:\Users\Paul\Downloads\4396279+The+Trials+of+Jim.ace
2015-09-30 14:46 - 2015-09-30 14:46 - 00009641 _____ C:\Users\Paul\Desktop\GRS Cash Expenses.xlsx
2015-09-30 14:46 - 2015-09-30 14:46 - 00000165 ____H C:\Users\Paul\Desktop\~$GRS Cash Expenses.xlsx
2015-09-30 11:51 - 2015-09-30 11:52 - 12698101 _____ C:\Users\Paul\Downloads\New video 810 - 720p.mp4
2015-09-29 07:00 - 2015-09-29 07:01 - 10903184 _____ C:\Users\Paul\Downloads\Video 810 - 720p.mp4
2015-09-28 08:06 - 2015-09-28 08:06 - 00000000 ____D C:\Users\Paul\AppData\Roaming\java
2015-09-28 08:05 - 2015-10-10 18:00 - 00000000 ____D C:\Users\Paul\Downloads\FileBot_4.6-portable
2015-09-28 08:04 - 2015-09-28 08:05 - 27663315 _____ C:\Users\Paul\Downloads\FileBot_4.6-portable.zip
2015-09-27 17:59 - 2015-09-27 17:59 - 00017152 _____ C:\Users\Paul\Downloads\The_Trials_of_Jimmy_Rose_S01E01_PreAir_HDTVx264-JIVE.torrent
2015-09-27 17:29 - 2015-09-27 17:29 - 00098921 _____ C:\Users\Paul\Downloads\An_Inspector_Calls_720p_HDTV_x264-TLA[rartv].torrent
2015-09-27 16:50 - 2015-09-27 16:50 - 00000807 _____ C:\Users\Paul\Downloads\FRITZ!Box_Fon_WLAN_7360_124.06.05_27.09.2015_15-50-diagnose.csv
2015-09-26 11:23 - 2015-09-26 17:19 - 15281050 _____ C:\Users\Paul\Documents\Your  Backyard supermarket.pptx
2015-09-24 20:33 - 2015-09-24 20:33 - 00000874 _____ C:\Users\Paul\Desktop\DSC_5043 - Shortcut.lnk
2015-09-21 07:13 - 2015-09-21 07:13 - 00000525 _____ C:\Users\Paul\Downloads\iCalEvent.ics
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-17 05:33 - 2011-07-10 12:24 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2015-10-17 05:10 - 2011-07-24 18:00 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-17 01:13 - 2010-03-14 14:05 - 01458137 _____ C:\Windows\WindowsUpdate.log
2015-10-16 22:16 - 2015-01-29 06:20 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-16 19:10 - 2011-07-24 18:00 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-16 13:36 - 2009-07-14 15:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-16 13:36 - 2009-07-14 15:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-16 06:30 - 2013-03-20 13:40 - 00000000 ____D C:\ProgramData\LogMeIn
2015-10-15 06:41 - 2010-04-21 18:41 - 00000000 ____D C:\Users\Paul
2015-10-15 06:36 - 2009-07-14 16:13 - 00798598 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-15 06:30 - 2014-01-27 18:30 - 00001008 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-10-15 06:30 - 2014-01-27 18:30 - 00000992 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-10-15 06:29 - 2010-09-08 10:55 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-15 06:29 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-15 06:29 - 2009-07-14 15:51 - 00064087 _____ C:\Windows\setupact.log
2015-10-14 16:23 - 2009-10-13 09:12 - 00873530 _____ C:\Windows\PFRO.log
2015-10-14 16:23 - 2009-07-14 16:08 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-14 09:15 - 2013-03-20 13:37 - 00000000 ____D C:\Users\Paul\AppData\Local\Apps\2.0
2015-10-14 09:09 - 2009-07-14 13:34 - 00000215 _____ C:\Windows\system.ini
2015-10-13 19:27 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-13 18:52 - 2009-07-14 13:34 - 74973184 _____ C:\Windows\system32\config\software.bak
2015-10-13 18:52 - 2009-07-14 13:34 - 18874368 _____ C:\Windows\system32\config\system.bak
2015-10-13 18:52 - 2009-07-14 13:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2015-10-13 18:52 - 2009-07-14 13:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2015-10-13 18:52 - 2009-07-14 13:34 - 00262144 _____ C:\Windows\system32\config\default.bak
2015-10-13 07:00 - 2010-04-23 21:30 - 00000000 ____D C:\Users\Paul\Tracing
2015-10-13 06:58 - 2010-09-08 21:09 - 412297370 _____ C:\Windows\MEMORY.DMP
2015-10-13 06:58 - 2010-09-08 21:09 - 00000000 ____D C:\Windows\Minidump
2015-10-12 06:49 - 2015-07-19 09:55 - 00000000 ____D C:\Users\Paul\Documents\Outlook Files
2015-10-11 07:04 - 2015-03-22 06:13 - 00000000 ____D C:\ProgramData\Freemake
2015-10-11 07:04 - 2015-03-22 06:12 - 00000000 ____D C:\Program Files (x86)\Freemake
2015-10-11 06:56 - 2015-02-07 05:58 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-10-10 20:59 - 2015-01-31 10:34 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-10 19:26 - 2015-08-05 18:43 - 00000975 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-10-10 19:26 - 2015-08-05 18:43 - 00000963 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-10-10 19:05 - 2011-07-24 18:00 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-10 19:05 - 2011-07-24 18:00 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-10 19:04 - 2013-03-20 13:41 - 00122752 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-10-10 19:04 - 2013-03-20 13:41 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-10-10 19:04 - 2013-03-20 13:41 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-10-10 18:01 - 2015-09-02 11:34 - 00000000 ___HD C:\Users\Paul\AppData\Roaming\OCFanEeZ
2015-10-10 18:01 - 2015-03-17 19:48 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Azureus
2015-10-10 18:01 - 2015-01-29 06:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-10 18:01 - 2010-04-26 19:58 - 00000000 ____D C:\Users\Paul\AppData\Roaming\vlc
2015-10-10 18:01 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\AppCompat
2015-10-10 18:00 - 2013-03-20 13:40 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2015-10-10 17:59 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\registration
2015-10-10 17:57 - 2011-07-24 18:00 - 00000000 ____D C:\Users\Paul\AppData\Local\Google
2015-10-10 17:57 - 2010-04-25 11:09 - 00000000 ____D C:\ProgramData\MySQL
2015-10-10 17:57 - 2010-03-14 14:16 - 00000000 ____D C:\ProgramData\Temp
2015-10-10 17:57 - 2009-07-14 14:20 - 00000000 __RHD C:\Users\Default
 
==================== Files in the root of some directories =======
 
2010-08-14 18:19 - 2010-08-14 18:19 - 0000917 _____ () C:\Users\Paul\AppData\Roaming\coreavc.ini
2015-10-06 21:44 - 2015-10-06 21:44 - 0116321 _____ () C:\Users\Paul\AppData\Local\ars.cache
2015-10-06 21:44 - 2015-10-06 21:44 - 0199467 _____ () C:\Users\Paul\AppData\Local\census.cache
2015-10-06 20:29 - 2015-10-06 20:29 - 0000036 _____ () C:\Users\Paul\AppData\Local\housecall.guid.cache
2015-10-07 05:15 - 2015-10-10 17:38 - 0002192 _____ () C:\Users\Paul\AppData\Local\multiscan.log
2010-06-06 19:04 - 2015-03-24 05:39 - 0007597 _____ () C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp1999.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp19A9.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp19BA.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\Temptmp19BB.txt
2010-08-30 11:57 - 2010-08-30 11:57 - 0166143 _____ () C:\Users\Paul\AppData\Local\Temptmp1FEF.png
2010-08-30 11:50 - 2010-08-30 11:50 - 0014302 _____ () C:\Users\Paul\AppData\Local\Temptmp201F.png
2010-09-10 14:12 - 2010-09-10 14:12 - 0157323 _____ () C:\Users\Paul\AppData\Local\Temptmp203F.jpg
2010-08-31 11:06 - 2010-08-31 11:06 - 0482183 _____ () C:\Users\Paul\AppData\Local\Temptmp206F.jpg
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\Temptmp2C58.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\Temptmp2C78.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\Temptmp2C89.png
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp304F.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp3050.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp3061.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\Temptmp3062.txt
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp35BC.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp35CC.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp35DD.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\Temptmp35ED.txt
2010-03-20 22:17 - 2010-03-20 22:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp3F31.png
2010-03-20 04:07 - 2010-03-20 04:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp3F42.png
2010-03-20 15:51 - 2010-03-20 15:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp3F52.png
2011-03-11 17:26 - 2011-03-11 17:26 - 0011566 _____ () C:\Users\Paul\AppData\Local\Temptmp3F53.txt
2010-02-01 15:30 - 2010-02-01 15:30 - 0082726 _____ () C:\Users\Paul\AppData\Local\Temptmp5129.ico
2011-06-27 10:40 - 2011-06-27 10:40 - 0014100 _____ () C:\Users\Paul\AppData\Local\Temptmp520F.png
2010-08-30 11:57 - 2010-08-30 11:57 - 0166143 _____ () C:\Users\Paul\AppData\Local\Temptmp5848.png
2010-08-30 11:50 - 2010-08-30 11:50 - 0014302 _____ () C:\Users\Paul\AppData\Local\Temptmp5897.png
2010-09-10 14:12 - 2010-09-10 14:12 - 0157323 _____ () C:\Users\Paul\AppData\Local\Temptmp58B7.jpg
2010-08-31 11:06 - 2010-08-31 11:06 - 0482183 _____ () C:\Users\Paul\AppData\Local\Temptmp58E7.jpg
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\Temptmp5F7E.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\Temptmp5FBE.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\Temptmp5FCE.png
2010-04-04 21:37 - 2010-04-04 21:37 - 0006092 _____ () C:\Users\Paul\AppData\Local\Temptmp6323.png
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\Temptmp6D42.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\Temptmp6D81.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\Temptmp6DA1.png
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp77CE.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp77DF.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp77F0.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\Temptmp7800.txt
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp89A5.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp89B5.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp89C6.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\Temptmp89C7.txt
2011-06-27 10:40 - 2011-06-27 10:40 - 0014100 _____ () C:\Users\Paul\AppData\Local\Temptmp8CDD.png
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\Temptmp8E1A.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\Temptmp8E4A.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\Temptmp8E6A.png
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\Temptmp9E33.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\Temptmp9E34.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\Temptmp9E45.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\Temptmp9E46.txt
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\TemptmpA380.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\TemptmpA391.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\TemptmpA392.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\TemptmpA393.txt
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\TemptmpA741.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\TemptmpA752.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\TemptmpA753.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\TemptmpA763.txt
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\TemptmpBCE3.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\TemptmpBCE4.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\TemptmpBCF4.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\TemptmpBCF5.txt
2011-06-27 10:40 - 2011-06-27 10:40 - 0014100 _____ () C:\Users\Paul\AppData\Local\TemptmpC7DA.png
2010-12-07 22:50 - 2010-12-07 22:50 - 0024053 _____ () C:\Users\Paul\AppData\Local\TemptmpD0D8.png
2011-06-27 10:40 - 2011-06-27 10:40 - 0014100 _____ () C:\Users\Paul\AppData\Local\TemptmpD33.png
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\TemptmpD65F.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\TemptmpD6CD.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\TemptmpD75A.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\TemptmpD7F7.txt
2009-09-19 16:05 - 2009-09-19 16:05 - 0046980 _____ () C:\Users\Paul\AppData\Local\TemptmpD836.jpg
2011-06-27 10:40 - 2011-06-27 10:40 - 0013040 _____ () C:\Users\Paul\AppData\Local\TemptmpED25.png
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\TemptmpED65.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\TemptmpED85.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\TemptmpEDA5.png
2010-03-20 23:17 - 2010-03-20 23:17 - 0014059 _____ () C:\Users\Paul\AppData\Local\TemptmpEF00.png
2010-03-20 05:07 - 2010-03-20 05:07 - 0016916 _____ () C:\Users\Paul\AppData\Local\TemptmpEF11.png
2010-03-20 16:51 - 2010-03-20 16:51 - 0025984 _____ () C:\Users\Paul\AppData\Local\TemptmpEF12.png
2010-06-06 15:59 - 2010-06-06 15:59 - 0010154 _____ () C:\Users\Paul\AppData\Local\TemptmpEF13.txt
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\TemptmpEFA9.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\TemptmpEFE8.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\TemptmpF008.png
2010-04-21 14:31 - 2010-04-21 14:31 - 0062610 _____ () C:\Users\Paul\AppData\Local\TemptmpF4EA.png
2010-04-21 14:36 - 2010-04-21 14:36 - 0013001 _____ () C:\Users\Paul\AppData\Local\TemptmpF50A.png
2010-04-21 14:32 - 2010-04-21 14:32 - 0006780 _____ () C:\Users\Paul\AppData\Local\TemptmpF51B.png
2013-08-21 12:52 - 2013-08-21 12:52 - 0112640 ___SH () C:\Users\Paul\AppData\Local\Thumbs.db
2015-02-14 11:48 - 2015-02-14 11:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-03-14 14:16 - 2010-03-14 14:24 - 0008440 _____ () C:\ProgramData\ArcadeDeluxe3.log
2010-08-23 20:56 - 2012-06-03 10:46 - 0051087 _____ () C:\ProgramData\DirectShowSpy.log
2009-10-13 09:26 - 2009-07-18 12:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe
2010-08-30 22:45 - 2010-09-06 23:32 - 0000846 _____ () C:\ProgramData\nvUnsupRes.dat
 
Files to move or delete:
====================
C:\ProgramData\nvUnsupRes.dat
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-11 00:27
 
==================== End of FRST.txt ============================


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:13 AM

Posted 16 October 2015 - 02:31 PM

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    File: C:\Users\Paul\AppData\Roaming\tjTrLkVV\AVatGhyy\KLwXGqry\tOVOkNxdj.exe
    C:\Users\Paul\AppData\Roaming\tjTrLkVV
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [{810C7B94-BE0B-18C7-D663-BA6DE5295A25}] => C:\Users\Paul\AppData\Roaming\tjTrLkVV\AVatGhyy\KLwXGqry\tOVOkNxdj.exe
    HKU\S-1-5-21-412289508-1068612743-3965786959-1001\...\Run: [ASRockOCTuner] => [X]
    HKU\S-1-5-21-412289508-1068612743-3965786959-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
    HKU\S-1-5-21-412289508-1068612743-3965786959-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
    HKU\S-1-5-21-412289508-1068612743-3965786959-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://au.search.yahoo.com/?type=994519&fr=spigot-yhp-ie
    SearchScopes: HKU\S-1-5-21-412289508-1068612743-3965786959-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
    SearchScopes: HKU\S-1-5-21-412289508-1068612743-3965786959-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
    SearchScopes: HKU\S-1-5-21-412289508-1068612743-3965786959-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  => No File
    CHR StartupUrls: Default -> 
    cmd: type "C:\ComboFix.txt"
    Folder: C:\Windows\system32\CFG4041501513
    cmd: type C:\Users\Paul\AppData\Local\Temptmp19BB.txt
    C:\Users\Paul\AppData\Roaming\OCFanEeZ
    Task: {3E8C9641-617F-44B3-BB94-DFB3B8DB82A4} - System32\Tasks\{810C7B94-BE0B-18C7-D663-BA6DE5295A25} => C:\Users\Paul\AppData\Roaming\OCFanEeZ\zwfIilTa\nMymaPEn\NpclwZKzF.exe [2015-09-02] ()
    Task: {EC9A01BB-B8E8-4CDD-81D5-DA2A937B5C66} - System32\Tasks\{DDFFE33E-784E-40F9-8CF8-CC0A2AFC3770} => 
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post or attach it to your reply.

Step 2

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 druid9

druid9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 17 October 2015 - 02:06 PM

Hi Jurgen,

 

Very glad we kept going. Mbam log below

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 17/10/2015
Scan Time: 5:24 PM
Logfile: MBAMLOG.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.10.17.01
Rootkit Database: v2015.10.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: Paul
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 481040
Time Elapsed: 1 hr, 12 min, 41 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.CalcIt, C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.calcitapp.info_0.localstorage, Quarantined, [5ca9cc8c4546171f48d9d68f3bc859a7], 
PUP.Optional.CalcIt, C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.calcitapp.info_0.localstorage-journal, Quarantined, [ff06b0a87a11152141e03a2b43c0ba46], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:13 AM

Posted 17 October 2015 - 02:08 PM

Please attach the Fixlog from step 1 as well. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 druid9

druid9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 17 October 2015 - 02:09 PM

Ran online scanner, I think this is the culprit - couldn't find the full log file, but here is the detail of what was reported.

 

C:\FRST\Quarantine\C\Users\Paul\AppData\Roaming\OCFanEeZ\zwfIilTa\nMymaPEn\NpclwZKzF.exe Win32/Qadars.AI trojan cleaned by deleting - quarantined

Fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version:12-10-2015
Ran by Paul (2015-10-17 15:12:25) Run:1
Running from C:\Users\Paul\Desktop
Loaded Profiles: Paul (Available Profiles: Paul & LogMeInRemoteUser & Admin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
File: C:\Users\Paul\AppData\Roaming\tjTrLkVV\AVatGhyy\KLwXGqry\tOVOkNxdj.exe
C:\Users\Paul\AppData\Roaming\tjTrLkVV
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [{810C7B94-BE0B-18C7-D663-BA6DE5295A25}] => C:\Users\Paul\AppData\Roaming\tjTrLkVV\AVatGhyy\KLwXGqry\tOVOkNxdj.exe
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\...\Run: [ASRockOCTuner] => [X]
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://au.search.yahoo.com/?type=994519&fr=spigot-yhp-ie
SearchScopes: HKU\S-1-5-21-412289508-1068612743-3965786959-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-412289508-1068612743-3965786959-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-412289508-1068612743-3965786959-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  => No File
CHR StartupUrls: Default -> 
cmd: type "C:\ComboFix.txt"
Folder: C:\Windows\system32\CFG4041501513
cmd: type C:\Users\Paul\AppData\Local\Temptmp19BB.txt
C:\Users\Paul\AppData\Roaming\OCFanEeZ
Task: {3E8C9641-617F-44B3-BB94-DFB3B8DB82A4} - System32\Tasks\{810C7B94-BE0B-18C7-D663-BA6DE5295A25} => C:\Users\Paul\AppData\Roaming\OCFanEeZ\zwfIilTa\nMymaPEn\NpclwZKzF.exe [2015-09-02] ()
Task: {EC9A01BB-B8E8-4CDD-81D5-DA2A937B5C66} - System32\Tasks\{DDFFE33E-784E-40F9-8CF8-CC0A2AFC3770} => 
*****************
 
Processes closed successfully.
 
========================= File: C:\Users\Paul\AppData\Roaming\tjTrLkVV\AVatGhyy\KLwXGqry\tOVOkNxdj.exe ========================
 
"C:\Users\Paul\AppData\Roaming\tjTrLkVV\AVatGhyy\KLwXGqry\tOVOkNxdj.exe" => not found.
====== End of File: ======
 
"C:\Users\Paul\AppData\Roaming\tjTrLkVV" => File/Folder not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\{810C7B94-BE0B-18C7-D663-BA6DE5295A25} => value removed successfully
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockOCTuner => value removed successfully
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-412289508-1068612743-3965786959-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-412289508-1068612743-3965786959-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-412289508-1068612743-3965786959-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => key removed successfully
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found. 
"HKU\S-1-5-21-412289508-1068612743-3965786959-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found. 
Chrome StartupUrls => removed successfully
 
=========  type "C:\ComboFix.txt" =========
 
ComboFix 15-10-09.01 - Paul 14/10/2015   8:53.2.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.61.1033.18.2815.1581 [GMT 11:00]
Running from: c:\users\Paul\Desktop\sega.com.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2015-09-13 to 2015-10-13  )))))))))))))))))))))))))))))))
.
.
2015-10-13 22:09 . 2015-10-13 22:09 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2015-10-13 22:09 . 2015-10-13 22:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-10 21:09 . 2015-10-10 21:09 -------- d-----w- c:\users\Admin
2015-10-10 01:38 . 2015-10-10 07:00 -------- d-----w- C:\VIPRERESCUE
2015-10-09 18:50 . 2015-10-09 18:50 -------- d-----w- c:\users\Paul\AppData\Roaming\SUPERAntiSpyware.com
2015-10-09 18:49 . 2015-10-10 08:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-10-09 18:49 . 2015-10-09 18:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-10-07 18:19 . 2015-10-07 18:28 -------- d-----w- C:\FRST
2015-10-06 19:31 . 2015-10-06 19:31 -------- d-----w- c:\programdata\TrojanHunter
2015-10-06 19:31 . 2015-10-10 07:00 -------- d-----w- c:\program files (x86)\TrojanHunter
2015-10-06 18:15 . 2015-10-10 06:42 -------- d-----w- c:\users\Paul\AppData\Local\CrashDumps
2015-10-06 18:14 . 2015-10-06 18:14 -------- d-----w- c:\program files (x86)\OPSWAT
2015-10-06 18:14 . 2015-10-06 18:14 -------- d-----w- c:\programdata\OPSWAT
2015-10-06 08:44 . 2015-10-06 08:44 -------- d-----w- c:\users\Paul\AppData\Local\TempTaskUpdateDetectionDDCA5D8B-17A7-4CCE-A3C6-AA3E2641B185
2015-09-30 11:07 . 2015-09-30 11:07 -------- d-----w- c:\program files\Common Files\Microsoft
2015-09-27 21:06 . 2015-09-27 21:06 -------- d-----w- c:\users\Paul\AppData\Roaming\java
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-10 08:15 . 2015-01-30 23:46 632432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-10-10 08:04 . 2013-03-20 02:41 122752 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2015-10-10 08:04 . 2013-03-20 02:41 35688 ----a-w- c:\windows\system32\LMIport.dll
2015-10-10 08:04 . 2013-03-20 02:41 107368 ----a-w- c:\windows\system32\LMIinit.dll
2015-08-28 01:19 . 2015-01-30 21:46 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-08-17 19:00 . 2013-03-20 02:41 122752 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2015-08-17 19:00 . 2013-03-20 02:41 107368 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-01-31 00:01 233128 ----a-w- c:\users\Paul\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-01-31 00:01 233128 ----a-w- c:\users\Paul\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-01-31 00:01 233128 ----a-w- c:\users\Paul\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASRockOCTuner"="" [BU]
"MPExtended Configurator"="c:\program files (x86)\MPExtended\Service\MPExtended.Applications.ServiceConfigurator.exe" [2012-12-03 1174528]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-16 2573416]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-08-07 53729824]
"GoogleChromeAutoLaunch_29EBA8C2ED1206321A8B41FC997F63B8"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-09-24 815944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-29 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-09-29 181480]
"tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2010-04-06 804952]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"{810C7B94-BE0B-18C7-D663-BA6DE5295A25}"="c:\users\Paul\AppData\Roaming\tjTrLkVV\AVatGhyy\KLwXGqry\tOVOkNxdj.exe" [BU]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-08-04 597552]
.
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EventGhost.lnk - c:\program files (x86)\EventGhost\EventGhost.exe -h -e OnInitAfterBoot [2010-4-24 31232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz134_x64.sys [x]
R2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 MPExtended Service;MPExtended Service;c:\program files (x86)\MPExtended\Service\MPExtended.ServiceHosts.CoreService.exe;c:\program files (x86)\MPExtended\Service\MPExtended.ServiceHosts.CoreService.exe [x]
R2 MPExtended WebMediaPortal;MPExtended WebMediaPortal;c:\program files (x86)\MPExtended\WebMediaPortal\MPExtended.ServiceHosts.WebMediaPortal.exe;c:\program files (x86)\MPExtended\WebMediaPortal\MPExtended.ServiceHosts.WebMediaPortal.exe [x]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 TV4HomeCoreService;TV4Home Core Service;c:\program files (x86)\TV4Home Core Service\TV4Home.Server.CoreService.exe;c:\program files (x86)\TV4Home Core Service\TV4Home.Server.CoreService.exe [x]
R2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe;c:\program files (x86)\TightVNC\tvnserver.exe [x]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R3 dpclat_driver;dpclat_driver;c:\windows\system32\drivers\dpclat_driver.sys;c:\windows\SYSNATIVE\drivers\dpclat_driver.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 zremote;Streamzap PC Remote Service;c:\windows\system32\Drivers\zremote.sys;c:\windows\SYSNATIVE\Drivers\zremote.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-10 13:15 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-24 17:03]
.
2015-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-24 17:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-01-31 00:01 260776 ----a-w- c:\users\Paul\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-01-31 00:01 260776 ----a-w- c:\users\Paul\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-01-31 00:01 260776 ----a-w- c:\users\Paul\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-09-11 08:26 2340472 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-09-11 08:26 2340472 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-09-11 08:26 2340472 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-08 10867816]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-11-29 57928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_r3610&r=17360410d416p0445v1k5w45i1t520
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_r3610&r=17360410d416p0445v1k5w45i1t520
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B1112E69-32A8-4AE0-AF67-AE909508D6AB}: DhcpNameServer = 192.168.178.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-10-14  09:15:05
ComboFix-quarantined-files.txt  2015-10-13 22:15
ComboFix2.txt  2015-10-13 08:09
ComboFix3.txt  2015-10-06 09:14
.
Pre-Run: 162,571,448,320 bytes free
Post-Run: 162,255,126,528 bytes free
.
- - End Of File - - 72C4BFFCA73BC9FBA078D36246998C9C
A36C5E4F47E84449FF07ED3517B43A31
 
========= End of CMD: =========
 
 
========================= Folder: C:\Windows\system32\CFG4041501513 ========================
 
C:\Windows\system32\CFG4041501513 => File
 
====== End of Folder: ======
 
 
=========  type C:\Users\Paul\AppData\Local\Temptmp19BB.txt =========
 
If you never used InfoService please read carefully the documentation: http://infoservice.codeplex.com/documentation
 
There you will find some useful informations about the plugin configuration. Especially MediaPortal skin developers need to look into this wiki. They will find some informations about the used property names and hyperlinks to the GUI screen,
 
If you have some problems with the configuration part of the plugin, then click on the help button in the upper right corner of the configuration dialog. 
 
 
Changelog:
 
[-] - Fixed issue
[*] - Changed feature
[+] - Added feature
[i] - Information
[!] - Attention
 
Version v1.6:
[+] Added Danish, French, English (US) and English (GB) language
[+] Added support for local feed files
[+] Added check if the added feed file / feed url is a valid feed before adding feed
[+] Added own configuration file
[+] Added Blue3 skin files
[+] Added property #infoservice.feed.selected.sourcefeed
[+] Added selection for second line of the "All Feeds" view. The user can now select to show feed publish time, the source feed name or both.
[+] The used Webbrowser plugin (WebBrowser, GeckoBrowser or other) can now be selected in the advanced configuration 
[+] Last selected feed/twitter item will be selected on open Twitter or Feeds page
[+] Improved tweeting of TV series/shows a lot!
[*] Changed Blue3Wide and Blue3 to show the feed image instead of feed item image 
[*] Reworked SkinSettings. SkinSettings will now overwrite user settings, but the will not saved permanently
[*] Cache folder of twitter and feed is now configurable in the advanced configuration
[*] Overridden settings by skin are marked in the configuration dialog now
[*] Duo MediaPortal code change in property system, changed some weather and Recently Added properties (See Skin changelog v1.5 to v1.6)
[*] Removed MaxTemp and MinTemp from weather today properties, because they are not right for some cities 
[*] Log file is now not locked while MediaPortal is running
[-] Fixed some logging issues
[-] Fixed recently added system
[-] Fixed some weather inconstancies.
[-] Fixed some rare crashes duo threading issues.
[-] Fixed false download of other files (only image files are now downloaded) by the Feed Service
[-] Fixed language misspellings for English and Italian
[i] Compiled against MediaPortal 1.1.0 RC4
[!] Duo the use of a own configuration file, you have to setup InfoService again, sorry
 
Version v1.5:
[+] Added recently added feature, which shows you the recently added movies and series
[+] Improved twitter client
[+] A brand new twitter screen with all twitter messages and timelines
[+] Post twitter status updates
[+] Open web links in a twitter message in a WebBrowser window
[+] Download all twitter timelines, not only one
[+] Post automatically twitter status update, if you watching a video
[+] Twitter uses now OAuth to connect
[+] Faster overall download times of feed and twitter
[+] Improved logging (for better error detection)
[+] Added multilanguage support (English, German, Italian, Dutch and Spanish for now)
[+] Weather is now updated as soon as you change your weather in the MediaPortal weather GUI
[+] Many new properties (See Skin changelog v1.32 to v1.5)
[+] Added skin settings (See Skin developer guide)
[-] A tons of bugs fixed, so many to count them all
[i] Completely rewritten!
[i] InfoService is now open source!
 
Version v1.32:
[-] Fixed empty entry in the normal home menu
 
Version v1.31:
[-] Fixed forgotten humidity property for each day (night and day)
[-] Fixed some forgotten translations
 
Version v1.3:
[+] Added a "last updated" property for feed, weather and twitter
[+] Added a button to download the default feed name on the Add Feed dialog
[+] Added much more weather properties. See thread/readme for details
[+] Added possibility to change the ticker layout
[*] Default settings are now loaded if the plugin is used for the first time (Feed ticker with MediaPortal RSS on, Weather on)
[-] Fixed no image download for atom feeds
[-] Fixed that the plugin is not showing on the normal home screen
[!] Removed Monochrome skin files
 
Version v1.2:
[+] Added option to disable/enable the feed item publish time
[-] Fixed the rare crash when downloading twitter timeline, hopefully
 
Version v1.1:
[+] New propertys #infoservice.feed.separator/ #infoservice.twitter.separator which holds the separator string of feed/twitter line
[-] False feed image is showed when "Show all feeds on home" is activated and after entering InfoService screen
[-] Fixed download location of feed images
[i] Duo the false download location of the feed images you can delete the folder "C:\Temp\InfoService\"
[!] The webbrowser part of InfoSerivce moved into a separate WebBrowser plugin. So if you want to read your feeds completely, you need the WebBrowser plugin which can be found here ...
 
Version v1.0:
[+] There are to much changes to list them Mainly bugfixes and a better browser handling. Try and test yourself.
 
Version v0.99.3:
[*] Changed zoom keys on remote and keyboard to Play previous/next key
[-] Fixed false sizing of browser window, if MediaPortal is not in fullscreen mode
[-] Fixed no weather download (Sorry for that)
 
Version v0.99.2:
[+] Added default zoom option for each feed
[+] Added option to change zoom steps
[*] Improved browser zooming feature
[-] Fixed false size of feed browser
 
Version v0.99.1:
[-] Fixed false resolving of #infoservice.weather.today/dayX.img.small/big.filenamewithoutext and changed name of #infoservice.weather.today/dayX.img.small/big.filename to #infoservice.weather.today/dayX.img.small/big.filenamewithext
[-] Fixed feed downloading problem with some feeds
 
Version v0.99:
[+] Added and changed propertys #infoservice.weather.today/dayX.img.big/small.fullpath, #infoservice.weather.today/dayX.img.big/small.filename, #infoservice.weather.today/dayX.img.big/small.filenamewithoutext
[+] Added possibility to read the whole feed in a browser window (incl. zoom)
[-] Fixed not showing of own feed image
 
Version v0.94:
[+] Readded the #infoservice.feed.alltitles property
[-] Removed forgotten debug code
 
Version v0.93:
[+] Added sorting for feed items, because some feeds are not sorted by date
[-] Fixed publish time was shown even if the feed item has no publish time
 
Version v0.92:
[+] Added feed item publish time to each feed item
[+] Added wait notification on manual update
[-] Fixed no update of weather and twitter data when pressing "Refresh" button
[-] Fixed no weather data for some timezones
 
Version v0.9:
[+] Added new button on InfoService window to show itmes of all feeds on basichome
[+] Added possibilty to change weather in MediaPortal (just change weather in the weather screen and wait for the next update)
[*] #infoservice.feed.itemimg will be empty if there is no feed item image found
[*] Old feed data is used if there was a download error
[*] Reverted back to use the MediaPortal weather configuration
[*] Removed property #infoservice.feed.alltitles
[-] Fixed bugs here and there
[-] Fixed filling of #infoservice.feed.selectedindex
[-] Fixed weather data is off by one day
 
Version v0.85:
[+] Added new feed configuration dialog
[+] Added sort feature for your feeds in the feed configuration dialog
[*] #infoservice.feed.itemimg filled with default image if no feed item imaged is found
[-] Fixed last selected feed is not active on basichome after update
[-] Fixed no refresh of feed items in the infoscreen window after feed update
[-] Fixed that #infoservice.today.weekday and #infoservice.day2.weekday shows the same weekday
 
Version v0.81:
[-] #infoservice.feed.selectedfeed will now be filled
[-] Fixed crash if infoservice thumb dir not exists
 
Version v0.8:
[+] Added automatic download of feed logo (if feed logo is found)
[+] Added check if entered feed is an url
[+] Added feed download error dialog on infoservice window
[+] Added new option to change the max items per feed if you use the #infoservice.feed.alltitles
[+] Added new propetry items #infoservice.feed.selectedindex, #infoservice.feed.selectedtitle, #infoservice.feed.itemcount, #infoservice.feed.alltitles, #infoservice.feed.type and #infoservice.feed.selectedfeed
[+] Added plugin configuration to log output (Not the twitter user and password!)
[+] Feed item images are now shown in the listcontrol
[*] Better error handling for weather service
[*] Changed all property names for clearer indentification
[*] Increased the maximum of items to 100 for feeds and twitter (don't know why i've locked this)
[-] Fixed crash when weather.com returns a error
[-] Fixed some html encoding erros
 
Version v0.71:
[*] Removed word wrap between the conditions
[-] Fixed forgotten localization of forecast conditions
 
Version v0.7:
[+] Added new property #feeditemimg that holds a image of a feed item
[+] Added own configuration for weather
[+] Added possibility to read feeds and download pictures for feed item (only rss 2.0)
 
Version v0.6:
[+] Added support for RDF (RSS 1.0) and Atom feeds
[*] Again better error and log handling
[*] Changed property name from #rssfeed -> #feedtitles, #rssimg -> #feedimg as the plugin now supports more than rss feeds
[*] Removed the last separator on the feed and twitter line.
 
Version v0.5:
[+] Added possibility to add more than one rss feed
[+] Added possibility to change the rss feed on basichome with a dirty trick (hope it work as expected) :/
[*] Changed error and log handling
[i] Rewrite of ca. 75% code for a easier way to add more services
 
Version v0.22:
[*] Day labels are now translated by MediaPortal
 
Version v0.21:
[-] Fixed #day4label resolving
[-] Fixed #todaylabel resolves the wrong day
 
Version v0.2:
[+] Added a twitter ticker
[+] Added day labes for each day
 
Version v0.12:
[-] Fixed crash if there is no internet connection
 
Version v0.11:
[-] Fixed crash if no location is found
[-] Fixed crash if timeformat in rss feed wrong
 
Version v0.1:
[+] First release
 
========= End of CMD: =========
 
C:\Users\Paul\AppData\Roaming\OCFanEeZ => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3E8C9641-617F-44B3-BB94-DFB3B8DB82A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E8C9641-617F-44B3-BB94-DFB3B8DB82A4}" => key removed successfully
C:\Windows\System32\Tasks\{810C7B94-BE0B-18C7-D663-BA6DE5295A25} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{810C7B94-BE0B-18C7-D663-BA6DE5295A25}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC9A01BB-B8E8-4CDD-81D5-DA2A937B5C66}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC9A01BB-B8E8-4CDD-81D5-DA2A937B5C66}" => key removed successfully
C:\Windows\System32\Tasks\{DDFFE33E-784E-40F9-8CF8-CC0A2AFC3770} => => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DDFFE33E-784E-40F9-8CF8-CC0A2AFC3770} => => key not found. 
 
 
The system needed a reboot.
 
==== End of Fixlog 15:12:38 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users