Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

99% CPU usage unless task manager is open


  • This topic is locked This topic is locked
19 replies to this topic

#1 Cute

Cute

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:12 PM

Posted 20 October 2015 - 12:57 PM

First of all, hello to you all.

This has been happening since a few days and i couldn't come with a solution..

What's happening is everytime the task manager it's closed my CPU usage goes up to 99% and sometimes even the disk, but once it's open it goes down a lot in 1-2 seconds (That's how i noticed)..

Something it's hiding that's where i put my money on, but not normal at all.

I'll be waiting for a solution, thank you so much for taking the time to read this, if needs any logs or anything just ask and by the way i have windows 8!



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:12 AM

Posted 20 October 2015 - 04:14 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Cute

Cute
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:12 PM

Posted 20 October 2015 - 04:53 PM

Hello, thank you for your reply, i did the scan and here are the logs!
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-10-2015
Ran by Emilse (administrator) on FAMILIA (20-10-2015 18:43:48)
Running from C:\Users\Emilse\Downloads
Loaded Profiles: Emilse & fbwuser (Available Profiles: Emilse & fbwuser)
Platform: Windows 8 Single Language (X64) Language: Español (España, internacional)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Flux Software LLC) C:\Users\Emilse\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Spotify Ltd) C:\Users\Emilse\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_updater.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [2032256 2015-10-03] (Hola Networks Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-02] (Avast Software s.r.o.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\Run: [Spotify Web Helper] => C:\Users\Emilse\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-10-17] (Spotify Ltd)
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\Run: [WTFast Tray] => C:\Program Files (x86)\WTFast\WTFast.exe [4711000 2015-06-02] (AAA Internet Publishing, Inc.)
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-06-23] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53737488 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\Run: [Spotify] => C:\Users\Emilse\AppData\Roaming\Spotify\Spotify.exe [7736128 2015-10-17] (Spotify Ltd)
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\MountPoints2: {3f655cfd-17a7-11e2-be65-806e6f6e6963} - "E:\setup.exe" 
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\MountPoints2: {99bfc874-1e5f-11e5-bf6d-902b34b87d9d} - "D:\setup.exe" 
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\MountPoints2: {fa6381a6-c5b5-11e2-be9a-902b34b87d9d} - "D:\AutoRun.exe" "motorola.html"
HKU\S-1-5-21-2118594802-1783837968-1324960856-1004\...\MountPoints2: {3f655cfd-17a7-11e2-be65-806e6f6e6963} - "E:\setup.exe" 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-01] (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-2118594802-1783837968-1324960856-1004] => file://C:/ProgramData/Hotspot Shield/config/hsspx/proxy.pac
Winsock: Catalog9 01 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2014-10-08] (Initex)
Winsock: Catalog9 02 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2014-10-08] (Initex)
Winsock: Catalog9 03 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2014-10-08] (Initex)
Winsock: Catalog9 04 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2014-10-08] (Initex)
Winsock: Catalog9 15 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2014-10-08] (Initex)
Winsock: Catalog9-x64 01 C:\Windows\system32\WTFastDrv.dll [79464 2014-10-08] (Initex)
Winsock: Catalog9-x64 02 C:\Windows\system32\WTFastDrv.dll [79464 2014-10-08] (Initex)
Winsock: Catalog9-x64 03 C:\Windows\system32\WTFastDrv.dll [79464 2014-10-08] (Initex)
Winsock: Catalog9-x64 04 C:\Windows\system32\WTFastDrv.dll [79464 2014-10-08] (Initex)
Winsock: Catalog9-x64 15 C:\Windows\system32\WTFastDrv.dll [79464 2014-10-08] (Initex)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.42.4.203 200.49.130.40
Tcpip\..\Interfaces\{77061900-1331-4C66-BC92-6C849285C112}: [DhcpNameServer] 200.42.4.203 200.49.130.40
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.sxe-anticheat.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.sxe-anticheat.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.sxe-anticheat.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.sxe-anticheat.com/
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.sxe-anticheat.com/
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.sxe-anticheat.com/
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.bangho.com.ar
HKU\S-1-5-21-2118594802-1783837968-1324960856-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem.msn.com
HKU\S-1-5-21-2118594802-1783837968-1324960856-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem.msn.com
HKU\S-1-5-21-2118594802-1783837968-1324960856-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.bangho.com.ar
HKU\S-1-5-21-2118594802-1783837968-1324960856-1004\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.bangho.com.ar
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2118594802-1783837968-1324960856-1001 -> DefaultScope {33D59858-89D9-4AC2-A956-93875EB02323} URL = hxxp://search.sxe-anticheat.com/?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2118594802-1783837968-1324960856-1001 -> {33D59858-89D9-4AC2-A956-93875EB02323} URL = hxxp://search.sxe-anticheat.com/?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-01] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-01] (Avast Software s.r.o.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Emilse\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-10] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2118594802-1783837968-1324960856-1001: @hola.org/FlashPlayer -> C:\Users\Emilse\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2015-10-03] ()
FF Plugin HKU\S-1-5-21-2118594802-1783837968-1324960856-1001: @hola.org/vlc -> C:\Users\Emilse\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2015-10-03] (Hola)
FF Plugin HKU\S-1-5-21-2118594802-1783837968-1324960856-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Emilse\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\user.js [2015-07-21]
FF SearchPlugin: C:\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\searchplugins\localstrike-search.xml [2013-12-15]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\creativecommons.xml [2014-07-30]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolibre-ar.xml [2014-07-30]
FF Extension: leethax.net extension - C:\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\leethax@leethax.net.xpi [2013-10-02] [not signed]
FF Extension: NewTabURL - C:\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\newtaburl_local.xpi [2011-08-30] [not signed]
FF Extension: Greasemonkey - C:\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-04-29]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-06] [not signed]
FF HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]
FF Extension: No Name - C:\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\extensions\defsearchp@gmail.com [not found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Presentaciones de Google) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-22]
CHR Extension: (Google Docs) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-22]
CHR Extension: (Google Drive) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-22]
CHR Extension: (YouTube) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-22]
CHR Extension: (Búsqueda de Google) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-22]
CHR Extension: (iMacros for Chrome) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp [2015-04-07]
CHR Extension: (Media Hint) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdagjpilmpmajpmgcojcppnhjjogfcn [2014-06-26]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-22]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (AdBlock) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-22]
CHR Extension: (Hola - VPN Libre Ilimitada) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-10-07]
CHR Extension: (z player) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\klkkmdbmkipeeddocomfppoidkollfcj [2015-07-02]
CHR Extension: (Skype Click to Call) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-19]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Reproductor Z) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohbfcalhonopbkinbhdgdkgbjddgadon [2015-09-02]
CHR Extension: (Gmail) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-01] (Avast Software s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
S2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [8105600 2015-10-03] (Hola Networks Ltd.)
R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [8105600 2015-10-03] (Hola Networks Ltd.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-09-22] (Nalpeiron Ltd.) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4702568 2012-10-24] (INCA Internet Co., Ltd.) [File not signed]
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
S2 mailUpdate; C:\ProgramData\MailUpdate\mailUpdate.exe -service [X]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-02] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-01] ()
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-04-22] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-01-24] ()
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [46792 2013-06-20] (AnchorFree Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
S3 ssudobex; C:\Windows\system32\DRIVERS\ssudobex.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [36288 2013-07-01] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [247216 2013-07-01] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 wanatw; \SystemRoot\system32\DRIVERS\wanatw64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-20 18:36 - 2015-10-20 18:36 - 00054178 _____ C:\Users\Emilse\Downloads\Addition.txt
2015-10-20 18:35 - 2015-10-20 18:43 - 00025743 _____ C:\Users\Emilse\Downloads\FRST.txt
2015-10-20 18:33 - 2015-10-20 18:34 - 02196992 _____ (Farbar) C:\Users\Emilse\Downloads\FRST64.exe
2015-10-20 17:36 - 2015-10-20 17:36 - 00000089 _____ C:\Users\Emilse\Desktop\High usage forum help.txt
2015-10-20 13:21 - 2015-10-20 13:21 - 01186640 _____ C:\Users\Emilse\Downloads\ProcessExplorer.zip
2015-10-16 21:33 - 2015-10-16 21:34 - 00005909 _____ C:\Users\Emilse\Downloads\LOL_OPGG_Observer_256419835_spectate.bat
2015-10-15 09:09 - 2015-10-15 09:09 - 00000000 ____D C:\Windows\pss
2015-10-12 20:35 - 2015-10-12 20:35 - 00048988 _____ C:\Users\Emilse\Downloads\The Walking Dead 6x01 - First Time Again (Español (Latinoamérica)).srt
2015-10-06 23:19 - 2015-10-06 23:19 - 00005918 _____ C:\Users\Emilse\Downloads\LOL_OPGG_Observer_1965814764_replay.bat
2015-10-06 23:11 - 2015-10-06 23:11 - 00005920 _____ C:\Users\Emilse\Downloads\LOL_OPGG_Observer_2325384464_replay.bat
2015-10-06 22:53 - 2015-10-06 22:53 - 00005918 _____ C:\Users\Emilse\Downloads\LOL_OPGG_Observer_1969890638_replay.bat
2015-10-06 14:04 - 2015-10-06 14:04 - 00005919 _____ C:\Users\Emilse\Downloads\LOL_OPGG_Observer_2097358323_replay.bat
2015-10-06 14:01 - 2015-10-06 14:01 - 00005919 _____ C:\Users\Emilse\Downloads\LOL_OPGG_Observer_2100172283_replay.bat
2015-10-06 01:39 - 2015-10-06 01:39 - 00063406 _____ C:\Users\Emilse\Downloads\Quantico 1x02 - America (Español (España)).srt
2015-10-04 15:23 - 2015-10-04 15:23 - 00043433 _____ C:\Users\Emilse\Downloads\Heroes Reborn 1x03 - Under the Mask (Español (Latinoamérica)).srt
2015-10-03 21:23 - 2015-10-03 22:30 - 00000000 ____D C:\Users\Emilse\Downloads\Hola
2015-10-03 21:23 - 2015-10-03 21:23 - 00000000 ____D C:\Users\Emilse\AppData\Roaming\Hola
2015-10-03 21:23 - 2015-10-03 21:23 - 00000000 ____D C:\Users\Emilse\AppData\Local\Hola
2015-10-03 21:20 - 2015-10-03 21:20 - 00073200 _____ C:\Users\Emilse\Downloads\limitless-s01e02-es.srt
2015-10-03 21:20 - 2015-10-03 21:20 - 00070774 _____ C:\Users\Emilse\Downloads\limitless-s01e02-en.srt
2015-10-03 21:19 - 2015-10-03 21:23 - 00000000 ____D C:\Program Files\Hola
2015-10-03 21:19 - 2015-10-03 21:21 - 00000982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hola.lnk
2015-10-03 21:18 - 2015-10-03 21:18 - 23262848 _____ (Hola Networks Ltd.) C:\Users\Emilse\Downloads\Hola-Setup-x64-1.9.624.exe
2015-09-29 00:52 - 2015-09-29 00:52 - 00057906 _____ C:\Users\Emilse\Downloads\Quantico 1x01 - Run (Español (España)).srt
2015-09-26 23:32 - 2015-09-26 23:32 - 00087660 _____ C:\Users\Emilse\Downloads\Heroes Reborn 1x01 - Brave New World - 1x02 - Odessa (Español (España)).srt
2015-09-25 22:13 - 2015-09-25 22:13 - 00036710 _____ C:\Users\Emilse\Downloads\442505.zip
2015-09-25 22:11 - 2015-09-25 22:11 - 00039328 _____ C:\Users\Emilse\Downloads\436959.rar
2015-09-25 21:21 - 2015-09-25 21:21 - 00062731 _____ C:\Users\Emilse\Downloads\Limitless 1x01 - Pilot.srt
2015-09-25 20:54 - 2015-09-25 20:54 - 00063060 _____ C:\Users\Emilse\Downloads\Limitless 1x01 - Pilot (Español (Latinoamérica)).srt
2015-09-24 10:31 - 2015-09-24 10:31 - 00036971 _____ C:\Users\Emilse\Downloads\441829.rar
2015-09-23 23:19 - 2015-09-23 23:19 - 00037219 _____ C:\Users\Emilse\Downloads\442057.zip
2015-09-23 23:15 - 2015-09-23 23:15 - 00037050 _____ C:\Users\Emilse\Downloads\433310.rar
2015-09-23 18:49 - 2015-09-23 18:50 - 17561112 _____ C:\Users\Emilse\Downloads\kz_bhop_minimalism_sooshka_2533.49.rar
2015-09-23 13:48 - 2015-09-23 13:48 - 00766359 _____ C:\Users\Emilse\Downloads\kz_beach_R4D14710N_0052.22.rar
2015-09-20 21:19 - 2015-09-20 21:19 - 00035517 _____ C:\Users\Emilse\Downloads\130730 (1).zip
2015-09-20 21:18 - 2015-09-20 21:19 - 00035517 _____ C:\Users\Emilse\Downloads\130730.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-20 18:43 - 2015-04-06 01:05 - 00000000 ____D C:\FRST
2015-10-20 18:42 - 2013-03-06 23:05 - 01699922 _____ C:\Windows\WindowsUpdate.log
2015-10-20 18:32 - 2015-04-06 14:16 - 00000000 ____D C:\Users\Emilse\Desktop\Anti virus & Cleaners
2015-10-20 18:30 - 2013-05-15 16:09 - 00000000 ____D C:\Users\Emilse\AppData\Local\Spotify
2015-10-20 18:29 - 2015-07-23 00:09 - 00000000 ____D C:\Users\Emilse\AppData\Roaming\IMVU
2015-10-20 18:04 - 2013-03-06 23:33 - 00001060 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-20 18:02 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\system32\sru
2015-10-20 17:54 - 2013-10-02 12:28 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-20 17:45 - 2013-05-15 16:08 - 00000000 ____D C:\Users\Emilse\AppData\Roaming\Spotify
2015-10-20 05:04 - 2013-03-06 23:33 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-20 01:09 - 2015-07-30 03:28 - 00001680 _____ C:\Windows\Sandboxie.ini
2015-10-19 18:05 - 2015-09-18 20:25 - 00000000 ____D C:\Users\Emilse\AppData\Local\Popcorn-Time
2015-10-16 15:54 - 2013-10-02 12:28 - 00003726 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-16 15:02 - 2012-07-26 08:20 - 00799076 _____ C:\Windows\system32\perfh00A.dat
2015-10-16 15:02 - 2012-07-26 08:20 - 00163386 _____ C:\Windows\system32\perfc00A.dat
2015-10-16 15:02 - 2012-07-26 04:28 - 01801978 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-16 13:10 - 2015-09-08 09:45 - 00000131 _____ C:\Users\Emilse\Desktop\Horne.txt
2015-10-16 13:10 - 2015-07-22 11:22 - 00000433 _____ C:\Users\Emilse\Desktop\Fernando Autos chocados.txt
2015-10-16 01:51 - 2015-04-06 00:39 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-16 01:00 - 2014-08-18 19:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-15 14:19 - 2012-07-26 04:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-15 13:22 - 2014-04-30 16:17 - 00000000 ____D C:\Users\Emilse\Desktop\N
2015-10-15 08:46 - 2013-03-06 23:33 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-15 06:34 - 2013-06-02 00:15 - 00000000 ____D C:\Users\Emilse\AppData\Roaming\vlc
2015-10-15 00:37 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\system32\NDF
2015-10-09 12:17 - 2014-02-24 21:38 - 00000000 ____D C:\Users\Emilse\Desktop\Limpio Y Terminado
2015-10-09 12:13 - 2015-03-24 11:26 - 00000132 _____ C:\Users\Emilse\AppData\Roaming\Prefs. de formato PNG de Adobe CC
2015-10-03 23:19 - 2013-05-06 13:44 - 00000000 ____D C:\Users\Emilse\AppData\Roaming\Skype
2015-10-02 11:02 - 2012-10-16 12:36 - 01195792 _____ C:\Windows\PFRO.log
2015-10-01 16:29 - 2013-03-06 23:11 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2118594802-1783837968-1324960856-1001
2015-10-01 09:20 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\SchCache
2015-10-01 09:20 - 2012-07-26 02:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-10-01 09:19 - 2015-07-30 23:59 - 00001177 _____ C:\Users\Emilse\Desktop\EZBlocker - Acceso directo.lnk
2015-10-01 09:19 - 2015-07-21 23:06 - 00001216 _____ C:\Users\Emilse\Desktop\cmd.lnk
2015-10-01 09:19 - 2015-07-21 18:33 - 00001026 _____ C:\Users\Emilse\Desktop\sXe Injected.lnk
2015-10-01 09:19 - 2015-06-28 02:26 - 00001817 _____ C:\Users\Emilse\Desktop\Spotify.lnk
2015-10-01 09:19 - 2015-05-24 09:09 - 00001167 _____ C:\Users\Emilse\Desktop\PlayBNS - Acceso directo.lnk
2015-10-01 09:19 - 2015-05-16 21:17 - 00001869 _____ C:\Users\Emilse\Desktop\Counter Strike 1.6 Non Steam.lnk
2015-10-01 09:19 - 2015-05-16 16:31 - 00000000 ____D C:\Program Files (x86)\sXe Injected
2015-10-01 09:19 - 2015-05-16 01:32 - 00001131 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.0.lnk
2015-10-01 09:19 - 2015-05-15 21:30 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-01 09:19 - 2015-05-13 10:54 - 00001071 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2015-10-01 09:19 - 2015-03-17 10:18 - 00001687 _____ C:\Users\Emilse\Desktop\Photoshop CC.lnk
2015-10-01 09:19 - 2015-03-17 10:08 - 00001067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk
2015-10-01 09:19 - 2015-03-17 10:04 - 00001351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2015-10-01 09:19 - 2015-03-17 10:04 - 00001345 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2015-10-01 09:19 - 2014-11-01 00:31 - 00000968 _____ C:\Users\Emilse\Desktop\Glyph.lnk
2015-10-01 09:19 - 2014-09-22 12:06 - 00000928 _____ C:\Users\Public\Desktop\Steam.lnk
2015-10-01 09:19 - 2014-08-18 19:55 - 00002691 _____ C:\Users\Public\Desktop\Skype.lnk
2015-10-01 09:19 - 2014-04-15 23:16 - 00002321 _____ C:\Users\Emilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-01 09:19 - 2014-02-10 21:15 - 00001838 _____ C:\Users\Emilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6.lnk
2015-10-01 09:19 - 2014-01-24 04:37 - 00001331 _____ C:\Users\Emilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\l2 - Acceso directo.lnk
2015-10-01 09:19 - 2014-01-16 20:33 - 00001138 _____ C:\Users\Emilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lin]e[age L2Java.com.lnk
2015-10-01 09:19 - 2013-10-18 12:29 - 00001060 _____ C:\Users\Emilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2015-10-01 09:19 - 2013-10-18 10:54 - 00001192 _____ C:\Users\Emilse\AppData\Roaming\Microsoft\Windows\Start Menu\Jugar a WoW CoRe.lnk
2015-10-01 09:19 - 2013-10-02 12:20 - 00001020 _____ C:\Users\Emilse\Desktop\Mozilla Firefox.lnk
2015-10-01 09:19 - 2013-10-02 12:20 - 00001020 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-01 09:19 - 2013-09-22 22:18 - 00001912 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
2015-10-01 09:19 - 2013-08-09 18:38 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-01 09:19 - 2013-06-15 23:26 - 00001042 _____ C:\Users\Emilse\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2015-10-01 09:19 - 2013-05-15 16:09 - 00001803 _____ C:\Users\Emilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-10-01 09:19 - 2013-03-30 08:08 - 00001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2015-10-01 09:19 - 2013-03-30 08:07 - 00001206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2015-10-01 09:19 - 2013-03-30 08:06 - 00001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2015-10-01 09:19 - 2013-03-30 08:05 - 00001168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2015-10-01 09:19 - 2013-03-30 08:03 - 00001518 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2015-10-01 09:19 - 2013-03-30 08:03 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2015-10-01 09:19 - 2013-03-30 06:47 - 00001038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
2015-10-01 09:19 - 2013-03-06 23:05 - 00000986 _____ C:\Users\Emilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-01 09:19 - 2012-11-15 06:16 - 00002481 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-10-01 09:19 - 2012-11-15 06:16 - 00001453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-10-01 09:19 - 2012-11-15 06:16 - 00001369 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-10-01 09:19 - 2012-11-15 06:16 - 00001300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-09-30 09:54 - 2013-03-07 04:23 - 00000000 ____D C:\Users\Emilse\AppData\Roaming\LolClient
2015-09-25 04:41 - 2014-04-15 22:57 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-23 19:14 - 2014-09-22 12:06 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-22 08:14 - 2015-03-02 15:53 - 00000000 ____D C:\Users\Emilse\Desktop\Otros
 
==================== Files in the root of some directories =======
 
2013-11-23 20:43 - 2013-11-23 20:52 - 0000132 _____ () C:\Users\Emilse\AppData\Roaming\Prefs. de formato BMP de Adobe CS6
2015-07-05 02:29 - 2015-07-13 13:24 - 0000132 _____ () C:\Users\Emilse\AppData\Roaming\Prefs. de formato GIF de Adobe CC
2015-03-24 11:26 - 2015-10-09 12:13 - 0000132 _____ () C:\Users\Emilse\AppData\Roaming\Prefs. de formato PNG de Adobe CC
2013-04-05 23:35 - 2015-03-14 12:52 - 0000132 _____ () C:\Users\Emilse\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2013-07-27 11:42 - 2013-08-30 05:42 - 0000071 _____ () C:\Users\Emilse\AppData\Roaming\WB.CFG
2013-06-28 06:42 - 2013-08-30 05:42 - 0000005 _____ () C:\Users\Emilse\AppData\Roaming\WBPU-TTL.DAT
2015-01-20 05:38 - 2015-04-16 02:24 - 0001456 _____ () C:\Users\Emilse\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2015-05-15 19:45 - 2015-05-15 19:45 - 0000016 _____ () C:\ProgramData\mntemp
 
Some files in TEMP:
====================
C:\Users\Emilse\AppData\Local\Temp\update.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-20 04:37
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-10-2015
Ran by Emilse (2015-10-20 18:44:09)
Running from C:\Users\Emilse\Downloads
Windows 8 Single Language (X64) (2013-03-07 02:05:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-2118594802-1783837968-1324960856-500 - Administrator - Disabled)
Emilse (S-1-5-21-2118594802-1783837968-1324960856-1001 - Administrator - Enabled) => C:\Users\Emilse
fbwuser (S-1-5-21-2118594802-1783837968-1324960856-1004 - Limited - Enabled) => C:\Users\fbwuser
HomeGroupUser$ (S-1-5-21-2118594802-1783837968-1324960856-1003 - Limited - Enabled)
Invitado (S-1-5-21-2118594802-1783837968-1324960856-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.32 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0932-000001000000}) (Version: 9.32.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlePing (HKLM-x32\...\{DB480AC3-1578-B8DC-3F8F-786A2A4E3BC7}) (Version: 1.3.3.4 - BattlePing)
Blade and Soul (HKLM-x32\...\{CEF766E5-6E15-441F-B14A-C44CB168DBE7}) (Version: 1.0.0 - PlayBns.com)
Color Efex Pro 4 (HKLM-x32\...\Color Efex Pro 4) (Version: 4.0.0.0 - Nik Software, Inc.)
Counter-Strike 1.6 (HKLM-x32\...\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}) (Version: 1.6 - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Cuevana Storm version 0.3b (HKLM-x32\...\{2AFB4518-E1D7-4D74-B4FC-C65AE00E531D}_is1) (Version: 0.3b - Cuevana)
CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dawngate (HKLM-x32\...\{25FAB7E0-526C-437F-8D55-7F00436B873D}) (Version: 180.16.77.0 - Electronic Arts, Inc.)
Desktop Live Streamer (HKLM-x32\...\{90B6DE78-F018-4479-AEAC-0FF6712356D1}) (Version: 0.9.4000 - Charnet3D)
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
f.lux (HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\Flux) (Version:  - )
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Gameforge Live 1.10.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.10.0 - Gameforge)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Gyazo 2.0.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HEX (HKLM-x32\...\{E31B651A-B48C-423C-8D0D-855756C8B7E8}_is1) (Version:  - HEX Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.8.208 - SurfRight B.V.)
Hola™ 1.9.624 - Better Internet (HKLM\...\Hola) (Version: 1.9.624 - Hola Networks Ltd.)
IMVU Avatar Chat Software (HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\IMVU Avatar chat client software BETA) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4101 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
join.me (HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\JoinMe) (Version: 1.20.0.116 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Kreedz Climbing 2.0 (HKLM-x32\...\{64319B79-D347-4EF9-8AD5-AED5BAAC84A6}) (Version: 2.00.0000 - Kreedz Climbing Development Team - ObsessionSoft)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lineage II (HKLM-x32\...\{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}) (Version: 90.7.2281 - NCSoft)
Lineage II (HKLM-x32\...\{23664DA8-8872-4CF4-A2F2-327CC539823B}) (Version: 4.0.0.2 - NC Interactive, LLC)
Lineage® II: Freya (High Five) (HKLM-x32\...\{21040472-F8DF-48A9-A093-2986C1495670}) (Version: 198 - NCsoft)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2118594802-1783837968-1324960856-1004\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MorphVOX Pro (HKLM-x32\...\{DE289787-7ECA-4BED-9D8C-99FAC407E3D6}) (Version: 4.3.13 - Screaming Bee)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 es-AR) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 es-AR)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MTA:SA v1.4.1 (HKLM-x32\...\MTA:SA 1.4) (Version: v1.4.1 - Multi Theft Auto)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Popcorn Time (HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\Popcorn Time) (Version:  - Popcorn Official)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.4-1.0.7299.14 - raidcall.com)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Sandboxie 4.20 (64-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 0.1.1989.5 - Hi-Rez Studios)
Software para dispositivos de chipset Intel® (x32 Version: 10.0.27 - Intel® Corporation) Hidden
Source SDK Base 2013 Multiplayer (HKLM-x32\...\Steam App 243750) (Version:  - )
Spotify (HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
sXe Injected (HKLM-x32\...\sXe Injected) (Version: 15.3.7.0 - Alejandro Cortés)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
Uninstall LSI (HKLM-x32\...\{62B332E9-239D-4692-BDE2-0CC1CF2833DA}_is1) (Version: 3.0b - Aequus Gaming Ltd.)
Unity Web Player (HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 10.0 (HKLM-x32\...\{3BE3A580-D09A-11DF-9D8B-0013D3D69929}) (Version: 10.0.387 - Sony)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WTFast 3.5 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.5.6.464 - Initex & AAA Internet Publishing)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2118594802-1783837968-1324960856-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Emilse\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
 
==================== Restore Points =========================
 
27-09-2015 03:06:00 Punto de control programado
06-10-2015 22:11:04 Punto de control programado
16-10-2015 03:19:25 Punto de control programado
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-29 16:41 - 2015-07-29 16:41 - 00000076 ____A C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {298F14AC-1D2C-4FEC-900A-C15EBCECB434} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2C71AA80-926A-453D-AF28-526B92919CFA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated)
Task: {397A8547-0547-4637-BA55-3C846BDA3F6B} - System32\Tasks\{2A939F44-BC9F-4B1E-8ABD-6BDD768B1D5D} => pcalua.exe -a C:\Users\Emilse\AppData\Local\TNT2\2.0.0.1599\TNT2User.exe -c /UNINSTALL PARTNER=10583
Task: {44B6B4CE-9B48-4157-89FF-FD5D99B0B24C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {4722E158-9468-4180-8181-4C87E7CFC7DF} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {667E7D31-0437-4ECB-8ADE-060D9DAA7D49} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {7BE57D59-FEBF-4C94-9584-22DA1B000BC0} - System32\Tasks\{E3BC1642-4316-442B-9D6A-7F0DF6B098D2} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.0.105/es/abandoninstall?source=lightinstaller&page=tsProgressBar
Task: {7F406A76-A02A-4C2A-AEDD-D004181A0F64} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B4A5DA38-FCB7-461E-ACB7-75BEDFE310C8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-01] (Avast Software s.r.o.)
Task: {BD9F8E94-7739-40FD-AE21-61AADCF5D1BE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-04-15 22:57 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-11-14 12:32 - 2012-08-23 20:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-07-01 18:42 - 2015-07-01 18:42 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-01 18:42 - 2015-07-01 18:42 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-15 08:45 - 2015-10-15 08:45 - 02994032 _____ () C:\Program Files\AVAST Software\Avast\defs\15101502\algo.dll
2015-10-20 12:53 - 2015-10-20 12:53 - 02993520 _____ () C:\Program Files\AVAST Software\Avast\defs\15102002\algo.dll
2015-07-01 18:42 - 2015-07-01 18:42 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-11-14 12:34 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-10-15 20:05 - 2015-10-08 21:53 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libglesv2.dll
2015-10-15 20:05 - 2015-10-08 21:53 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\Datos de programa:NT
AlternateDataStreams: C:\ProgramData\Datos de programa:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\Emilse\Datos de programa:NT
AlternateDataStreams: C:\Users\Emilse\Datos de programa:NT2
AlternateDataStreams: C:\Users\Emilse\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Emilse\AppData\Roaming:NT2
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\hola.org -> hxxp://hola.org
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Emilse\Desktop\victorious-wallpaperv2.jpg
HKU\S-1-5-21-2118594802-1783837968-1324960856-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 200.42.4.203 - 200.49.130.40
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "hola"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\StartupApproved\Run: => "WTFast Tray"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D6DF03C8-AFE5-4AD4-BD52-780F7C6A8892}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{80208AF4-FB6F-4EBB-874E-4B4812076942}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EFABBFAB-A151-49EC-9F58-FEE370CE2571}] => (Allow) LPort=2869
FirewallRules: [{C230E9F3-E5D9-4BF8-8DC4-AA5CF2F29945}] => (Allow) LPort=1900
FirewallRules: [{B38585CE-87F8-4A4C-86D1-BCD645A81894}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F0625CB8-567B-4063-9062-E9FC7284D349}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{3E5B2F58-3961-429D-AFA1-2EBF1362A5C1}C:\users\emilse\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\emilse\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{102A0B72-5920-462B-821D-0C24647DF1B6}C:\users\emilse\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\emilse\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AE65264F-9CA9-4C53-BE84-E32E9F896C94}] => (Block) C:\users\emilse\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C18FD538-52D5-4833-BE45-B164A51F22FA}] => (Block) C:\users\emilse\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5A413F54-2DAF-407E-A5FF-60BBD6FC133B}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{75762483-1D77-4E37-8C65-D61D114561A1}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{5096386D-84E1-4E08-BAFB-D236D80AD6A4}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe] => (Allow) C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe
FirewallRules: [UDP Query User{B18AC23B-C586-481A-8573-4E338D51899C}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe] => (Allow) C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe
FirewallRules: [TCP Query User{778B236E-7F5C-4848-BB0E-7C1B88777233}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [UDP Query User{EFB4C0BB-729F-4D7A-8D32-117E18BBCDC2}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [TCP Query User{D737CA1F-FD74-4BF6-B7B4-B2DB0D736D45}C:\users\emilse\desktop\tauti lineage2media\system\l2.bin] => (Allow) C:\users\emilse\desktop\tauti lineage2media\system\l2.bin
FirewallRules: [UDP Query User{A81C75BC-5B46-4FD7-9931-BB9F474B29A3}C:\users\emilse\desktop\tauti lineage2media\system\l2.bin] => (Allow) C:\users\emilse\desktop\tauti lineage2media\system\l2.bin
FirewallRules: [TCP Query User{BA65CA09-DFAB-47FD-8B13-0E6675D2B3D8}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [UDP Query User{28FA4257-204B-44B2-A7C1-2528002CFC2C}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [{06B45170-A814-4C76-B6B4-87F3A547310D}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe
FirewallRules: [{D1AADAAC-E662-4217-9AF9-E356355F4580}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe
FirewallRules: [{8A7F6BE6-9BEA-436F-9695-A03BBE8B923A}] => (Allow) C:\Program Files\World of Warcraft\Launcher.exe
FirewallRules: [{0EECC0B0-72BA-426D-9490-4697CECB7FD7}] => (Allow) C:\Program Files\World of Warcraft\Launcher.exe
FirewallRules: [TCP Query User{CA3166C7-7A70-4E67-935B-EB3504AA43DC}C:\program files\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-eses-downloader.exe
FirewallRules: [UDP Query User{753D9FB6-F09F-49BB-824B-082C6E1FF50B}C:\program files\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-eses-downloader.exe
FirewallRules: [TCP Query User{89F6B446-C6BB-45F1-965F-294B7AE3D22B}C:\program files\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-eses-downloader.exe
FirewallRules: [UDP Query User{EDF574F5-83D5-48E6-AC10-2DDE7EAAAC61}C:\program files\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-eses-downloader.exe
FirewallRules: [TCP Query User{67A2AFDA-3260-4830-AD28-865E1E6356A9}C:\program files\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-eses-downloader.exe
FirewallRules: [UDP Query User{99FAB62E-C5F7-49B7-AFA0-F8E87325301D}C:\program files\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-eses-downloader.exe
FirewallRules: [TCP Query User{B6472855-681B-427D-8A8D-150AA36639D7}C:\program files\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-eses-downloader.exe
FirewallRules: [UDP Query User{A7FB532E-DA55-4680-ABFE-CF7FB9F10227}C:\program files\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-eses-downloader.exe
FirewallRules: [TCP Query User{127D8A56-76EF-4712-A7EE-C08FDF0C406F}C:\program files\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-eses-downloader.exe
FirewallRules: [UDP Query User{0E33CA7D-C3FA-4997-B0BD-BFCC271F2B37}C:\program files\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-eses-downloader.exe
FirewallRules: [TCP Query User{4D89CCDA-0E61-4B5C-9BD4-0898C4A08708}C:\program files\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-eses-downloader.exe
FirewallRules: [UDP Query User{5BDA1092-F0D6-43F2-8179-11A366265360}C:\program files\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-eses-downloader.exe
FirewallRules: [TCP Query User{C407880B-68C8-4D0D-A217-56021F16281E}C:\program files\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-eses-downloader.exe
FirewallRules: [UDP Query User{45F8923B-3D8E-4393-9338-E6916F2E098F}C:\program files\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-eses-downloader.exe
FirewallRules: [TCP Query User{5F94B6E8-05B4-4BD3-B5C6-49B2352A213D}C:\program files\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-eses-downloader.exe
FirewallRules: [UDP Query User{6AB9ABDC-7B74-4F30-83F7-DF51C67513DC}C:\program files\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-eses-downloader.exe
FirewallRules: [TCP Query User{41C393A6-A035-4771-8AE7-527D6B9D5710}C:\program files\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-eses-downloader.exe
FirewallRules: [UDP Query User{B377DAB2-AF1E-4795-AF2D-DCF21A93BB11}C:\program files\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-eses-downloader.exe
FirewallRules: [TCP Query User{36332D1C-8B5C-4BAD-896D-483A53201469}C:\program files\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-eses-downloader.exe
FirewallRules: [UDP Query User{4B75277D-8203-490C-8CFC-6907C858CB6A}C:\program files\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-eses-downloader.exe
FirewallRules: [{DA5AD2D6-3235-4F63-BF17-0B17F9BE0E9B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{A317ED51-307C-403A-B83B-BAB02E764296}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{0DA7DB30-D68A-4B7E-924E-3B87F1773053}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{646ADF95-C6C8-4DC0-9F8F-67B176562E04}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{79C8C1B9-D72D-452A-B38E-1A798146D68B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1382306572\ee\aolsoftware.exe
FirewallRules: [{C424F8D3-CC1C-40A7-A1A4-73FC80190D85}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1382306572\ee\aolsoftware.exe
FirewallRules: [{6C8EFB13-8199-451D-BC22-E913F48BB3CF}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{F1596DB4-F9DF-4E50-BC47-C970FFBA7D5D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{CF47B1EC-0A37-45B3-B2D8-D3FB2E770953}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{52BC152E-F7C5-441C-BCB3-F697BFEE7D22}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{A4DB21DA-95D7-484C-BC3E-66829DC168B6}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{3541B081-C09C-468C-8287-A9AE504DBCCE}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{91868F75-4EBC-4910-9DF7-1DA9AC29E014}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{2B255524-0859-4C9C-A11E-B4C909A737F1}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{515964A0-1747-4DE4-871D-A0482F451105}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{D54ECFC2-001B-4BB4-8508-5874E43EF79D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [TCP Query User{2DC39CF0-22E0-457F-8B85-E774BFC07485}C:\program files (x86)\boxgames\rakion\bin\rakion.bin] => (Allow) C:\program files (x86)\boxgames\rakion\bin\rakion.bin
FirewallRules: [UDP Query User{49532E1E-85B4-4111-BF97-570EDF1B176F}C:\program files (x86)\boxgames\rakion\bin\rakion.bin] => (Allow) C:\program files (x86)\boxgames\rakion\bin\rakion.bin
FirewallRules: [{C95A0016-8B36-47E6-BADF-61FD616C35B6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{AFFC2AC9-EA10-40B5-BD4F-382F6FCC715A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{3B8A1DA8-CEF2-4F29-B245-A2DFDFD8EBB3}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{B7B3839C-449D-4642-9626-92C7D082D4F5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{24631E3D-E550-4B59-8278-7429980A128F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2359\Agent.exe
FirewallRules: [{78CD1A23-4338-44E1-B1F0-2B03EFFF32BC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2359\Agent.exe
FirewallRules: [{AD6FC439-86BD-4A51-84F8-E024EB13370B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{FBD201FE-13BA-4493-8FE5-9E7CA854D660}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [TCP Query User{67274125-E52D-4236-8A0C-6F6495D0A6C6}C:\users\emilse\downloadsሐ.exe] => (Block) C:\users\emilse\downloadsሐ.exe
FirewallRules: [UDP Query User{C409FBB8-B784-43EC-9478-025E4C1BB6DA}C:\users\emilse\downloadsሐ.exe] => (Block) C:\users\emilse\downloadsሐ.exe
FirewallRules: [TCP Query User{90E0611F-47D3-4015-A3C8-EBB6986EF69F}C:\users\emilse\desktopሐ.exe] => (Allow) C:\users\emilse\desktopሐ.exe
FirewallRules: [UDP Query User{F8D6C4E7-4CA9-48A5-B96F-E264C6F021E8}C:\users\emilse\desktopሐ.exe] => (Allow) C:\users\emilse\desktopሐ.exe
FirewallRules: [{3B98C02C-3154-4206-AABD-41A8158EC690}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2391\Agent.exe
FirewallRules: [{666AA05C-EF60-4B84-82CE-9AFB5E868501}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2391\Agent.exe
FirewallRules: [{1AE91D2F-4991-4739-A53E-FB4BA1CA2A50}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{2E5584E3-44ED-438C-974A-B0E967A88E0B}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{DB318F6C-2479-46BD-B1B9-CF272764B57F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{705853F2-AB6A-4BF0-9FC1-82B474A91083}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{D9872442-2F18-4A23-94C7-AC9134EE9FB5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{4D21E75B-AE9B-4F62-96C6-0C6E13F17C08}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [TCP Query User{8BFF23F6-EDB9-42A5-95AB-2C60C4EDCD58}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{FB7462D7-B9AC-4A16-950D-20EA12C32685}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{4647BC4C-42AF-42B4-BE59-B161DFAB0A4A}C:\program files (x86)\electronic arts\dawngate\game\dawngate.exe] => (Allow) C:\program files (x86)\electronic arts\dawngate\game\dawngate.exe
FirewallRules: [UDP Query User{4F933880-E6EF-4267-A6AD-919FDAE13160}C:\program files (x86)\electronic arts\dawngate\game\dawngate.exe] => (Allow) C:\program files (x86)\electronic arts\dawngate\game\dawngate.exe
FirewallRules: [TCP Query User{D69A9FA8-0A0E-4598-B1D6-5DEAFCC2BE1F}C:\program files (x86)\valve\hl.exe] => (Allow) C:\program files (x86)\valve\hl.exe
FirewallRules: [UDP Query User{0A32CF08-E90F-4CC1-A959-4241FAF6B867}C:\program files (x86)\valve\hl.exe] => (Allow) C:\program files (x86)\valve\hl.exe
FirewallRules: [{1FDFBA6D-7D80-4044-89BC-848106CADE62}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{DF0A319D-EBB0-4712-9425-31FC80ECA77C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{248E68F0-07E1-4F5E-BE18-A25505266E01}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{FBF3DC73-B46B-4BB3-8E66-D59EEC1A9CA5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{2DBBF320-D6F6-4664-9A9A-AB9B3FB9BDF5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{2523938E-D28C-4EFA-B3B7-1D02449B2CCE}] => (Block) %ProgramFiles% (x86)\sXe Injected\sXe Injected.exe
FirewallRules: [{B11E2F7F-AB3F-4F0B-BDB1-B224FFF5CDCA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{ED000969-D4DB-49D2-9F7A-FCD8BDB83477}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{735336E7-EA42-40DE-9656-1193E15786C2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{3CC5FE44-3F13-4DCD-BF57-56021097BA18}C:\jamaikamu\launcher.exe] => (Block) C:\jamaikamu\launcher.exe
FirewallRules: [UDP Query User{B980BF7D-084A-4463-B8E1-41A8A673FD63}C:\jamaikamu\launcher.exe] => (Block) C:\jamaikamu\launcher.exe
FirewallRules: [TCP Query User{CABE6B2C-A4A0-478E-8BD3-665644FA4496}C:\program files (x86)\cuevana storm\cuevana storm.exe] => (Allow) C:\program files (x86)\cuevana storm\cuevana storm.exe
FirewallRules: [UDP Query User{7953A8D7-5F92-4391-9717-53C129844180}C:\program files (x86)\cuevana storm\cuevana storm.exe] => (Allow) C:\program files (x86)\cuevana storm\cuevana storm.exe
FirewallRules: [{E2EF9E3C-D21C-462E-8807-1FC62CA1E708}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{67BC8EAF-C340-4D0C-992E-3DC75D77B6DE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{4E146F4A-B65F-407B-B455-453B24FCBE65}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{FA48A206-D262-4A17-B4BF-0B53FE5E95E7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{D8F3E44C-083D-4481-94E4-6F101FD6987B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{16502623-B637-4599-97EB-F4DDB660CC3F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2FE88B94-7653-4A8C-A80E-5D0D2AFAC843}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D629300F-1E73-4A7D-B8F4-94081423FD50}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{6C6D67F9-F41A-4284-9BE6-DF1114BD82B3}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe] => (Allow) C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe
FirewallRules: [UDP Query User{FFBB263E-5538-420F-9E3B-4DFD4E6FDBF8}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe] => (Allow) C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe
FirewallRules: [{773254D9-B88E-4124-B043-447EE6D72160}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{84801607-D3FC-4518-A012-A57D7BC92457}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{ACD3322C-6980-4AEA-A4BA-B65319B359BA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{383B32C8-50B3-4629-BD02-3E660D165BA4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{B35A7BAD-2BC0-480D-8639-F7E2BF69632B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{1E6400E2-4124-463C-A00D-8B34F74630DA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{D635441F-43D1-4E65-8853-C7B2FB797885}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E477503F-9384-4284-B479-5DDFA40CAD0B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0309F7F8-47B8-4CDA-8DFA-8F54AE3BF301}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{60702680-F9CD-4C33-9C6A-4C036F357B6D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{BD92D373-07AC-434A-B8DB-8CE5C032E229}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{22673A36-7D74-4B77-89F7-F0B15B24D2DB}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{D8FD07BD-D33C-411F-B4E3-EA5D1A5A4783}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{8EA911CF-9187-4D91-8F86-E483298C5B34}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{8DCA107F-824E-463A-BF47-2A986E48D7C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{96503002-5B4E-4A87-AB61-8FECB579BC7F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4A97E76A-18A2-4FCD-9D1B-894A0F34B396}] => (Allow) C:\Users\Emilse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8AC63DE9-D28F-44AB-8D58-EED9E52E64C4}] => (Allow) C:\Users\Emilse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5B905A5F-2D5D-4A9E-B35D-0F947E1C7574}] => (Allow) C:\Users\Emilse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B3A01433-803A-4E01-AFE5-E11104650A22}] => (Allow) C:\Users\Emilse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E719E3DC-FC7B-44CE-B846-853BC4394510}] => (Allow) C:\Users\Emilse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C2D8AE0B-6E28-4429-B8CC-E3BEE82B9E0B}] => (Allow) C:\Users\Emilse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C932499F-62C1-45E2-9C84-1147F2AF97A4}] => (Allow) C:\Program Files (x86)\PlayBns.com\Blade and Soul\bin\Client.exe
FirewallRules: [{B961932E-B6F0-47B8-946A-9D1244C20178}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{9F0E3CE4-0B1B-47A6-9885-E4AA688AA1CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{3211331A-421C-4D7D-BCD4-C80B361BD79A}C:\users\emilse\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\emilse\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{2D404A79-F4E0-4F3D-9951-99F86BDBA1F3}C:\users\emilse\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\emilse\appdata\local\popcorn time\nw.exe
FirewallRules: [{3368A69F-D18B-4806-95B4-10D549A9A340}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2013 Multiplayer\hl2.exe
FirewallRules: [{16CCEBDA-8999-4B6E-AA47-19E44F2DB8AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2013 Multiplayer\hl2.exe
FirewallRules: [{C0838487-2C07-4762-8012-E24CECD0B8AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/14/2015 01:23:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa IMVUClient.exe, versión 522.0.0.0, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.
 
Identificador de proceso: 888
 
Hora de inicio: 01d1063778d462d6
 
Hora de finalización: 49
 
Ruta de acceso de la aplicación: C:\Users\Emilse\AppData\Roaming\IMVUClient\IMVUClient.exe
 
Identificador de informe: 5acecf7e-722b-11e5-bf7b-902b34b87d9d
 
Nombre completo de paquete con errores: 
 
Identificador de aplicación relativa del paquete con errores:
 
Error: (10/06/2015 11:17:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa League of Legends.exe, versión 5.19.0.295, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.
 
Identificador de proceso: 1458
 
Hora de inicio: 01d100a5faa57786
 
Hora de finalización: 4294967295
 
Ruta de acceso de la aplicación: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.107\deploy\League of Legends.exe
 
Identificador de informe: 8774df6b-6c99-11e5-bf79-902b34b87d9d
 
Nombre completo de paquete con errores: 
 
Identificador de aplicación relativa del paquete con errores:
 
Error: (10/01/2015 10:45:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamscheduler.exe, versión: 3.1.3.0, marca de tiempo: 0x55252bff
Nombre del módulo con errores: MSVCR100.dll, versión: 10.0.40219.325, marca de tiempo: 0x4df2be1e
Código de excepción: 0x40000015
Desplazamiento de errores: 0x0008d6fd
Identificador del proceso con errores: 0x850
Hora de inicio de la aplicación con errores: 0xmbamscheduler.exe0
Ruta de acceso de la aplicación con errores: mbamscheduler.exe1
Ruta de acceso del módulo con errores: mbamscheduler.exe2
Identificador del informe: mbamscheduler.exe3
Nombre completo del paquete con errores: mbamscheduler.exe4
Identificador de aplicación relativa del paquete con errores: mbamscheduler.exe5
 
Error: (09/28/2015 02:21:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Explorer.EXE, versión: 6.2.9200.16628, marca de tiempo: 0x51a94434
Nombre del módulo con errores: AltTab.dll, versión: 6.2.9200.16384, marca de tiempo: 0x501080a3
Código de excepción: 0xc0000094
Desplazamiento de errores: 0x0000000000005550
Identificador del proceso con errores: 0x908
Hora de inicio de la aplicación con errores: 0xExplorer.EXE0
Ruta de acceso de la aplicación con errores: Explorer.EXE1
Ruta de acceso del módulo con errores: Explorer.EXE2
Identificador del informe: Explorer.EXE3
Nombre completo del paquete con errores: Explorer.EXE4
Identificador de aplicación relativa del paquete con errores: Explorer.EXE5
 
Error: (09/20/2015 04:41:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FAMILIA)
Description: No se pudo activar la aplicación microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail debido al error: -2144927150. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.
 
Error: (09/14/2015 09:54:21 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: No se puede iniciar el servicio. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: La operación se completó correctamente
   --- Fin del seguimiento de la pila de la excepción interna ---
   en BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   en System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (09/09/2015 02:42:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa update.exe, versión 0.3.8.5, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.
 
Identificador de proceso: 13628
 
Hora de inicio: 01d0eac233d67489
 
Hora de finalización: 4294967295
 
Ruta de acceso de la aplicación: C:\Users\Emilse\AppData\Local\Temp\update.exe
 
Identificador de informe: 8b4ea404-56b5-11e5-bf74-902b34b87d9d
 
Nombre completo de paquete con errores: 
 
Identificador de aplicación relativa del paquete con errores:
 
Error: (09/09/2015 01:55:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: nw.exe, versión: 0.0.0.0, marca de tiempo: 0x553e9ced
Nombre del módulo con errores: nw.exe, versión: 0.0.0.0, marca de tiempo: 0x553e9ced
Código de excepción: 0xc000041d
Desplazamiento de errores: 0x00a9d55d
Identificador del proceso con errores: 0x94a4
Hora de inicio de la aplicación con errores: 0xnw.exe0
Ruta de acceso de la aplicación con errores: nw.exe1
Ruta de acceso del módulo con errores: nw.exe2
Identificador del informe: nw.exe3
Nombre completo del paquete con errores: nw.exe4
Identificador de aplicación relativa del paquete con errores: nw.exe5
 
Error: (09/03/2015 09:25:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: hl.exe, versión: 1.1.1.1, marca de tiempo: 0x3fd11900
Nombre del módulo con errores: serverbrowser.dll_unloaded, versión: 0.0.0.0, marca de tiempo: 0x42f19fab
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x1380e290
Identificador del proceso con errores: 0x11110
Hora de inicio de la aplicación con errores: 0xhl.exe0
Ruta de acceso de la aplicación con errores: hl.exe1
Ruta de acceso del módulo con errores: hl.exe2
Identificador del informe: hl.exe3
Nombre completo del paquete con errores: hl.exe4
Identificador de aplicación relativa del paquete con errores: hl.exe5
 
Error: (08/30/2015 05:30:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa csgo.exe, versión 0.0.0.0, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.
 
Identificador de proceso: 8ddc
 
Hora de inicio: 01d0e3619256a1a0
 
Hora de finalización: 4294967295
 
Ruta de acceso de la aplicación: C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
 
Identificador de informe: f32d1905-4f55-11e5-bf74-902b34b87d9d
 
Nombre completo de paquete con errores: 
 
Identificador de aplicación relativa del paquete con errores:
 
 
System errors:
=============
Error: (10/20/2015 01:40:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Hola Better Internet Updater terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.
 
Error: (10/19/2015 03:24:58 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053TrustedInstallerNo disponible{752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (10/19/2015 03:24:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Instalador de módulos de Windows no pudo iniciarse debido al siguiente error: 
%%1053
 
Error: (10/19/2015 03:24:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Instalador de módulos de Windows.
 
Error: (10/16/2015 01:58:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Hola Better Internet Engine se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (10/16/2015 01:58:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Hola Better Internet Updater terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.
 
Error: (10/16/2015 01:00:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Detección de servicios interactivos se cerró con el siguiente error: 
%%1
 
Error: (10/15/2015 02:19:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio mail update Service no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (10/15/2015 02:19:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio SpyHunter 4 Service no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (10/15/2015 02:19:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Virtualización de archivos UAC no pudo iniciarse debido al siguiente error: 
%%1275
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G640 @ 2.80GHz
Percentage of memory in use: 45%
Total physical RAM: 3981.94 MB
Available physical RAM: 2187.78 MB
Total Virtual: 5792.91 MB
Available Virtual: 3675.73 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:450.44 GB) (Free:114.05 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 913D1C65)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:12 AM

Posted 21 October 2015 - 02:42 AM

Step 1

Please uninstall a program:

  • Windows 8 w8.png: Hold down the Windows logo key and press X to open a menu at the lower-left area of the screen.
  • Select Programs and Features from the menu.
  • Search and select the following programs one by one and click on Uninstall:

    SpyHunter 4

  • Reboot your computer.

Step 2

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

tdss.gif


Edited by deeprybka, 21 October 2015 - 02:43 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Cute

Cute
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:12 PM

Posted 21 October 2015 - 10:58 AM

Hello again, thank you so much,

In step one i tried uninstalling Spyhunter 4 from there and there was only the installer, so i couldn't, seems like the program was already uninstalled and there was left some archives start menu archives so i deleted them and also the installer and after that i reboot as you said.

Here are the logs from TDSSKiller :
 

12:51:05.0700 0x0bcc  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
12:51:05.0700 0x0bcc  UEFI system
12:51:11.0706 0x0bcc  ============================================================
12:51:11.0706 0x0bcc  Current date / time: 2015/10/21 12:51:11.0706
12:51:11.0706 0x0bcc  SystemInfo:
12:51:11.0706 0x0bcc  
12:51:11.0706 0x0bcc  OS Version: 6.2.9200 ServicePack: 0.0
12:51:11.0706 0x0bcc  Product type: Workstation
12:51:11.0706 0x0bcc  ComputerName: FAMILIA
12:51:11.0706 0x0bcc  UserName: Emilse
12:51:11.0706 0x0bcc  Windows directory: C:\Windows
12:51:11.0706 0x0bcc  System windows directory: C:\Windows
12:51:11.0706 0x0bcc  Running under WOW64
12:51:11.0706 0x0bcc  Processor architecture: Intel x64
12:51:11.0706 0x0bcc  Number of processors: 2
12:51:11.0706 0x0bcc  Page size: 0x1000
12:51:11.0706 0x0bcc  Boot type: Normal boot
12:51:11.0706 0x0bcc  ============================================================
12:51:13.0125 0x0bcc  KLMD registered as C:\Windows\system32\drivers\97173693.sys
12:51:13.0953 0x0bcc  System UUID: {68B23E6B-11AB-F27F-596F-754EA9E5B22D}
12:51:14.0731 0x0bcc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:51:14.0776 0x0bcc  ============================================================
12:51:14.0776 0x0bcc  \Device\Harddisk0\DR0:
12:51:14.0777 0x0bcc  GPT partitions:
12:51:14.0789 0x0bcc  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {EA07874C-B318-4518-B237-292CB77185CA}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
12:51:14.0789 0x0bcc  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {ED652007-7783-48EE-B1BE-36ED010585BE}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x82000
12:51:14.0789 0x0bcc  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {44C0203D-39F3-45F4-8DA4-39F2D7AE6D73}, Name: Microsoft reserved partition, StartLBA 0x118800, BlocksNum 0x40000
12:51:14.0789 0x0bcc  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {E8DF80AB-2DF2-447B-9BB1-423C69EDDDBB}, Name: Basic data partition, StartLBA 0x158800, BlocksNum 0x384E1800
12:51:14.0789 0x0bcc  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {3905F414-FD39-499D-8EE7-36B835621305}, Name: Basic data partition, StartLBA 0x3863A000, BlocksNum 0x1D4C000
12:51:14.0789 0x0bcc  MBR partitions:
12:51:14.0789 0x0bcc  ============================================================
12:51:14.0919 0x0bcc  C: <-> \Device\Harddisk0\DR0\Partition4
12:51:14.0919 0x0bcc  ============================================================
12:51:14.0919 0x0bcc  Initialize success
12:51:14.0919 0x0bcc  ============================================================
12:52:07.0753 0x0ff0  ============================================================
12:52:07.0753 0x0ff0  Scan started
12:52:07.0753 0x0ff0  Mode: Manual; SigCheck; TDLFS; 
12:52:07.0754 0x0ff0  ============================================================
12:52:07.0754 0x0ff0  KSN ping started
12:52:10.0459 0x0ff0  KSN ping finished: true
12:52:11.0854 0x0ff0  ================ Scan system memory ========================
12:52:11.0854 0x0ff0  System memory - ok
12:52:11.0854 0x0ff0  ================ Scan services =============================
12:52:12.0707 0x0ff0  [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
12:52:12.0759 0x0ff0  1394ohci - ok
12:52:12.0792 0x0ff0  [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware           C:\Windows\system32\drivers\3ware.sys
12:52:12.0804 0x0ff0  3ware - ok
12:52:12.0903 0x0ff0  [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:52:12.0928 0x0ff0  ACPI - ok
12:52:12.0940 0x0ff0  [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
12:52:12.0949 0x0ff0  acpiex - ok
12:52:12.0966 0x0ff0  [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
12:52:12.0995 0x0ff0  acpipagr - ok
12:52:13.0012 0x0ff0  [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
12:52:13.0035 0x0ff0  AcpiPmi - ok
12:52:13.0053 0x0ff0  [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
12:52:13.0085 0x0ff0  acpitime - ok
12:52:13.0271 0x0ff0  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:52:13.0278 0x0ff0  AdobeARMservice - ok
12:52:13.0995 0x0ff0  [ 8C194A201698B4B4F77D974549819D1F, 081A2496FE1CE519E48677D99A831FF1FEEB1B33C75224CF288FA52F3E0E5FF0 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:52:14.0018 0x0ff0  AdobeFlashPlayerUpdateSvc - ok
12:52:14.0050 0x0ff0  [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:52:14.0072 0x0ff0  adp94xx - ok
12:52:14.0158 0x0ff0  [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:52:14.0176 0x0ff0  adpahci - ok
12:52:14.0197 0x0ff0  [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:52:14.0210 0x0ff0  adpu320 - ok
12:52:14.0247 0x0ff0  [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:52:14.0313 0x0ff0  AeLookupSvc - ok
12:52:14.0376 0x0ff0  [ 7C0E0EDF18D6CC565D7BFBB451709FA5, 47C21CD9D87B5C1B5EB14F6166B5E3349B1A6F10501E63CCED8D52A9FE22765D ] AFD             C:\Windows\system32\drivers\afd.sys
12:52:14.0411 0x0ff0  AFD - ok
12:52:14.0437 0x0ff0  [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:52:14.0446 0x0ff0  agp440 - ok
12:52:14.0471 0x0ff0  [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG             C:\Windows\System32\alg.exe
12:52:14.0501 0x0ff0  ALG - ok
12:52:14.0551 0x0ff0  [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
12:52:14.0579 0x0ff0  AllUserInstallAgent - ok
12:52:14.0608 0x0ff0  [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
12:52:14.0632 0x0ff0  AmdK8 - ok
12:52:14.0655 0x0ff0  [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
12:52:14.0680 0x0ff0  AmdPPM - ok
12:52:14.0696 0x0ff0  [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:52:14.0706 0x0ff0  amdsata - ok
12:52:14.0753 0x0ff0  [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:52:14.0768 0x0ff0  amdsbs - ok
12:52:14.0786 0x0ff0  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:52:14.0796 0x0ff0  amdxata - ok
12:52:14.0821 0x0ff0  [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID           C:\Windows\system32\drivers\appid.sys
12:52:14.0845 0x0ff0  AppID - ok
12:52:14.0875 0x0ff0  [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:52:14.0901 0x0ff0  AppIDSvc - ok
12:52:14.0949 0x0ff0  [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo         C:\Windows\System32\appinfo.dll
12:52:14.0972 0x0ff0  Appinfo - ok
12:52:14.0988 0x0ff0  [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc             C:\Windows\system32\drivers\arc.sys
12:52:14.0998 0x0ff0  arc - ok
12:52:15.0042 0x0ff0  [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:52:15.0052 0x0ff0  arcsas - ok
12:52:15.0096 0x0ff0  [ B5B4C90E9F52DA8586F1E5461AD90A5D, D1EAA34E6AEB014E942D22F8CB5FB19BF1E2EADE5B5357274C001F44FDC25F05 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
12:52:15.0107 0x0ff0  aswHwid - ok
12:52:15.0161 0x0ff0  [ 300CB8E510855189CAD0B72FFB5590CB, EB50DC553FA8FD9DE3F60AAFED20702EAFBB1498EBD3220A39CC52A12F694246 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
12:52:15.0170 0x0ff0  aswMonFlt - ok
12:52:15.0218 0x0ff0  [ 6D37D8DB30D086739507C5F6E542656A, 746D9E32E729138EA19062F4E6B6C98B6833504020A296E3E2A9CD92E0FED0B9 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
12:52:15.0226 0x0ff0  aswRdr - ok
12:52:15.0274 0x0ff0  [ 07E32DFCA422A2920482D762D01957EC, A6502D26266D708E55EB2883897673AD3087C41D9EA0B41CD6BF6BD923EBDCB8 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
12:52:15.0281 0x0ff0  aswRvrt - ok
12:52:15.0382 0x0ff0  [ 3B4AC2DBFC86F7247C1FF1FAF2860530, A54A693D01C02AAE2B78BFE9B3900B5A6DD0C2C37C8FA58B14B5F57107032FF5 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
12:52:15.0416 0x0ff0  aswSnx - ok
12:52:15.0515 0x0ff0  [ A04F190FCD762E7BCC9BFC70563C52DB, 2BF6823F2EADBDA28DF1CCECCAC84D9FF37D3CFB66A7B402575C6B9FCFB45EB3 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
12:52:15.0533 0x0ff0  aswSP - ok
12:52:15.0575 0x0ff0  [ 6E53278ECCFFBC2ACC2A5006745ED4BB, 392170073A8933DB43CD1D64AD087F972F1971BF83BCAFE5B8FA1273C02026CE ] aswStm          C:\Windows\system32\drivers\aswStm.sys
12:52:15.0585 0x0ff0  aswStm - ok
12:52:15.0604 0x0ff0  [ 91782404718C6352C26B3242BAC3F0F1, 84B1CDD1EBC83FAEBDCC8F67B13CA405C6CF0C518FC016603889EBE48FC91AB9 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
12:52:15.0617 0x0ff0  aswVmm - ok
12:52:15.0638 0x0ff0  [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:52:15.0668 0x0ff0  AsyncMac - ok
12:52:15.0681 0x0ff0  [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:52:15.0689 0x0ff0  atapi - ok
12:52:15.0760 0x0ff0  [ BCD7A47EF587DC00DD61D12D9C2D1E44, 95BC9AC8BA8A86DB5C7A6317002BD9872F193B401A0C58DF252DCF3D4A7541E2 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
12:52:15.0795 0x0ff0  AudioEndpointBuilder - ok
12:52:15.0929 0x0ff0  [ 599B3F685A263A114FFAF3BE29C49C75, 579E9561BA8537888E061E303F3F89E2E6F8B8DED74369C3767DB10B35CD45E8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:52:15.0968 0x0ff0  Audiosrv - ok
12:52:16.0143 0x0ff0  [ 54236E79A44F909612391C8A2D70D512, B0DF5BCC4F90AF087D0306F8D81F90B2CAE0176813E3AA6A7D5460F7878677CD ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:52:16.0158 0x0ff0  avast! Antivirus - ok
12:52:16.0180 0x0ff0  [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:52:16.0204 0x0ff0  AxInstSV - ok
12:52:16.0241 0x0ff0  [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:52:16.0270 0x0ff0  b06bdrv - ok
12:52:16.0294 0x0ff0  [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
12:52:16.0316 0x0ff0  BasicDisplay - ok
12:52:16.0337 0x0ff0  [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
12:52:16.0359 0x0ff0  BasicRender - ok
12:52:16.0384 0x0ff0  [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC          C:\Windows\System32\bdesvc.dll
12:52:16.0410 0x0ff0  BDESVC - ok
12:52:16.0427 0x0ff0  [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep            C:\Windows\system32\drivers\Beep.sys
12:52:16.0445 0x0ff0  Beep - ok
12:52:16.0627 0x0ff0  [ 53AA55632B94622F2DC3695E86EF9363, 9B5BB8EDA48A37AE97BCD42D83B25A6D10AA6231EABE745DCCE6D60E19094A6F ] BFE             C:\Windows\System32\bfe.dll
12:52:16.0654 0x0ff0  BFE - ok
12:52:16.0706 0x0ff0  [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS            C:\Windows\System32\qmgr.dll
12:52:16.0901 0x0ff0  BITS - ok
12:52:16.0927 0x0ff0  [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:52:16.0938 0x0ff0  bowser - ok
12:52:16.0950 0x0ff0  [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
12:52:16.0980 0x0ff0  BrokerInfrastructure - ok
12:52:17.0010 0x0ff0  [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser         C:\Windows\System32\browser.dll
12:52:17.0045 0x0ff0  Browser - ok
12:52:17.0086 0x0ff0  [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
12:52:17.0110 0x0ff0  BthAvrcpTg - ok
12:52:17.0127 0x0ff0  [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
12:52:17.0163 0x0ff0  BthHFEnum - ok
12:52:17.0189 0x0ff0  [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
12:52:17.0214 0x0ff0  bthhfhid - ok
12:52:17.0248 0x0ff0  [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
12:52:17.0283 0x0ff0  BTHMODEM - ok
12:52:17.0302 0x0ff0  [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv         C:\Windows\system32\bthserv.dll
12:52:17.0313 0x0ff0  bthserv - ok
12:52:17.0668 0x0ff0  [ 68BD23A0AD9E934F037A1D8A1929D1E2, 7104B04435930D085D01779065C8F293A265800D90C9DEFB19C998D9326E44E7 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
12:52:17.0771 0x0ff0  c2cautoupdatesvc - ok
12:52:18.0151 0x0ff0  [ 13297729C696656F990A5DBA53023129, EB2B34B04B79756199DBBBDE99ACBB576D20C7C0AF3E4F3C0CF0040948216AAC ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
12:52:18.0203 0x0ff0  c2cpnrsvc - ok
12:52:18.0249 0x0ff0  [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:52:18.0260 0x0ff0  cdfs - ok
12:52:18.0292 0x0ff0  [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom           C:\Windows\System32\drivers\cdrom.sys
12:52:18.0317 0x0ff0  cdrom - ok
12:52:18.0343 0x0ff0  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:52:18.0373 0x0ff0  CertPropSvc - ok
12:52:18.0938 0x0ff0  [ 213B6EC3DE19E35373A1906397588429, C72B74D4840946DC6952B9F6C4A568DA702DD2D6E211AA5BB7F82EF481F449C6 ] CGVPNCliSrvc    C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
12:52:19.0006 0x0ff0  CGVPNCliSrvc - ok
12:52:19.0044 0x0ff0  [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass        C:\Windows\System32\drivers\circlass.sys
12:52:19.0082 0x0ff0  circlass - ok
12:52:19.0105 0x0ff0  [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS            C:\Windows\system32\drivers\CLFS.sys
12:52:19.0123 0x0ff0  CLFS - ok
12:52:19.0757 0x0ff0  [ 55C892763A614BA39BA956A0323C65F3, 3A4FFB6140D8390CBA67ADEB459C71B0B6B5720D17E30E2677CC9AB603D43016 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
12:52:19.0851 0x0ff0  ClickToRunSvc - ok
12:52:19.0910 0x0ff0  [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
12:52:19.0929 0x0ff0  CmBatt - ok
12:52:19.0957 0x0ff0  [ E708BFF0473EC6B271EA46B65B16CA56, 2B4C661F7C5A4395CA4204122A1C3C8AA766B56C3D01CD8BAAFA18F71FC7B591 ] CNG             C:\Windows\system32\Drivers\cng.sys
12:52:19.0986 0x0ff0  CNG - ok
12:52:19.0997 0x0ff0  [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
12:52:20.0038 0x0ff0  CompositeBus - ok
12:52:20.0044 0x0ff0  COMSysApp - ok
12:52:20.0053 0x0ff0  [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv          C:\Windows\system32\drivers\condrv.sys
12:52:20.0087 0x0ff0  condrv - ok
12:52:20.0277 0x0ff0  [ 5157B572C4F787F38258455CF45D3ADD, 4970B65255006190B72891D8D86297B40DC9A5B3DBE6788623A7892BBBC00B1E ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
12:52:20.0727 0x0ff0  cphs - ok
12:52:20.0795 0x0ff0  [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:52:20.0900 0x0ff0  CryptSvc - ok
12:52:20.0961 0x0ff0  [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam             C:\Windows\system32\drivers\dam.sys
12:52:20.0970 0x0ff0  dam - ok
12:52:21.0361 0x0ff0  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:52:21.0434 0x0ff0  DcomLaunch - ok
12:52:21.0602 0x0ff0  [ C8650D1F61149AA546BDBC99172EBBC1, D9592ED1B6F23B6EC76A0B93635B6E38702311B0A6982F0F9DEC37FCDAF1288B ] defragsvc       C:\Windows\System32\defragsvc.dll
12:52:21.0666 0x0ff0  defragsvc - ok
12:52:21.0833 0x0ff0  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\Windows\system32\das.dll
12:52:21.0897 0x0ff0  DeviceAssociationService - ok
12:52:21.0988 0x0ff0  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
12:52:22.0095 0x0ff0  DeviceInstall - ok
12:52:22.0189 0x0ff0  [ 09D9EB9E7898F8E6561473A20CC808B9, 0F511593D36084843E5138AF6D55FE08D77803968AE12A236A02368DB364347E ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
12:52:22.0279 0x0ff0  Dfsc - ok
12:52:22.0349 0x0ff0  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
12:52:22.0475 0x0ff0  dg_ssudbus - ok
12:52:22.0676 0x0ff0  [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:52:22.0734 0x0ff0  Dhcp - ok
12:52:22.0780 0x0ff0  [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache        C:\Windows\system32\drivers\discache.sys
12:52:22.0796 0x0ff0  discache - ok
12:52:22.0845 0x0ff0  [ AE3786294CC246A5403783E1B86A0168, 29A7B4B490CBB16DAEF5D67D0A58A2577CF3FEE8F889484DB867F6913D9D2A28 ] disk            C:\Windows\system32\drivers\disk.sys
12:52:22.0856 0x0ff0  disk - ok
12:52:22.0909 0x0ff0  [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
12:52:22.0946 0x0ff0  dmvsc - ok
12:52:23.0075 0x0ff0  [ 066B9710B36AB550E01EEFCA52155968, DCA9F3F4856A6866D3F5A2EEE34E96A83F40198DB0B5AC6381A7568DE1F56FAB ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:52:23.0092 0x0ff0  Dnscache - ok
12:52:23.0211 0x0ff0  [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc         C:\Windows\System32\dot3svc.dll
12:52:23.0258 0x0ff0  dot3svc - ok
12:52:23.0379 0x0ff0  [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS             C:\Windows\system32\dps.dll
12:52:23.0426 0x0ff0  DPS - ok
12:52:23.0484 0x0ff0  [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:52:23.0537 0x0ff0  drmkaud - ok
12:52:23.0600 0x0ff0  [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
12:52:23.0715 0x0ff0  DsmSvc - ok
12:52:24.0035 0x0ff0  [ E6AF4DF1817953D73C519B17CF849756, 26A90EB368A3F572086F223ABED87B8FC6F998AE401C9E52BEB5EE76AB052702 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:52:24.0113 0x0ff0  DXGKrnl - ok
12:52:24.0118 0x0ff0  EagleX64 - ok
12:52:24.0174 0x0ff0  [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost         C:\Windows\System32\eapsvc.dll
12:52:24.0213 0x0ff0  Eaphost - ok
12:52:24.0404 0x0ff0  [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:52:24.0524 0x0ff0  ebdrv - ok
12:52:24.0917 0x0ff0  [ 47A68B3DBBB34D4FE61DE221A8536627, BC61CE4BD4F3A12C75BA6EB9D239F24CD3F54495DE9D6C901F4DAF5D92E8366B ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:52:24.0935 0x0ff0  eeCtrl - ok
12:52:24.0958 0x0ff0  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] EFS             C:\Windows\System32\lsass.exe
12:52:24.0987 0x0ff0  EFS - ok
12:52:25.0011 0x0ff0  [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
12:52:25.0021 0x0ff0  EhStorClass - ok
12:52:25.0036 0x0ff0  [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
12:52:25.0048 0x0ff0  EhStorTcgDrv - ok
12:52:25.0074 0x0ff0  [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev          C:\Windows\System32\drivers\errdev.sys
12:52:25.0100 0x0ff0  ErrDev - ok
12:52:25.0135 0x0ff0  [ 3B32CAA07D672F8A2E0DF5CB3A873F45, 09687E30FA5779C3593769D66CAEBED95C932746EDD6E83DABE3DCFD126AB5EC ] EsgScanner      C:\Windows\system32\DRIVERS\EsgScanner.sys
12:52:25.0142 0x0ff0  EsgScanner - ok
12:52:25.0186 0x0ff0  [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem     C:\Windows\system32\es.dll
12:52:25.0235 0x0ff0  EventSystem - ok
12:52:25.0256 0x0ff0  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat           C:\Windows\system32\drivers\exfat.sys
12:52:25.0315 0x0ff0  exfat - ok
12:52:25.0397 0x0ff0  FairplayKD - ok
12:52:25.0461 0x0ff0  [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:52:25.0475 0x0ff0  fastfat - ok
12:52:25.0511 0x0ff0  [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax             C:\Windows\system32\fxssvc.exe
12:52:25.0567 0x0ff0  Fax - ok
12:52:25.0582 0x0ff0  [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc             C:\Windows\System32\drivers\fdc.sys
12:52:25.0609 0x0ff0  fdc - ok
12:52:25.0628 0x0ff0  [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:52:25.0654 0x0ff0  fdPHost - ok
12:52:25.0675 0x0ff0  [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:52:25.0692 0x0ff0  FDResPub - ok
12:52:25.0769 0x0ff0  [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc           C:\Windows\system32\fhsvc.dll
12:52:25.0782 0x0ff0  fhsvc - ok
12:52:25.0817 0x0ff0  [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:52:25.0827 0x0ff0  FileInfo - ok
12:52:25.0841 0x0ff0  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:52:25.0866 0x0ff0  Filetrace - ok
12:52:25.0885 0x0ff0  [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
12:52:25.0896 0x0ff0  flpydisk - ok
12:52:25.0919 0x0ff0  [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:52:25.0938 0x0ff0  FltMgr - ok
12:52:26.0051 0x0ff0  [ 0BCDC0FF11B984162B0CF0FF6E9E0146, D44A3CECBA36B7A64854E244FA6B5E65047896BF9983D20B431410FBBA36697A ] FontCache       C:\Windows\system32\FntCache.dll
12:52:26.0116 0x0ff0  FontCache - ok
12:52:26.0291 0x0ff0  [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:52:26.0300 0x0ff0  FontCache3.0.0.0 - ok
12:52:26.0330 0x0ff0  [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:52:26.0339 0x0ff0  FsDepends - ok
12:52:26.0350 0x0ff0  [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:52:26.0359 0x0ff0  Fs_Rec - ok
12:52:26.0584 0x0ff0  [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:52:26.0605 0x0ff0  fvevol - ok
12:52:26.0637 0x0ff0  [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
12:52:26.0645 0x0ff0  FxPPM - ok
12:52:26.0656 0x0ff0  [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:52:26.0666 0x0ff0  gagp30kx - ok
12:52:26.0686 0x0ff0  [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
12:52:26.0713 0x0ff0  gencounter - ok
12:52:26.0757 0x0ff0  [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
12:52:26.0770 0x0ff0  GPIOClx0101 - ok
12:52:26.0900 0x0ff0  [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:52:26.0973 0x0ff0  gpsvc - ok
12:52:27.0091 0x0ff0  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:52:27.0098 0x0ff0  gupdate - ok
12:52:27.0105 0x0ff0  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:52:27.0113 0x0ff0  gupdatem - ok
12:52:27.0178 0x0ff0  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:52:27.0187 0x0ff0  gusvc - ok
12:52:27.0236 0x0ff0  [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:52:27.0252 0x0ff0  HdAudAddService - ok
12:52:27.0277 0x0ff0  [ 7D87B5B6C7188D553E11B59DC7F0B111, FC633DB71E1D72E8AD8F89BBB54324CC6ED17F5594EF55DD0BDB58EE1F601FF5 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
12:52:27.0301 0x0ff0  HDAudBus - ok
12:52:27.0320 0x0ff0  [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
12:52:27.0343 0x0ff0  HidBatt - ok
12:52:27.0378 0x0ff0  [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth          C:\Windows\System32\drivers\hidbth.sys
12:52:27.0398 0x0ff0  HidBth - ok
12:52:27.0420 0x0ff0  [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
12:52:27.0442 0x0ff0  hidi2c - ok
12:52:27.0446 0x0ff0  [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr           C:\Windows\System32\drivers\hidir.sys
12:52:27.0466 0x0ff0  HidIr - ok
12:52:27.0499 0x0ff0  [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv         C:\Windows\system32\hidserv.dll
12:52:27.0527 0x0ff0  hidserv - ok
12:52:27.0567 0x0ff0  [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
12:52:27.0595 0x0ff0  HidUsb - ok
12:52:27.0674 0x0ff0  [ DFD1D30D8B68D883B5858748F7E35AD2, 051C9940054558DCB96746C0425A52F5294194163946B4A2A9CAEA64CFA855A1 ] HiPatchService  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
12:52:27.0708 0x0ff0  HiPatchService - detected UnsignedFile.Multi.Generic ( 1 )
12:52:30.0567 0x0ff0  Detect skipped due to KSN trusted
12:52:30.0567 0x0ff0  HiPatchService - ok
12:52:30.0622 0x0ff0  [ FCE2251FE4464DCAA2F4684F19A8EE9B, 8062CD636DEFA8E160427BC2C61BC5C0DAA5396E16ABE9353B27C217FDE70B04 ] hitmanpro37     C:\Windows\system32\drivers\hitmanpro37.sys
12:52:30.0629 0x0ff0  hitmanpro37 - ok
12:52:30.0658 0x0ff0  [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:52:31.0259 0x0ff0  hkmsvc - ok
12:52:31.0935 0x0ff0  [ 3B844EB27E676DA28745FD969EDE0AE0, 733EE02EC5D4FA93B2A1D4AA9122124A1DE23682ACC2D9F8FFC7F0C7E69F53EB ] hola_svc        C:\Program Files\Hola\app\hola_svc.exe
12:52:32.0180 0x0ff0  hola_svc - ok
12:52:32.0732 0x0ff0  [ 3B844EB27E676DA28745FD969EDE0AE0, 733EE02EC5D4FA93B2A1D4AA9122124A1DE23682ACC2D9F8FFC7F0C7E69F53EB ] hola_updater    C:\Program Files\Hola\app\hola_updater.exe
12:52:32.0975 0x0ff0  hola_updater - ok
12:52:33.0034 0x0ff0  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:52:33.0066 0x0ff0  HomeGroupListener - ok
12:52:33.0101 0x0ff0  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:52:33.0138 0x0ff0  HomeGroupProvider - ok
12:52:33.0166 0x0ff0  [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:52:33.0189 0x0ff0  HpSAMD - ok
12:52:33.0248 0x0ff0  [ 26B05FFD8FB5E70EB501A610E3425341, 4A5C76AF7B5027B378FF13D21729A5B66B648BEF215DAA976981D9032667A3CE ] HssDRV6         C:\Windows\system32\DRIVERS\hssdrv6.sys
12:52:33.0255 0x0ff0  HssDRV6 - ok
12:52:33.0409 0x0ff0  [ F4A91D985EB9D1D2717D538F3424603C, 454AD2FF3A7963B9835AEF300F6672F92D0CCF59593BA2CCC83F0EC1446BB659 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:52:33.0464 0x0ff0  HTTP - ok
12:52:33.0500 0x0ff0  [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:52:33.0508 0x0ff0  hwpolicy - ok
12:52:33.0530 0x0ff0  [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
12:52:33.0562 0x0ff0  hyperkbd - ok
12:52:33.0580 0x0ff0  [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
12:52:33.0599 0x0ff0  HyperVideo - ok
12:52:33.0616 0x0ff0  [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
12:52:33.0628 0x0ff0  i8042prt - ok
12:52:33.0669 0x0ff0  [ 6C024B3AE192D72B216166802AF345DD, 67AEDBEF4A1C1EE1DA9B684BDEB3DB07715E12B766AA72B6684CC6C583A8DCC5 ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
12:52:33.0688 0x0ff0  iaStorA - ok
12:52:33.0788 0x0ff0  [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:52:33.0810 0x0ff0  iaStorV - ok
12:52:33.0892 0x0ff0  [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS            C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
12:52:33.0900 0x0ff0  ICCS - ok
12:52:34.0339 0x0ff0  [ 79DB4631AA247E791C7F0F085822B6C3, F4F6B7221987E9CC6F1FDA7FF47BD95916866334963CE5DE836493A3A5717451 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
12:52:34.0528 0x0ff0  igfx - ok
12:52:34.0572 0x0ff0  [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:52:34.0580 0x0ff0  iirsp - ok
12:52:34.0712 0x0ff0  [ E455C83E029121270BED73CDAC381F37, 433D525C19DBF26FAC28853C606C872D973104842B0EF1B2BF2EAC85457E2953 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:52:34.0789 0x0ff0  IKEEXT - ok
12:52:35.0086 0x0ff0  [ C2F868881D48A568B525255F084EF063, EFB1704AE223CF886EDA5F1411C8178EDE4B5E1F7EE373E3DA89A6EA1A57D91D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:52:35.0245 0x0ff0  IntcAzAudAddService - ok
12:52:35.0366 0x0ff0  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
12:52:35.0386 0x0ff0  Intel® Capability Licensing Service Interface - ok
12:52:35.0421 0x0ff0  [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:52:35.0429 0x0ff0  intelide - ok
12:52:35.0448 0x0ff0  [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
12:52:35.0471 0x0ff0  intelppm - ok
12:52:35.0495 0x0ff0  [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:52:35.0520 0x0ff0  IpFilterDriver - ok
12:52:35.0646 0x0ff0  [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:52:35.0713 0x0ff0  iphlpsvc - ok
12:52:35.0731 0x0ff0  [ 6E98A046A12AA113F8898AA5D612BD6E, 28816CC1F03F2BFBF099C087C0BB6949E959F44C888DD2D0528FF7ED5D665ECF ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
12:52:35.0754 0x0ff0  IPMIDRV - ok
12:52:35.0774 0x0ff0  [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:52:35.0798 0x0ff0  IPNAT - ok
12:52:35.0812 0x0ff0  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:52:35.0822 0x0ff0  IRENUM - ok
12:52:35.0830 0x0ff0  [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:52:35.0839 0x0ff0  isapnp - ok
12:52:35.0872 0x0ff0  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF, 8FFF92828C3DC20F0F42C42E58A03B59A4E0187963F728DC618C9595FB2D0239 ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
12:52:35.0888 0x0ff0  iScsiPrt - ok
12:52:36.0045 0x0ff0  [ 78ABBE558F57144047F10A0F50FE4B2F, 6BE608F7697D83FD6C7E6EA422AC5637933BDC96B1044C12DE9A419CE7D6F6CE ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
12:52:36.0054 0x0ff0  jhi_service - ok
12:52:36.0064 0x0ff0  [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
12:52:36.0073 0x0ff0  kbdclass - ok
12:52:36.0087 0x0ff0  [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
12:52:36.0111 0x0ff0  kbdhid - ok
12:52:36.0135 0x0ff0  [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
12:52:36.0153 0x0ff0  kdnic - ok
12:52:36.0173 0x0ff0  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] KeyIso          C:\Windows\system32\lsass.exe
12:52:36.0184 0x0ff0  KeyIso - ok
12:52:36.0197 0x0ff0  [ DFA480F6DED551464F3A5B959F437800, C07AB6F28A09FCBE11EECAD03B06CEAE1016EC24031FCA0C092639E90FBA84CF ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:52:36.0208 0x0ff0  KSecDD - ok
12:52:36.0232 0x0ff0  [ 127FB0AAD232BAAD2C9BBACD374F4FC5, 3BC56F6B4374062C96149D69ACE053DF81A278F0361599F5A2F3DB1F76F0AD68 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:52:36.0244 0x0ff0  KSecPkg - ok
12:52:36.0280 0x0ff0  [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:52:36.0369 0x0ff0  ksthunk - ok
12:52:36.0403 0x0ff0  [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:52:36.0468 0x0ff0  KtmRm - ok
12:52:36.0502 0x0ff0  [ 256EE31588257E8A555DBFAA13F1908E, B6817F632EDEA483E35BF26846DCDD4E95E860620959179B2A5D8AD7EEDDB126 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:52:36.0531 0x0ff0  LanmanServer - ok
12:52:36.0561 0x0ff0  [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:52:36.0590 0x0ff0  LanmanWorkstation - ok
12:52:36.0619 0x0ff0  [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:52:36.0643 0x0ff0  lltdio - ok
12:52:36.0676 0x0ff0  [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:52:36.0708 0x0ff0  lltdsvc - ok
12:52:36.0726 0x0ff0  [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:52:36.0748 0x0ff0  lmhosts - ok
12:52:36.0778 0x0ff0  [ 2C24DC448DBE8DB9BE1441B824C57E79, DA2257EEC964A47D03C2BB13317FD788E51D4685E2395B303ED7B2575FEF3B19 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:52:36.0789 0x0ff0  LMS - ok
12:52:36.0816 0x0ff0  [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:52:36.0845 0x0ff0  LSI_SAS - ok
12:52:36.0861 0x0ff0  [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:52:36.0873 0x0ff0  LSI_SAS2 - ok
12:52:36.0889 0x0ff0  [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:52:36.0900 0x0ff0  LSI_SCSI - ok
12:52:36.0912 0x0ff0  [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
12:52:36.0922 0x0ff0  LSI_SSS - ok
12:52:36.0975 0x0ff0  [ A57BA284F5996FFD32DCDBC41A4657DB, 2106B83873A824BC83EF42FAC9DD9A0F741209535A84AE65EA8E786519920043 ] LSM             C:\Windows\System32\lsm.dll
12:52:37.0007 0x0ff0  LSM - ok
12:52:37.0025 0x0ff0  [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:52:37.0053 0x0ff0  luafv - ok
12:52:37.0055 0x0ff0  mailUpdate - ok
12:52:37.0096 0x0ff0  [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:52:37.0102 0x0ff0  MBAMProtector - ok
12:52:37.0358 0x0ff0  [ 301E3FDFCF33640BB8763BA444BC5093, 362B069BB9A313A06B376CE27E6F7F8D569F6CA39A8ABC96D9DF231EE462C604 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
12:52:37.0409 0x0ff0  MBAMScheduler - ok
12:52:37.0519 0x0ff0  [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
12:52:37.0555 0x0ff0  MBAMService - ok
12:52:37.0605 0x0ff0  [ 85CFE7AB85B43B6B7AC7961AA3983A9F, 4E88B75818FD00C0ABBDF8E02EBFB550A67B46E5E13D3B3DF52611793F7DA0DD ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
12:52:37.0611 0x0ff0  MBAMWebAccessControl - ok
12:52:37.0639 0x0ff0  [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:52:37.0649 0x0ff0  megasas - ok
12:52:37.0673 0x0ff0  [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:52:37.0690 0x0ff0  MegaSR - ok
12:52:37.0707 0x0ff0  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
12:52:37.0714 0x0ff0  MEIx64 - ok
12:52:37.0740 0x0ff0  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS           C:\Windows\system32\mmcss.dll
12:52:37.0752 0x0ff0  MMCSS - ok
12:52:37.0756 0x0ff0  [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem           C:\Windows\system32\drivers\modem.sys
12:52:37.0779 0x0ff0  Modem - ok
12:52:37.0821 0x0ff0  [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor         C:\Windows\System32\drivers\monitor.sys
12:52:37.0843 0x0ff0  monitor - ok
12:52:37.0858 0x0ff0  [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
12:52:37.0867 0x0ff0  mouclass - ok
12:52:37.0917 0x0ff0  [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid          C:\Windows\System32\drivers\mouhid.sys
12:52:37.0940 0x0ff0  mouhid - ok
12:52:37.0959 0x0ff0  [ 89D263DBF08119CE16273991C120D6DD, 9771EDAD266F0E234E71DFB6792F396710E051F2ADCA5CDADEBBD2790D0E6054 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:52:37.0978 0x0ff0  mountmgr - ok
12:52:38.0037 0x0ff0  [ 81E8AF6407EC3F41908FE37F054353EA, 756C7656ED68AEAE4225E952ED1CED0717264D3378DB8DF0B2D70B6EBC67C62F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:52:38.0047 0x0ff0  MozillaMaintenance - ok
12:52:38.0072 0x0ff0  [ 4CCBBD4944777CA100B9A6C2F149A46F, 7FC172FAF8266BFBBBBAD94FD67EA3C1872F5927DC3900A9A54DB2DFE34E7415 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:52:38.0101 0x0ff0  mpsdrv - ok
12:52:38.0184 0x0ff0  [ 9DE3341BD4E14BC5FADFCAD3019F2D0D, 37E0531EADABC6D4BCC496826651D4D14CF0D10156FF13C11BDE466084B44FF4 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:52:38.0230 0x0ff0  MpsSvc - ok
12:52:38.0250 0x0ff0  [ 3D70147F55F1EC84EB9139ED7FFE48BC, 12429C2FDDDA13815F0E18F9009011AA5360955759A23A38175543F480CB92EF ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:52:38.0274 0x0ff0  MRxDAV - ok
12:52:38.0339 0x0ff0  [ 93179D48066918323628CB016D8C94DC, FE110BF7A10EDD1DF7F6B933D373FCA51F37413282EBC4187E7C9B1965186BCC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:52:38.0367 0x0ff0  mrxsmb - ok
12:52:38.0396 0x0ff0  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:52:38.0412 0x0ff0  mrxsmb10 - ok
12:52:38.0454 0x0ff0  [ 5C7DD2E5759FFCCD2C7341C1B90F2B26, 9822FA53E6067C0E39B7A3A3F1E88719D5D8B055D86FF894F0475B158289EA45 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:52:38.0468 0x0ff0  mrxsmb20 - ok
12:52:38.0489 0x0ff0  [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
12:52:38.0543 0x0ff0  MsBridge - ok
12:52:38.0572 0x0ff0  [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC           C:\Windows\System32\msdtc.exe
12:52:38.0601 0x0ff0  MSDTC - ok
12:52:38.0619 0x0ff0  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:52:38.0640 0x0ff0  Msfs - ok
12:52:38.0681 0x0ff0  [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
12:52:38.0690 0x0ff0  msgpiowin32 - ok
12:52:38.0702 0x0ff0  [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:52:38.0728 0x0ff0  mshidkmdf - ok
12:52:38.0731 0x0ff0  [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
12:52:38.0746 0x0ff0  mshidumdf - ok
12:52:38.0761 0x0ff0  [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:52:38.0768 0x0ff0  msisadrv - ok
12:52:38.0798 0x0ff0  [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:52:38.0833 0x0ff0  MSiSCSI - ok
12:52:38.0838 0x0ff0  msiserver - ok
12:52:38.0854 0x0ff0  [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:52:38.0872 0x0ff0  MSKSSRV - ok
12:52:38.0893 0x0ff0  [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
12:52:38.0920 0x0ff0  MsLldp - ok
12:52:38.0939 0x0ff0  [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:52:38.0948 0x0ff0  MSPCLOCK - ok
12:52:38.0961 0x0ff0  [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:52:38.0983 0x0ff0  MSPQM - ok
12:52:39.0012 0x0ff0  [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:52:39.0031 0x0ff0  MsRPC - ok
12:52:39.0043 0x0ff0  [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
12:52:39.0051 0x0ff0  mssmbios - ok
12:52:39.0064 0x0ff0  [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:52:39.0085 0x0ff0  MSTEE - ok
12:52:39.0104 0x0ff0  [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
12:52:39.0113 0x0ff0  MTConfig - ok
12:52:39.0129 0x0ff0  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup             C:\Windows\system32\Drivers\mup.sys
12:52:39.0139 0x0ff0  Mup - ok
12:52:39.0149 0x0ff0  [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
12:52:39.0159 0x0ff0  mvumis - ok
12:52:39.0209 0x0ff0  [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent        C:\Windows\system32\qagentRT.dll
12:52:39.0248 0x0ff0  napagent - ok
12:52:39.0279 0x0ff0  [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:52:39.0299 0x0ff0  NativeWifiP - ok
12:52:39.0331 0x0ff0  [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc          C:\Windows\System32\ncasvc.dll
12:52:39.0358 0x0ff0  NcaSvc - ok
12:52:39.0380 0x0ff0  [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
12:52:39.0393 0x0ff0  NcdAutoSetup - ok
12:52:39.0490 0x0ff0  [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:52:39.0528 0x0ff0  NDIS - ok
12:52:39.0547 0x0ff0  [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:52:39.0569 0x0ff0  NdisCap - ok
12:52:39.0590 0x0ff0  [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
12:52:39.0615 0x0ff0  NdisImPlatform - ok
12:52:39.0631 0x0ff0  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:52:39.0640 0x0ff0  NdisTapi - ok
12:52:39.0653 0x0ff0  [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:52:39.0678 0x0ff0  Ndisuio - ok
12:52:39.0699 0x0ff0  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:52:39.0726 0x0ff0  NdisWan - ok
12:52:39.0741 0x0ff0  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
12:52:39.0756 0x0ff0  NDISWANLEGACY - ok
12:52:39.0812 0x0ff0  [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:52:39.0844 0x0ff0  NDProxy - ok
12:52:39.0860 0x0ff0  [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu             C:\Windows\system32\drivers\Ndu.sys
12:52:39.0872 0x0ff0  Ndu - ok
12:52:39.0881 0x0ff0  [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:52:39.0909 0x0ff0  NetBIOS - ok
12:52:39.0931 0x0ff0  [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:52:39.0964 0x0ff0  NetBT - ok
12:52:39.0969 0x0ff0  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] Netlogon        C:\Windows\system32\lsass.exe
12:52:39.0980 0x0ff0  Netlogon - ok
12:52:40.0043 0x0ff0  [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman          C:\Windows\System32\netman.dll
12:52:40.0074 0x0ff0  Netman - ok
12:52:40.0142 0x0ff0  [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm        C:\Windows\System32\netprofmsvc.dll
12:52:40.0180 0x0ff0  netprofm - ok
12:52:40.0237 0x0ff0  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:52:40.0276 0x0ff0  NetTcpPortSharing - ok
12:52:41.0520 0x0ff0  [ 57B9C04D673F236D41FAB03842C8640B, 898DCBBBF94875059CD328B0FC75BE36A4E3DD471C6E28BFAE064BCF84349518 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
12:52:41.0796 0x0ff0  NETwNs64 - ok
12:52:41.0832 0x0ff0  [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:52:41.0841 0x0ff0  nfrd960 - ok
12:52:41.0878 0x0ff0  [ 80ABCD4C2DE9FD832477303AE0CA3BE5, 98F3958E650CEB1006D92980503E1B176D2CA55D2A6742C1C27CDE829D137DA9 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:52:41.0913 0x0ff0  NlaSvc - ok
12:52:42.0010 0x0ff0  [ B1EF4686961986DFFB7FE8F18E6FCB5B, 562F144DAA8C2D6E4D55C7ABEF1DB52FC67F1A09E03CD700E27DFC3A4920E271 ] nlsX86cc        C:\Windows\SysWOW64\nlssrv32.exe
12:52:42.0067 0x0ff0  nlsX86cc - detected UnsignedFile.Multi.Generic ( 1 )
12:52:45.0123 0x0ff0  Detect skipped due to KSN trusted
12:52:45.0123 0x0ff0  nlsX86cc - ok
12:52:45.0151 0x0ff0  [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:52:45.0174 0x0ff0  Npfs - ok
12:52:45.0179 0x0ff0  npggsvc - ok
12:52:45.0207 0x0ff0  [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
12:52:45.0236 0x0ff0  npsvctrig - ok
12:52:45.0256 0x0ff0  [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi             C:\Windows\system32\nsisvc.dll
12:52:45.0278 0x0ff0  nsi - ok
12:52:45.0295 0x0ff0  [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:52:45.0321 0x0ff0  nsiproxy - ok
12:52:45.0494 0x0ff0  [ 76929F4A69E425911A63B407E26C2589, 17896DB6EDEF2637D159432DB61E8B5FA2F4F54B5F50BCD6215827C321ED2C2A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:52:45.0560 0x0ff0  Ntfs - ok
12:52:45.0583 0x0ff0  [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null            C:\Windows\system32\drivers\Null.sys
12:52:45.0604 0x0ff0  Null - ok
12:52:45.0625 0x0ff0  [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:52:45.0638 0x0ff0  nvraid - ok
12:52:45.0665 0x0ff0  [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:52:45.0679 0x0ff0  nvstor - ok
12:52:45.0705 0x0ff0  [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:52:45.0716 0x0ff0  nv_agp - ok
12:52:45.0801 0x0ff0  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:52:45.0813 0x0ff0  ose - ok
12:52:45.0846 0x0ff0  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:52:45.0885 0x0ff0  p2pimsvc - ok
12:52:45.0914 0x0ff0  [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc          C:\Windows\system32\p2psvc.dll
12:52:45.0962 0x0ff0  p2psvc - ok
12:52:45.0985 0x0ff0  [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport         C:\Windows\System32\drivers\parport.sys
12:52:46.0010 0x0ff0  Parport - ok
12:52:46.0056 0x0ff0  [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:52:46.0067 0x0ff0  partmgr - ok
12:52:46.0157 0x0ff0  [ 4811D9EC53649105A5A8BEA661B0F936, C77907E03D0561500FCFEAFAC323E9679E66297329901A0CA2BD7E919419A8E8 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:52:46.0191 0x0ff0  PcaSvc - ok
12:52:46.0217 0x0ff0  [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci             C:\Windows\system32\drivers\pci.sys
12:52:46.0232 0x0ff0  pci - ok
12:52:46.0243 0x0ff0  [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide          C:\Windows\system32\drivers\pciide.sys
12:52:46.0251 0x0ff0  pciide - ok
12:52:46.0270 0x0ff0  [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:52:46.0284 0x0ff0  pcmcia - ok
12:52:46.0302 0x0ff0  [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw             C:\Windows\system32\drivers\pcw.sys
12:52:46.0312 0x0ff0  pcw - ok
12:52:46.0358 0x0ff0  [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc             C:\Windows\system32\drivers\pdc.sys
12:52:46.0367 0x0ff0  pdc - ok
12:52:46.0434 0x0ff0  [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:52:46.0485 0x0ff0  PEAUTH - ok
12:52:46.0594 0x0ff0  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:52:46.0605 0x0ff0  PerfHost - ok
12:52:46.0671 0x0ff0  [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla             C:\Windows\system32\pla.dll
12:52:46.0733 0x0ff0  pla - ok
12:52:46.0763 0x0ff0  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:52:46.0776 0x0ff0  PlugPlay - ok
12:52:46.0787 0x0ff0  [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:52:46.0797 0x0ff0  PNRPAutoReg - ok
12:52:46.0822 0x0ff0  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:52:46.0839 0x0ff0  PNRPsvc - ok
12:52:46.0876 0x0ff0  [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:52:46.0913 0x0ff0  PolicyAgent - ok
12:52:46.0938 0x0ff0  [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power           C:\Windows\system32\umpo.dll
12:52:46.0964 0x0ff0  Power - ok
12:52:46.0994 0x0ff0  [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:52:47.0018 0x0ff0  PptpMiniport - ok
12:52:47.0345 0x0ff0  [ C2D3B3D0060619D5E03E696BD56FF59F, 155954F16B6F9B51BA16F43F1AE6F977B1EC4DE77862C6F6C722293189BE0DD2 ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
12:52:47.0423 0x0ff0  PrintNotify - ok
12:52:47.0454 0x0ff0  [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor       C:\Windows\System32\drivers\processr.sys
12:52:47.0474 0x0ff0  Processor - ok
12:52:47.0501 0x0ff0  [ 429E8502AD2227CF88F8840FC5BD590D, A186DA46C083580ACEDE9C7E3156865034302CD803140EEEC8E1DE16DA4BC99B ] ProfSvc         C:\Windows\system32\profsvc.dll
12:52:47.0531 0x0ff0  ProfSvc - ok
12:52:47.0536 0x1044  Object required for P2P: [ 55C892763A614BA39BA956A0323C65F3 ] ClickToRunSvc
12:52:47.0549 0x0ff0  [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:52:47.0580 0x0ff0  Psched - ok
12:52:47.0607 0x0ff0  [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE           C:\Windows\system32\qwave.dll
12:52:47.0639 0x0ff0  QWAVE - ok
12:52:47.0666 0x0ff0  [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:52:47.0691 0x0ff0  QWAVEdrv - ok
12:52:47.0708 0x0ff0  [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:52:47.0719 0x0ff0  RasAcd - ok
12:52:47.0739 0x0ff0  [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:52:47.0762 0x0ff0  RasAgileVpn - ok
12:52:47.0781 0x0ff0  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto         C:\Windows\System32\rasauto.dll
12:52:47.0812 0x0ff0  RasAuto - ok
12:52:47.0833 0x0ff0  [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:52:47.0858 0x0ff0  Rasl2tp - ok
12:52:47.0880 0x0ff0  [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan          C:\Windows\System32\rasmans.dll
12:52:47.0902 0x0ff0  RasMan - ok
12:52:47.0919 0x0ff0  [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:52:47.0945 0x0ff0  RasPppoe - ok
12:52:47.0964 0x0ff0  [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:52:47.0998 0x0ff0  RasSstp - ok
12:52:48.0081 0x0ff0  [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:52:48.0108 0x0ff0  rdbss - ok
12:52:48.0132 0x0ff0  [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
12:52:48.0157 0x0ff0  rdpbus - ok
12:52:48.0175 0x0ff0  [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:52:48.0204 0x0ff0  RDPDR - ok
12:52:48.0226 0x0ff0  [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:52:48.0234 0x0ff0  RdpVideoMiniport - ok
12:52:48.0252 0x0ff0  [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:52:48.0280 0x0ff0  RDPWD - ok
12:52:48.0306 0x0ff0  [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:52:48.0321 0x0ff0  rdyboost - ok
12:52:48.0345 0x0ff0  [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:52:48.0371 0x0ff0  RemoteAccess - ok
12:52:48.0408 0x0ff0  [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:52:48.0429 0x0ff0  RemoteRegistry - ok
12:52:48.0469 0x0ff0  [ 7B04C9843921AB1F695FB395422C5360, C9B02BE0384357FD242613C2A12029B45322AF9A795CD69F33500CA7530899A7 ] RimUsb          C:\Windows\System32\Drivers\RimUsb_AMD64.sys
12:52:48.0510 0x0ff0  RimUsb - ok
12:52:48.0517 0x0ff0  [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:52:48.0543 0x0ff0  RpcEptMapper - ok
12:52:48.0566 0x0ff0  [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator      C:\Windows\system32\locator.exe
12:52:48.0592 0x0ff0  RpcLocator - ok
12:52:48.0626 0x0ff0  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs           C:\Windows\system32\rpcss.dll
12:52:48.0654 0x0ff0  RpcSs - ok
12:52:48.0692 0x0ff0  [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:52:48.0720 0x0ff0  rspndr - ok
12:52:48.0766 0x0ff0  [ 7D9DA8EC6784A9EE213C676709D46BE6, 9861D1EF107F7D1590B89098EAEA7F509C1EF46999C37703F3766BAD733D8AD2 ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
12:52:48.0799 0x0ff0  RTL8168 - ok
12:52:48.0921 0x0ff0  [ 962503AA7DFFB1D00D8664CD3A1FC40B, 63AD593EC138B53AA68EF268C44A45D089F6A89A881CEFC23F47B423291DBD22 ] RzKLService     C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
12:52:48.0928 0x0ff0  RzKLService - ok
12:52:48.0949 0x0ff0  [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
12:52:48.0958 0x0ff0  s3cap - ok
12:52:48.0982 0x0ff0  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] SamSs           C:\Windows\system32\lsass.exe
12:52:48.0993 0x0ff0  SamSs - ok
12:52:49.0118 0x0ff0  [ 4752E1DBF5671A941CFA6DFC4C840EB7, FEA249AA3F153398161DA8A43165E5B76C291B690C3DDF5D496099771842E273 ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
12:52:49.0140 0x0ff0  SbieDrv - ok
12:52:49.0158 0x0ff0  [ 208D06C26717783E07104F30B9D3F301, 0F020277740B5AC03DC46592896B7B83AE658DAEDD796EDD1109AE4B7C14DF22 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
12:52:49.0167 0x0ff0  SbieSvc - ok
12:52:49.0189 0x0ff0  [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:52:49.0212 0x0ff0  sbp2port - ok
12:52:49.0237 0x0ff0  [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:52:49.0272 0x0ff0  SCardSvr - ok
12:52:49.0288 0x0ff0  [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:52:49.0300 0x0ff0  scfilter - ok
12:52:49.0396 0x0ff0  [ ED40ED9A65F3E79A8C43DD50C5FDADBF, 2323BFAB1BC3D661A376650B7AC14C7780C92BA575DA048F3C7611CDB3F7F04A ] Schedule        C:\Windows\system32\schedsvc.dll
12:52:49.0450 0x0ff0  Schedule - ok
12:52:49.0476 0x0ff0  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:52:49.0490 0x0ff0  SCPolicySvc - ok
12:52:49.0541 0x0ff0  [ 8B56BDCE6A303DDE63D63440D1CF9AD1, 66A4356C29D00A1B8A95975C073AE4E6D2A90CBF3B143FE9B83B96BEC0805D46 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
12:52:49.0546 0x0ff0  ScreamBAudioSvc - ok
12:52:49.0606 0x0ff0  [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
12:52:49.0634 0x0ff0  sdbus - ok
12:52:49.0664 0x0ff0  [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:52:49.0691 0x0ff0  SDRSVC - ok
12:52:49.0734 0x0ff0  [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor          C:\Windows\System32\drivers\sdstor.sys
12:52:49.0769 0x0ff0  sdstor - ok
12:52:49.0793 0x0ff0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:52:49.0827 0x0ff0  secdrv - ok
12:52:49.0848 0x0ff0  [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon        C:\Windows\system32\seclogon.dll
12:52:49.0873 0x0ff0  seclogon - ok
12:52:49.0890 0x0ff0  [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS            C:\Windows\System32\sens.dll
12:52:49.0908 0x0ff0  SENS - ok
12:52:49.0915 0x0ff0  [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:52:49.0930 0x0ff0  SensrSvc - ok
12:52:49.0943 0x0ff0  [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
12:52:49.0954 0x0ff0  SerCx - ok
12:52:49.0958 0x0ff0  [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum         C:\Windows\System32\drivers\serenum.sys
12:52:49.0983 0x0ff0  Serenum - ok
12:52:49.0989 0x0ff0  [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial          C:\Windows\System32\drivers\serial.sys
12:52:50.0004 0x0ff0  Serial - ok
12:52:50.0009 0x0ff0  [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
12:52:50.0018 0x0ff0  sermouse - ok
12:52:50.0048 0x0ff0  [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv      C:\Windows\system32\sessenv.dll
12:52:50.0085 0x0ff0  SessionEnv - ok
12:52:50.0090 0x0ff0  [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
12:52:50.0099 0x0ff0  sfloppy - ok
12:52:50.0166 0x0ff0  [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:52:50.0211 0x0ff0  SharedAccess - ok
12:52:50.0244 0x0ff0  [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:52:50.0286 0x0ff0  ShellHWDetection - ok
12:52:50.0291 0x0ff0  [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:52:50.0300 0x0ff0  SiSRaid2 - ok
12:52:50.0306 0x0ff0  [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:52:50.0316 0x0ff0  SiSRaid4 - ok
12:52:50.0461 0x0ff0  [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:52:50.0484 0x0ff0  SkypeUpdate - ok
12:52:50.0524 0x1044  Object send P2P result: true
12:52:50.0525 0x0ff0  [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:52:50.0557 0x0ff0  SNMPTRAP - ok
12:52:50.0619 0x0ff0  [ 9110193D93960E38B8692E4519C75D72, 789381B4CCC056EE431E78E2339AC9802264A1CE4B378DDA9769649664C9A7A0 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
12:52:50.0636 0x0ff0  spaceport - ok
12:52:50.0641 0x0ff0  [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
12:52:50.0673 0x0ff0  SpbCx - ok
12:52:50.0706 0x0ff0  [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler         C:\Windows\System32\spoolsv.exe
12:52:50.0759 0x0ff0  Spooler - ok
12:52:51.0319 0x0ff0  [ 061A977C920FBE4BF71FF47C966DDDCA, 746516396B72E4ADB05D978C819CD45FE44EE194756F6DA50121D755439CA590 ] sppsvc          C:\Windows\system32\sppsvc.exe
12:52:51.0600 0x0ff0  sppsvc - ok
12:52:51.0609 0x0ff0  SpyHunter 4 Service - ok
12:52:51.0651 0x0ff0  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:52:51.0739 0x0ff0  srv - ok
12:52:51.0785 0x0ff0  [ 56218A571ECF8D55E0CDFF8DF2546CF1, 44B34722108EDDC8757A0B7C939A854457BB7EBC92A83C4284DFFAECFC2E3619 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:52:51.0843 0x0ff0  srv2 - ok
12:52:51.0922 0x0ff0  [ 14FC338B80CFF7E04215133B568D15C4, 1F437BE0EC887097F0C3409D4198A20981FC325FDF915532AB85070D337DEF2B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:52:51.0957 0x0ff0  srvnet - ok
12:52:51.0990 0x0ff0  [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:52:52.0024 0x0ff0  SSDPSRV - ok
12:52:52.0042 0x0ff0  [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:52:52.0059 0x0ff0  SstpSvc - ok
12:52:52.0125 0x0ff0  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
12:52:52.0136 0x0ff0  ssudmdm - ok
12:52:52.0188 0x0ff0  [ 9A8D59146B6FC187140179D0F05EB07E, 96CF834C3B12C53D2F9CB15DCE231B8CE20108D4D826413404E20F0CB49E8F4B ] ssudobex        C:\Windows\system32\DRIVERS\ssudobex.sys
12:52:52.0199 0x0ff0  ssudobex - ok
12:52:52.0248 0x0ff0  [ 76F7D7217FBDAB77798A2A244ACD641F, E65CF2CE789E721CEFCA35DF5100304C56135459DA2421DB2A0DF9E6E9DDE70F ] ssudserd        C:\Windows\system32\DRIVERS\ssudserd.sys
12:52:52.0260 0x0ff0  ssudserd - ok
12:52:52.0365 0x0ff0  [ 2A6EDC2FBB4B9C11BB21BE3881C7A692, 74482CA4EC2B98C069A32C224BA5449AE10A8B41BFC053A4C23B6F65113A97A4 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12:52:52.0398 0x0ff0  Steam Client Service - ok
12:52:52.0419 0x0ff0  [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:52:52.0428 0x0ff0  stexstor - ok
12:52:52.0459 0x0ff0  [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc          C:\Windows\System32\wiaservc.dll
12:52:52.0560 0x0ff0  stisvc - ok
12:52:52.0605 0x0ff0  [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci        C:\Windows\system32\drivers\storahci.sys
12:52:52.0616 0x0ff0  storahci - ok
12:52:52.0631 0x0ff0  [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
12:52:52.0640 0x0ff0  storflt - ok
12:52:52.0684 0x0ff0  [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc         C:\Windows\system32\storsvc.dll
12:52:52.0775 0x0ff0  StorSvc - ok
12:52:52.0780 0x0ff0  [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:52:52.0789 0x0ff0  storvsc - ok
12:52:52.0803 0x0ff0  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc           C:\Windows\system32\svsvc.dll
12:52:52.0926 0x0ff0  svsvc - ok
12:52:52.0944 0x0ff0  [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum          C:\Windows\System32\drivers\swenum.sys
12:52:52.0952 0x0ff0  swenum - ok
12:52:52.0988 0x0ff0  [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv           C:\Windows\System32\swprv.dll
12:52:53.0313 0x0ff0  swprv - ok
12:52:53.0383 0x0ff0  [ A06CB9269D29EE3D0F3F5630ABB660B8, 519A01FC7D9414B26CCBC23E7FB1CEAF1C91CD173B4F4A4025F8316B7460C584 ] SysMain         C:\Windows\system32\sysmain.dll
12:52:53.0540 0x0ff0  SysMain - ok
12:52:53.0613 0x0ff0  [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
12:52:53.0718 0x0ff0  SystemEventsBroker - ok
12:52:53.0734 0x0ff0  [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\Windows\System32\TabSvc.dll
12:52:53.0766 0x0ff0  TabletInputService - ok
12:52:53.0789 0x0ff0  [ F9BE29D5E097F03F81D3CD12B794CB66, 5EC208DEAF7C721F4C36512E7DAD4AC66578AB935B9502A5E1E213BC91BE508C ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
12:52:53.0810 0x0ff0  tap0901 - ok
12:52:53.0847 0x0ff0  [ B39168AC9C2A035FE2467BCF951D98FA, 509909092A9E3DB80D1AA8647BE11F3C155022ABE12A4DEE15E8A139864F17DE ] taphss6         C:\Windows\system32\DRIVERS\taphss6.sys
12:52:53.0854 0x0ff0  taphss6 - ok
12:52:53.0875 0x0ff0  [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:52:53.0895 0x0ff0  TapiSrv - ok
12:52:54.0180 0x0ff0  [ DD4249F03598043DED6FA540EB14898A, 7015BD1A692F75D54B0F96E5EDC5C4DF41B0C831E85D0F6EF0AFBEFCA2F6DA83 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:52:54.0257 0x0ff0  Tcpip - ok
12:52:54.0517 0x0ff0  [ DD4249F03598043DED6FA540EB14898A, 7015BD1A692F75D54B0F96E5EDC5C4DF41B0C831E85D0F6EF0AFBEFCA2F6DA83 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:52:54.0582 0x0ff0  TCPIP6 - ok
12:52:54.0637 0x0ff0  [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:52:54.0683 0x0ff0  tcpipreg - ok
12:52:54.0704 0x0ff0  [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:52:54.0716 0x0ff0  tdx - ok
12:52:54.0728 0x0ff0  [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
12:52:54.0736 0x0ff0  terminpt - ok
12:52:54.0774 0x0ff0  [ 541EE228D0DEF392F7B2DFD885DD021B, 594D6538FA4DB5EF4D130007D7C29051EC2EDCA39EBB119695B58E9CBB0EB728 ] TermService     C:\Windows\System32\termsrv.dll
12:52:54.0820 0x0ff0  TermService - ok
12:52:54.0839 0x0ff0  [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes          C:\Windows\system32\themeservice.dll
12:52:54.0857 0x0ff0  Themes - ok
12:52:54.0881 0x0ff0  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER     C:\Windows\system32\mmcss.dll
12:52:54.0892 0x0ff0  THREADORDER - ok
12:52:54.0978 0x0ff0  [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
12:52:55.0009 0x0ff0  TimeBroker - ok
12:52:55.0053 0x0ff0  [ E94F7A7B48C7638D1F3F8089344C97B7, 276CDE59614D563A52529BCC4BFC726E5F5BE131C9C4142558A644D79328C810 ] TPM             C:\Windows\system32\drivers\tpm.sys
12:52:55.0065 0x0ff0  TPM - ok
12:52:55.0087 0x0ff0  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks          C:\Windows\System32\trkwks.dll
12:52:55.0102 0x0ff0  TrkWks - ok
12:52:55.0211 0x0ff0  [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:52:55.0222 0x0ff0  TrustedInstaller - ok
12:52:55.0258 0x0ff0  [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:52:55.0267 0x0ff0  TsUsbFlt - ok
12:52:55.0272 0x0ff0  [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
12:52:55.0280 0x0ff0  TsUsbGD - ok
12:52:55.0300 0x0ff0  [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:52:55.0327 0x0ff0  tunnel - ok
12:52:55.0335 0x0ff0  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:52:55.0344 0x0ff0  uagp35 - ok
12:52:55.0350 0x0ff0  [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
12:52:55.0361 0x0ff0  UASPStor - ok
12:52:55.0436 0x0ff0  [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
12:52:55.0451 0x0ff0  UCX01000 - ok
12:52:55.0492 0x0ff0  [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:52:55.0511 0x0ff0  udfs - ok
12:52:55.0530 0x0ff0  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:52:55.0560 0x0ff0  UI0Detect - ok
12:52:55.0577 0x0ff0  [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:52:55.0588 0x0ff0  uliagpkx - ok
12:52:55.0600 0x0ff0  [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus           C:\Windows\System32\drivers\umbus.sys
12:52:55.0631 0x0ff0  umbus - ok
12:52:55.0641 0x0ff0  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass          C:\Windows\System32\drivers\umpass.sys
12:52:55.0654 0x0ff0  UmPass - ok
12:52:55.0701 0x0ff0  [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService    C:\Windows\System32\umrdp.dll
12:52:55.0722 0x0ff0  UmRdpService - ok
12:52:55.0831 0x0ff0  [ E1A119AD21F5AFE22EB516C549306D3D, 48769D5E7A78B7A2C00F1F6798AC133CF3E0B2C76F71D3719BD741DDD8F2D229 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:52:55.0845 0x0ff0  UNS - ok
12:52:55.0913 0x0ff0  [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost        C:\Windows\System32\upnphost.dll
12:52:55.0956 0x0ff0  upnphost - ok
12:52:56.0004 0x0ff0  [ C976C4306F9AE133D6BBD47FDFC3BF92, 820413D92D6A89055A7F26523BF5CC4B668610C4A06E8B0D163FBF929B1DFA9A ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
12:52:56.0024 0x0ff0  usbccgp - ok
12:52:56.0040 0x0ff0  [ 427B6DB8C05A5A977E8C3525370A2595, C67222CA9123AE12D953995326B3B582C146CEA89594B7209DB0B1F628A0118D ] usbcir          C:\Windows\System32\drivers\usbcir.sys
12:52:56.0051 0x0ff0  usbcir - ok
12:52:56.0097 0x0ff0  [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
12:52:56.0108 0x0ff0  usbehci - ok
12:52:56.0152 0x0ff0  [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] usbhub          C:\Windows\System32\drivers\usbhub.sys
12:52:56.0181 0x0ff0  usbhub - ok
12:52:56.0317 0x0ff0  [ E5F7328B1D29BCE791862CD3C0DD382A, E520D75CA6E4EDB06F576D97FB6B7CFD46A3EF3A3AC881537DE3BB8C862FE8C3 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
12:52:56.0339 0x0ff0  USBHUB3 - ok
12:52:56.0373 0x0ff0  [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci         C:\Windows\System32\drivers\usbohci.sys
12:52:56.0390 0x0ff0  usbohci - ok
12:52:56.0410 0x0ff0  [ 9FDBA6982582A6F2354144980F641E7B, 054A65412CB22C5BE970FD3A266E140110D869B614B9F9894628D553CE82C991 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
12:52:56.0419 0x0ff0  usbprint - ok
12:52:56.0465 0x0ff0  [ AD91D1BBE5D3CF4501887DC1C09384FD, ED9E27CD1D52401087427EC20E389FBE2497193483C2E53E8DE5D70DACF5D928 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:52:56.0474 0x0ff0  usbscan - ok
12:52:56.0505 0x0ff0  [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
12:52:56.0516 0x0ff0  USBSTOR - ok
12:52:56.0534 0x0ff0  [ 1ABF657259DB57F7E5558E4DF1357C0C, 34EAF5DEA3293CFA96BA81B036305FD90ABAE05B9CB73D4F54FB236448C1978C ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
12:52:56.0562 0x0ff0  usbuhci - ok
12:52:56.0584 0x0ff0  [ 9EF7C01D3ACCBC243B5CB1A95865B2FF, 367A7640B4992E68EB3E1BBD78D3014742F4CC4056750E389048C653251DAD33 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:52:56.0610 0x0ff0  usbvideo - ok
12:52:56.0637 0x0ff0  [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
12:52:56.0655 0x0ff0  USBXHCI - ok
12:52:56.0673 0x0ff0  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] VaultSvc        C:\Windows\system32\lsass.exe
12:52:56.0684 0x0ff0  VaultSvc - ok
12:52:56.0727 0x0ff0  [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:52:56.0735 0x0ff0  vdrvroot - ok
12:52:56.0835 0x0ff0  [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds             C:\Windows\System32\vds.exe
12:52:56.0922 0x0ff0  vds - ok
12:52:56.0943 0x0ff0  [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
12:52:56.0954 0x0ff0  VerifierExt - ok
12:52:57.0061 0x0ff0  [ 500BE6B2E49883720D0AE8BB859ED7A3, 4606B02A3E8123510676E554635EB5ECF9DC5F2B83928710C8563787C52CC102 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
12:52:57.0083 0x0ff0  vhdmp - ok
12:52:57.0100 0x0ff0  [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:52:57.0108 0x0ff0  viaide - ok
12:52:57.0115 0x0ff0  [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:52:57.0127 0x0ff0  vmbus - ok
12:52:57.0131 0x0ff0  [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
12:52:57.0141 0x0ff0  VMBusHID - ok
12:52:57.0172 0x0ff0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
12:52:57.0207 0x0ff0  vmicheartbeat - ok
12:52:57.0217 0x0ff0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\Windows\System32\ICSvc.dll
12:52:57.0234 0x0ff0  vmickvpexchange - ok
12:52:57.0244 0x0ff0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv         C:\Windows\System32\ICSvc.dll
12:52:57.0261 0x0ff0  vmicrdv - ok
12:52:57.0271 0x0ff0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown    C:\Windows\System32\ICSvc.dll
12:52:57.0288 0x0ff0  vmicshutdown - ok
12:52:57.0297 0x0ff0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync    C:\Windows\System32\ICSvc.dll
12:52:57.0326 0x0ff0  vmictimesync - ok
12:52:57.0336 0x0ff0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss         C:\Windows\System32\ICSvc.dll
12:52:57.0352 0x0ff0  vmicvss - ok
12:52:57.0373 0x0ff0  [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:52:57.0383 0x0ff0  volmgr - ok
12:52:57.0398 0x0ff0  [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:52:57.0418 0x0ff0  volmgrx - ok
12:52:57.0511 0x0ff0  [ 78A5BBA3819FFFC62FFEC3E2220D102D, A95797B97D576374C2CDA8A09E6C51A89BADE428AAA89D5093579C85062E5874 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:52:57.0528 0x0ff0  volsnap - ok
12:52:57.0553 0x0ff0  [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci            C:\Windows\System32\drivers\vpci.sys
12:52:57.0563 0x0ff0  vpci - ok
12:52:57.0571 0x0ff0  [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:52:57.0583 0x0ff0  vsmraid - ok
12:52:57.0826 0x0ff0  [ D0C69E44BC1E1D4AD290FD84104623D8, 4C86760EA4BD2A64FFD42D89284EC3E5048CB2F0F6F3B80D017B41C0D2456A90 ] VSS             C:\Windows\system32\vssvc.exe
12:52:57.0878 0x0ff0  VSS - ok
12:52:57.0890 0x0ff0  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
12:52:57.0908 0x0ff0  VSTXRAID - ok
12:52:57.0936 0x0ff0  [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:52:57.0945 0x0ff0  vwifibus - ok
12:52:57.0957 0x0ff0  [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:52:57.0967 0x0ff0  vwififlt - ok
12:52:58.0004 0x0ff0  [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time         C:\Windows\system32\w32time.dll
12:52:58.0046 0x0ff0  W32Time - ok
12:52:58.0051 0x0ff0  [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
12:52:58.0062 0x0ff0  WacomPen - ok
12:52:58.0102 0x0ff0  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
12:52:58.0128 0x0ff0  Wanarp - ok
12:52:58.0132 0x0ff0  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:52:58.0143 0x0ff0  Wanarpv6 - ok
12:52:58.0146 0x0ff0  wanatw - ok
12:52:58.0202 0x0ff0  [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine        C:\Windows\system32\wbengine.exe
12:52:58.0274 0x0ff0  wbengine - ok
12:52:58.0390 0x0ff0  [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:52:58.0420 0x0ff0  WbioSrvc - ok
12:52:58.0529 0x0ff0  [ AF1349386D4C6786EF4E34FACEF15042, 6B33778409BC54C1955B92508ADDEBAFD629141961B71C94A91DC4CFE8391A13 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
12:52:58.0569 0x0ff0  Wcmsvc - ok
12:52:58.0670 0x0ff0  [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:52:58.0693 0x0ff0  wcncsvc - ok
12:52:58.0718 0x0ff0  [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:52:58.0730 0x0ff0  WcsPlugInService - ok
12:52:58.0754 0x0ff0  [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd              C:\Windows\system32\drivers\wd.sys
12:52:58.0763 0x0ff0  Wd - ok
12:52:58.0805 0x0ff0  [ FD47DF026B32969B8A68721A0243E8EE, 57A7B9B40CEDADFB023AEDD9F29869F1B93EA2596F47B5DDC233D57FC585CCE1 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
12:52:58.0814 0x0ff0  WdBoot - ok
12:52:59.0048 0x0ff0  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:52:59.0077 0x0ff0  Wdf01000 - ok
12:52:59.0102 0x0ff0  [ 5F425D842DD6ADE9F95A51A0616AFAD7, 807B8E6A4FE443A362076C225F588A8C897CFE24A6367F4D461C8F6D3EF004C5 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
12:52:59.0118 0x0ff0  WdFilter - ok
12:52:59.0137 0x0ff0  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:52:59.0156 0x0ff0  WdiServiceHost - ok
12:52:59.0161 0x0ff0  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:52:59.0179 0x0ff0  WdiSystemHost - ok
12:52:59.0255 0x0ff0  [ 9B1384CE8E681D2D77BB3524B8E86311, BDEF9D0A79A7C26A88088A306F91632F300E587736CDD2C64717EC54DD6E89FF ] WebClient       C:\Windows\System32\webclnt.dll
12:52:59.0272 0x0ff0  WebClient - ok
12:52:59.0300 0x0ff0  [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:52:59.0328 0x0ff0  Wecsvc - ok
12:52:59.0349 0x0ff0  [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:52:59.0383 0x0ff0  wercplsupport - ok
12:52:59.0422 0x0ff0  [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:52:59.0463 0x0ff0  WerSvc - ok
12:52:59.0509 0x0ff0  [ 44BB9C31E6242C4BD1CE7C2B440C2533, E603BB001028918B687818E930340008C752679B133037367A8A8E41DA559FFE ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
12:52:59.0536 0x0ff0  WFPLWFS - ok
12:52:59.0554 0x0ff0  [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc          C:\Windows\System32\wiarpc.dll
12:52:59.0566 0x0ff0  WiaRpc - ok
12:52:59.0592 0x0ff0  [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:52:59.0601 0x0ff0  WIMMount - ok
12:52:59.0615 0x0ff0  WinDefend - ok
12:52:59.0824 0x0ff0  [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
12:52:59.0873 0x0ff0  WinHttpAutoProxySvc - ok
12:53:00.0012 0x0ff0  [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:53:00.0028 0x0ff0  Winmgmt - ok
12:53:00.0197 0x0ff0  [ 8E212A627F33F6FC3B5F3BB47212F66E, 9BBFE26ABFA14F346FE3711D13D959523EEA23608A33C16F3D750D66CA511911 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:53:00.0327 0x0ff0  WinRM - ok
12:53:00.0373 0x0ff0  [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:53:00.0392 0x0ff0  WinUsb - ok
12:53:00.0515 0x0ff0  [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc         C:\Windows\System32\wlansvc.dll
12:53:00.0570 0x0ff0  WlanSvc - ok
12:53:00.0862 0x0ff0  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
12:53:00.0930 0x0ff0  wlidsvc - ok
12:53:00.0951 0x0ff0  [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
12:53:00.0960 0x0ff0  WmiAcpi - ok
12:53:00.0992 0x0ff0  [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:53:01.0018 0x0ff0  wmiApSrv - ok
12:53:01.0042 0x0ff0  WMPNetworkSvc - ok
12:53:01.0048 0x0ff0  [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
12:53:01.0058 0x0ff0  wpcfltr - ok
12:53:01.0085 0x0ff0  [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:53:01.0096 0x0ff0  WPCSvc - ok
12:53:01.0141 0x0ff0  [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:53:01.0154 0x0ff0  WPDBusEnum - ok
12:53:01.0168 0x0ff0  [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
12:53:01.0178 0x0ff0  WpdUpFltr - ok
12:53:01.0194 0x0ff0  [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:53:01.0215 0x0ff0  ws2ifsl - ok
12:53:01.0263 0x0ff0  [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc          C:\Windows\System32\wscsvc.dll
12:53:01.0302 0x0ff0  wscsvc - ok
12:53:01.0305 0x0ff0  WSearch - ok
12:53:01.0661 0x0ff0  [ D4D04839F3DFAF09D94BAB1016F7A297, 944A41D251F522EE87189C1D01CF7EEE2C70BF4353BA4005C44F03DB485F843F ] WSService       C:\Windows\System32\WSService.dll
12:53:01.0744 0x0ff0  WSService - ok
12:53:01.0990 0x0ff0  [ 311E5E1976E0BD9110A88B93158055D5, F1AA738D6AD74C33785EEFE1FBE8A869AAB62417B7D079389293AB1209A849C1 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:53:02.0137 0x0ff0  wuauserv - ok
12:53:02.0166 0x0ff0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:53:02.0194 0x0ff0  WudfPf - ok
12:53:02.0234 0x0ff0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
12:53:02.0260 0x0ff0  WUDFRd - ok
12:53:02.0268 0x0ff0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFSensorLP    C:\Windows\system32\DRIVERS\WUDFRd.sys
12:53:02.0281 0x0ff0  WUDFSensorLP - ok
12:53:02.0308 0x0ff0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:53:02.0322 0x0ff0  wudfsvc - ok
12:53:02.0330 0x0ff0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
12:53:02.0342 0x0ff0  WUDFWpdFs - ok
12:53:02.0349 0x0ff0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
12:53:02.0362 0x0ff0  WUDFWpdMtp - ok
12:53:02.0401 0x0ff0  [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:53:02.0494 0x0ff0  WwanSvc - ok
12:53:02.0504 0x0ff0  ================ Scan global ===============================
12:53:02.0543 0x0ff0  [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\Windows\system32\basesrv.dll
12:53:02.0577 0x0ff0  [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\Windows\system32\winsrv.dll
12:53:02.0605 0x0ff0  [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\Windows\system32\sxssrv.dll
12:53:02.0646 0x0ff0  [ 8F226143046435C75C033B0C52E90FFE, 54FA316485B57D7B8104FE621F5F40DEC35E3D57C3DF46B5F7EACF57445FE7CA ] C:\Windows\system32\services.exe
12:53:02.0656 0x0ff0  [ Global ] - ok
12:53:02.0660 0x0ff0  ================ Scan MBR ==================================
12:53:02.0672 0x0ff0  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
12:53:03.0032 0x0ff0  \Device\Harddisk0\DR0 - ok
12:53:03.0033 0x0ff0  ================ Scan VBR ==================================
12:53:03.0049 0x0ff0  [ B8139A6C7E4EAE3A5D550374C3D790EE ] \Device\Harddisk0\DR0\Partition1
12:53:03.0085 0x0ff0  \Device\Harddisk0\DR0\Partition1 - ok
12:53:03.0114 0x0ff0  [ FBDA78140B7FABEB8A3BD22CBE8BE49E ] \Device\Harddisk0\DR0\Partition2
12:53:03.0149 0x0ff0  \Device\Harddisk0\DR0\Partition2 - ok
12:53:03.0170 0x0ff0  [ 676567A490983A2BF52CCAA7BA06AB33 ] \Device\Harddisk0\DR0\Partition3
12:53:03.0170 0x0ff0  \Device\Harddisk0\DR0\Partition3 - ok
12:53:03.0201 0x0ff0  [ 5959E44B3F57D55FF83A06F353FA987F ] \Device\Harddisk0\DR0\Partition4
12:53:03.0267 0x0ff0  \Device\Harddisk0\DR0\Partition4 - ok
12:53:03.0304 0x0ff0  [ 6D3B234539A17333E2DEFF2AE28607DD ] \Device\Harddisk0\DR0\Partition5
12:53:03.0408 0x0ff0  \Device\Harddisk0\DR0\Partition5 - ok
12:53:03.0408 0x0ff0  ================ Scan generic autorun ======================
12:53:03.0684 0x0ff0  [ DB282FA0CBA880D36BA5FBE748BD6F4F, C3A6AB6A2D084048F8C622B9B4CF138CE577B7B4CBC0BF00E5CB2A18918070DC ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
12:53:03.0699 0x0ff0  AdobeAAMUpdater-1.0 - ok
12:53:03.0762 0x0ff0  [ D309FE127C0075A09FF8D479F294AF87, CBA0472274FBC93983D4A140FCC28EBB9A847E63E301773E6D6BC6D03EEBE604 ] C:\Windows\system32\igfxtray.exe
12:53:03.0773 0x0ff0  IgfxTray - ok
12:53:03.0882 0x0ff0  [ 42F9701FA01087E2531F351741D5BD93, 1A0D2E6199D11BC9EAFFC78F46EDB51A5562156D7C13AC37C1DC8FBAF5247E1D ] C:\Windows\system32\hkcmd.exe
12:53:03.0897 0x0ff0  HotKeysCmds - ok
12:53:03.0974 0x0ff0  [ 25A0899C09925E587CE03EA5D05EE87D, F828B357E5DF4B319344AEE164B686D2F709648DDFB8C62C7533343D1D9B991A ] C:\Windows\system32\igfxpers.exe
12:53:03.0990 0x0ff0  Persistence - ok
12:53:04.0267 0x0ff0  [ AF5C73A1CC83809AD7FFDCEF3623C17E, 4122A4AE98CEFEE4287332AA412364D0C267AFE17DBC740F4FAE208D2C4F7413 ] C:\Program Files\Hola\app\hola.exe
12:53:04.0326 0x0ff0  hola - ok
12:53:04.0419 0x0ff0  [ D1931AB351D1F3935BDE2BEFD427F925, 680F9597B313EEDB5524975348BBB5F5F3114FE23D5FC2061CD3C00E5F6ED034 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
12:53:04.0425 0x0ff0  IAStorIcon - ok
12:53:04.0563 0x0ff0  [ 8FE651ACBA3344E645CFEB6286FFF6B8, ECE4DFFEB7EB0B19B6790FD0F619A5C4B23CA0BA9CC3F25924925F8EA07264B6 ] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
12:53:04.0605 0x0ff0  AdobeCS6ServiceManager - ok
12:53:04.0663 0x0ff0  DivXMediaServer - ok
12:53:04.0829 0x0ff0  [ 48BE298F7FD1BEF4D8FBACB04D8D95C4, D375B3F6E850E4B0EC81BAA0E554C356BE2248AA77C6C56F5267CA05460FE4EB ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
12:53:04.0855 0x0ff0  Adobe ARM - ok
12:53:05.0485 0x0ff0  [ 65C6AA484AD2287D20541C7735989437, 1842787640391F4A4CD9ED0A531298A61F4B2FB09BEC98FEE256313AFB458EDB ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
12:53:05.0652 0x0ff0  AvastUI.exe - ok
12:53:05.0901 0x0ff0  [ 635F9280C61F3A67D920061E382A7717, D29A0616C821525977B0B3A80B81EC2403E36D238D89F5E742F9B9BE69F03543 ] C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
12:53:05.0930 0x0ff0  AdobeCEPServiceManager - ok
12:53:06.0102 0x0ff0  [ 9DECF401AE4CB834D89957BDBF484068, 084056EAA068F88B6168566F14D315F2AD35F2202B18CFC5F88A466C154210A3 ] C:\Program Files\AVAST Software\Avast\setup\emupdate\c01e2805-b9b4-4709-99be-f7d95e92c8f1.exe
12:53:06.0112 0x0ff0  20150107 - ok
12:53:06.0518 0x0ff0  [ 9D0D72B696B8CDF9AE368E542FD042CE, 8CD19E8B609041A6C226D57D40509175827C75DEF93378B53A814060BB7A9E0B ] C:\Users\Emilse\AppData\Roaming\Spotify\SpotifyWebHelper.exe
12:53:06.0930 0x0ff0  Spotify Web Helper - ok
12:53:07.0507 0x0ff0  [ 7C8FDC53EDA612DBDB8D44557A2B4049, BB1F451FDECB3B484F7234B4B86C76D4E1CC2871C2F722248F472BE8954918B1 ] C:\Program Files (x86)\WTFast\WTFast.exe
12:53:07.0646 0x0ff0  WTFast Tray - ok
12:53:07.0805 0x0ff0  [ 9DA1393F5C9350A3CFB039B6EB71A28F, 21DBC6ACFFBDEDAEB97690B83068B054DA9C3C117DF47135CFAA06E91916DBA8 ] C:\Program Files\Sandboxie\SbieCtrl.exe
12:53:07.0833 0x0ff0  SandboxieControl - ok
12:53:07.0946 0x0ff0  Skype - ok
12:53:08.0540 0x0ff0  [ DC8DC7ED86A259614D3B2186B2F841EB, 6F305431EE35849D637AF41F213B716D936311015483422FA294E9435B82AB2A ] C:\Users\Emilse\AppData\Roaming\Spotify\Spotify.exe
12:53:08.0744 0x0ff0  Spotify - ok
12:53:08.0756 0x0ff0  Waiting for KSN requests completion. In queue: 229
12:53:09.0757 0x0ff0  Waiting for KSN requests completion. In queue: 229
12:53:10.0757 0x0ff0  Waiting for KSN requests completion. In queue: 229
12:53:11.0758 0x0ff0  Waiting for KSN requests completion. In queue: 229
12:53:12.0521 0x0930  Object required for P2P: [ DC8DC7ED86A259614D3B2186B2F841EB ] C:\Users\Emilse\AppData\Roaming\Spotify\Spotify.exe
12:53:12.0759 0x0ff0  Waiting for KSN requests completion. In queue: 1
12:53:13.0759 0x0ff0  Waiting for KSN requests completion. In queue: 1
12:53:14.0760 0x0ff0  Waiting for KSN requests completion. In queue: 1
12:53:15.0513 0x0930  Object send P2P result: true
12:53:15.0856 0x0ff0  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.3.215.0 ), 0x60100 ( disabled : updated )
12:53:15.0866 0x0ff0  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x41000 ( enabled : updated )
12:53:15.0888 0x0ff0  Win FW state via NFP2: enabled ( trusted )
12:53:18.0506 0x0ff0  ============================================================
12:53:18.0506 0x0ff0  Scan finished
12:53:18.0506 0x0ff0  ============================================================
12:53:18.0512 0x1284  Detected object count: 0
12:53:18.0512 0x1284  Actual detected object count: 0


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:12 AM

Posted 21 October 2015 - 03:20 PM

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Cute

Cute
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:12 PM

Posted 21 October 2015 - 04:51 PM

Hello Jürgen, thank you for your reply, around the completed stage 60, i got around 6 pop-up errors about system32 that the program can not be restored, my desktop turned all black but i was able to still see the pop-up, also there was a warning in the cmd window  asking me to no reboot my computer manually, and after 6 or 7 tries of clicking the pop-ups, combofix finally manage reboot my computer... I had some errors arrounds system32 i think..When the computer finally finished my CPU usage was at 99% so i had to open task manager in order to get the logs, because combofix was stuck there and my avast started when the computer did, so i turned it off... 

But thank to god combofix was able to reboot the computer everything seems fine, but the main issue remains, sorry for my bad english, here are the logs by the way!

 

ComboFix 15-10-21.01 - Emilse 21/10/2015  18:02:52.1.2 - x64
Microsoft Windows 8 Single Language  6.2.9200.0.1252.54.3082.18.3982.2871 [GMT -3:00]
Running from: c:\users\Emilse\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\sXe Injected
c:\program files (x86)\sXe Injected\ddsxei.sys
c:\program files (x86)\sXe Injected\sXe-I EULA.txt
c:\program files (x86)\sXe Injected\sXe Injected.exe
c:\program files (x86)\sXe Injected\sXe Injected.txt
c:\program files (x86)\sXe Injected\uninstall.exe
c:\program files (x86)\sXe Injected\uninstall.ini
c:\users\Emilse\AppData\Local\._LiveCode_
c:\users\Emilse\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempfile0.txt
c:\users\Emilse\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempfile1.txt
c:\users\Emilse\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempfile2.txt
c:\users\Emilse\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempfile3.txt
c:\users\Emilse\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempfile4.txt
c:\users\Emilse\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempfile5.txt
c:\users\Emilse\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempfile6.txt
c:\users\Emilse\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempfile7.txt
c:\users\Emilse\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempfile8.txt
c:\users\Emilse\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempfile9.txt
c:\windows\msdownld.tmp
c:\windows\PFRO.log
c:\windows\SysWow64\logs
c:\windows\SysWow64\logs\Game - R3d Logs\2014-10-12T22-55-41_r3dlog.txt
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_hola_updater
.
.
(((((((((((((((((((((((((   Files Created from 2015-09-21 to 2015-10-21  )))))))))))))))))))))))))))))))
.
.
2015-10-21 21:19 . 2015-10-21 21:19 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2015-10-20 21:41 . 2015-10-20 21:41 -------- d-s---w- c:\windows\SysWow64\Microsoft
2015-10-04 00:23 . 2015-10-04 00:23 -------- d-----w- c:\users\Emilse\AppData\Local\Hola
2015-10-04 00:23 . 2015-10-04 00:23 -------- d-----w- c:\users\Emilse\AppData\Roaming\Hola
2015-10-04 00:19 . 2015-10-04 00:23 -------- d-----w- c:\program files\Hola
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-21 15:45 . 2015-04-06 03:39 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-19 09:32 . 2014-10-08 08:54 269992 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
2015-10-18 14:00 . 2015-08-21 00:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2015-10-10 16:01 . 2015-07-16 09:00 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2015-09-11 23:47 . 2014-04-16 02:06 632432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-08-11 04:59 . 2015-08-11 04:59 311296 ----a-r- c:\users\Emilse\AppData\Roaming\Microsoft\Installer\{64319B79-D347-4EF9-8AD5-AED5BAAC84A6}\NewShortcut2_8B9F28D0A014422E8EC455C002D57354.exe
2015-08-11 04:59 . 2015-08-11 04:59 311296 ----a-r- c:\users\Emilse\AppData\Roaming\Microsoft\Installer\{64319B79-D347-4EF9-8AD5-AED5BAAC84A6}\NewShortcut1_368C84B8BE234507B694FDFDEEC38ADB.exe
2015-08-11 04:59 . 2015-08-11 04:59 53248 ----a-r- c:\users\Emilse\AppData\Roaming\Microsoft\Installer\{64319B79-D347-4EF9-8AD5-AED5BAAC84A6}\ARPPRODUCTICON.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-16 02:16 222920 ----a-w- c:\users\Emilse\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-16 02:16 222920 ----a-w- c:\users\Emilse\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-16 02:16 222920 ----a-w- c:\users\Emilse\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Emilse\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-10-18 2030912]
"WTFast Tray"="c:\program files (x86)\WTFast\WTFast.exe" [2015-06-02 4711000]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2015-06-23 787592]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-08-07 53737488]
"Spotify"="c:\users\Emilse\AppData\Roaming\Spotify\Spotify.exe" [2015-10-18 7736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-08-23 56128]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-07-02 5515496]
"AdobeCEPServiceManager"="c:\program files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-03-13 1039248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 mailUpdate;mail update Service;c:\programdata\MailUpdate\mailUpdate.exe;c:\programdata\MailUpdate\mailUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe;c:\program files\CyberGhost VPN\CGVPNCliService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys;c:\windows\SYSNATIVE\DRIVERS\ssudobex.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 ClickToRunSvc;Servicio Hacer clic y ejecutar de Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 hola_svc;Hola Better Internet Engine;c:\program files\Hola\app\hola_svc.exe;c:\program files\Hola\app\hola_svc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-15 23:04 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.71\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-05-11 10:37 215264 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-02 18:54]
.
2015-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-07 17:54]
.
2015-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-07 17:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-16 02:16 261832 ----a-w- c:\users\Emilse\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-16 02:16 261832 ----a-w- c:\users\Emilse\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-16 02:16 261832 ----a-w- c:\users\Emilse\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-09-11 08:26 2340472 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-09-11 08:26 2340472 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-09-11 08:26 2340472 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-07-01 21:42 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2015-01-30 173672]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2015-01-30 401512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2015-01-30 444520]
"hola"="c:\program files\Hola\app\hola.exe" [2015-10-04 2032256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.sxe-anticheat.com/
uDefault_Search_URL = www.google.com
mStart Page = hxxp://search.sxe-anticheat.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://search.sxe-anticheat.com/
mSearch Bar = hxxp://www.google.com
mDefault_Page_URL = hxxp://search.sxe-anticheat.com/
mDefault_Search_URL = hxxp://search.sxe-anticheat.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Emilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: %SystemRoot%\system32\WTFastDrv.dll
Trusted Zone: hola.org
TCP: DhcpNameServer = 200.42.4.203 200.49.130.40
FF - ProfilePath - c:\users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\
FF - prefs.js: browser.search.selectedEngine - webssearches
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-DivXMediaServer - c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
Toolbar-Locked - (no file)
AddRemove-SpyHunter - c:\users\Emilse\AppData\Roaming\Enigma Software Group\sh_installer.exe
AddRemove-sXe Injected - c:\program files (x86)\sXe Injected\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
   8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}"=hex:51,66,7a,6c,4c,1d,38,12,15,21,99,
   35,ad,10,d3,00,f6,8f,3c,cf,15,94,08,e1
"{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}"=hex:51,66,7a,6c,4c,1d,38,12,c3,8a,99,
   0a,e5,db,85,05,f2,8b,4b,7e,f2,58,2e,15
"{11111111-1111-1111-1111-110511131156}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
   15,23,5f,7f,54,6e,07,52,45,14,4d,55,42
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-10-21  18:39:38 - machine was rebooted
ComboFix-quarantined-files.txt  2015-10-21 21:39
.
Pre-Run: 124.307.566.592 bytes libres
Post-Run: 124.852.723.712 bytes libres
.
- - End Of File - - 1BBBA4076207A5219ABC1A3F430A2020


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:12 AM

Posted 21 October 2015 - 04:58 PM

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Cute

Cute
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:12 PM

Posted 21 October 2015 - 10:40 PM

Hello Jürgen, after several hours of scanning, i finished! ESET found 160 infected files!

Here are the logs:

From step 1:
Adwcleaner
 

# AdwCleaner v5.014 - Registro generado 21/10/2015 en 20:17:08
# Actualizado 18/10/2015 por Xplode
# Base de datos : 2015-10-18.5 [Servidor]
# Sistema operativo : Windows 8 Single Language  (x64)
# Nombre de usuario : Emilse - FAMILIA
# Ejecutado desde : C:\Users\Emilse\Desktop\AdwCleaner.exe
# Opción : Limpiar
 
***** [ Servicios ] *****
 
[-] $L_SERVICE$ Eliminar : hola_svc
[-] $L_SERVICE$ Eliminar : mailUpdate
 
***** [ Carpetas ] *****
 
[-] Carpeta Eliminar : C:\Program Files\Hola
[#] Carpeta Eliminar : C:\ProgramData\mntemp
[-] Carpeta Eliminar : C:\Users\Emilse\AppData\Local\Hola
[-] Carpeta Eliminar : C:\Users\Emilse\AppData\Roaming\Hola
 
***** [ Archivos ] *****
 
[-] Archivo Eliminar : C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ippenodjaoidmkkfdlmdhofiebnpjddb
[-] Archivo Eliminar : C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
[-] Archivo Eliminar : C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] Archivo Eliminar : C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage
[-] Archivo Eliminar : C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
[-] Archivo Eliminar : C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] Archivo Eliminar : C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] Archivo Eliminar : C:\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\user.js
 
***** [ DLLs ] *****
 
 
***** [ Accesos directos ] *****
 
 
***** [ Tareas programadas ] *****
 
 
***** [ Registro ] *****
 
[-] Llave Eliminar : HKCU\Software\MozillaPlugins\@hola.org/FlashPlayer
[-] Llave Eliminar : HKCU\Software\MozillaPlugins\@hola.org/vlc
[-] Valor Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Valor Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Valor Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] Valor Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
[-] Llave Eliminar : HKU\.DEFAULT\Software\Hola
[-] Llave Eliminar : HKCU\Software\APN PIP
[-] Llave Eliminar : HKCU\Software\simplytech
[-] Llave Eliminar : HKCU\Software\Linkey
[-] Llave Eliminar : HKCU\Software\Kromtech
[-] Llave Eliminar : HKCU\Software\Hola
[-] Llave Eliminar : HKLM\SOFTWARE\SpeedBit
[-] Llave Eliminar : HKLM\SOFTWARE\AIM Toolbar
[-] Llave Eliminar : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[!] Llave No Eliminar : [x64] HKCU\Software\APN PIP
[!] Llave No Eliminar : [x64] HKCU\Software\simplytech
[!] Llave No Eliminar : [x64] HKCU\Software\Linkey
[!] Llave No Eliminar : [x64] HKCU\Software\Kromtech
[!] Llave No Eliminar : [x64] HKCU\Software\Hola
[-] Llave Eliminar : [x64] HKLM\SOFTWARE\Hola
[-] Llave Eliminar : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hola
 
***** [ Navegadores Web ] *****
 
[-] [C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Eliminar : hxxp://www.mystartsearch.com/webfavicon.ico
 
*************************
 
:: Winsock Configuración borrada
 
########## EOF - C:\AdwCleaner\AdwCleaner[C10].txt - [3953 bytes] ##########


From step 2: Malwarebytes Anti-Malware

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 21/10/2015
Scan Time: 20:28
Logfile: Malware Logs.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.10.21.07
Rootkit Database: v2015.10.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Emilse
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 433868
Time Elapsed: 1 hr, 25 min, 0 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

From step 3: ESET Online Scanner

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=20805a1ecc75a946b7f758a0a8a275ae
# end=init
# utc_time=2015-10-22 12:57:51
# local_time=2015-10-21 09:57:51 (-0300, Hora estándar de Argentina)
# country="Spain"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 26351
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=20805a1ecc75a946b7f758a0a8a275ae
# end=updated
# utc_time=2015-10-22 01:09:26
# local_time=2015-10-21 10:09:26 (-0300, Hora estándar de Argentina)
# country="Spain"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=20805a1ecc75a946b7f758a0a8a275ae
# engine=26351
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-10-22 03:23:26
# local_time=2015-10-22 12:23:26 (-0300, Hora estándar de Argentina)
# country="Spain"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 7757749 208979496 0 0
# compatibility_mode_1='Windows Defender'
# compatibility_mode=5896 16777214 100 94 62456273 72681281 0 0
# scanned=361474
# found=160
# cleaned=0
# scan_time=8040
sh=FF674DD27EDBFDA9359E6BBD4C016D587C48B611 ft=1 fh=e02732df34f91c1e vn="a variant of Win32/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe.vir"
sh=C572A7090992A4618F2991C65F3887DB68152571 ft=1 fh=707b364b5ec15723 vn="a variant of Win32/AdWare.EoRezo.AU application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\fst_ar_35\freeSoftToday_widget.exe.vir"
sh=1FA5ED136F35635CF469178A36574E2CD7AD57AD ft=1 fh=958dfe81a42898de vn="a variant of Win32/AdWare.EoRezo.AU application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\fst_ar_35\fst_ar_35.exe.vir"
sh=8614B6CF7A8A48BBA0DF5ACF3D45BC2122D51289 ft=1 fh=3d7613e2703b73a0 vn="a variant of Win32/AdWare.EoRezo.AU application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\fst_ar_9\freeSoftToday_widget.exe.vir"
sh=73811DE77DF1F56DA57D06F14129270599CF9CA4 ft=1 fh=8e31c25bce9eafb4 vn="a variant of Win32/AdWare.EoRezo.AU application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\fst_ar_9\fst_ar_9.exe.vir"
sh=6F06CB36690808517A24E7CEDC3D6896D9BE5B7F ft=1 fh=341fbac6c7a8b989 vn="Win32/Packed.ScrambleWrapper.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FTDownloader.com\FLTextsetup.exe.vir"
sh=58B5ECA6356C4BE712A4376A3941E693B83E3C3F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid-Codec V9.0\51356.crx.vir"
sh=00A559F12816F1E9B5C6C6AEDF07D52556898077 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid-Codec V9.0\51356.xpi.vir"
sh=DA0457118DC231E4FE625F4DCB4844FFC10450CE ft=1 fh=3a4703d34939e784 vn="a variant of Win32/Toolbar.CrossRider.AA potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-bg.exe.vir"
sh=D7D5A8E6041E50654053239E94CE03655724FF96 ft=1 fh=c71c001136629799 vn="a variant of Win32/Toolbar.CrossRider.AA potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-bho.dll.vir"
sh=D406941B1C6773213376100ADE2D21B06F0BEE31 ft=1 fh=765cec410beb74a0 vn="a variant of Win64/Toolbar.Crossrider.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-bho64.dll.vir"
sh=EBD8B7D8C2F80DFFB697ABB457B37120B7FEC9C4 ft=1 fh=c71c0011c30048ca vn="a variant of Win32/Toolbar.CrossRider.AA potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-buttonutil.dll.vir"
sh=5EDB9B7497D066F095D29956308E5423E973E2FE ft=1 fh=3d74ec2933ed1ae8 vn="a variant of Win32/Toolbar.CrossRider.AA potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-buttonutil.exe.vir"
sh=BC7A52C247984FB29E334447DF167CABAD0A034E ft=1 fh=c71c00112eab44a0 vn="a variant of Win64/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-buttonutil64.dll.vir"
sh=CEDDFB7FEC9540773D209A788C16426CC385DC83 ft=1 fh=3d74ec290fa9caae vn="a variant of Win64/Toolbar.Crossrider.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-buttonutil64.exe.vir"
sh=F54C071C9AC7BADF4117946325D01C3A3AAB3A94 ft=1 fh=bae49b432149cc06 vn="a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-chromeinstaller.exe.vir"
sh=E6DB097AB7186E43AF0081572944D1A06E14033C ft=1 fh=bbb8879674a843d0 vn="a variant of Win32/Toolbar.CrossRider.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-codedownloader.exe.vir"
sh=4AE3DABD84C3A57771F049E490F7FF5F695690C9 ft=1 fh=27fa93204183485e vn="a variant of Win32/Toolbar.CrossRider.AC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-enabler.exe.vir"
sh=CDC2D9E1FB8F197214F5BED24BFAA99CE1BA42E4 ft=1 fh=30ba0779b7052969 vn="a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-firefoxinstaller.exe.vir"
sh=961A755F7144E3FCF7C1A759ED58FD68121F1B37 ft=1 fh=647b49f118fc6865 vn="a variant of Win32/Toolbar.CrossRider.BQ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-helper.exe.vir"
sh=97550743FBEA49C1312E50689F69F65A941ECBE8 ft=1 fh=17db78a4396a87f4 vn="a variant of Win32/Toolbar.CrossRider.AC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-updater.exe.vir"
sh=A5CEA770F2B0CE6DBCF19A34AFA2EC265B411971 ft=1 fh=5fee560e784e5f2d vn="a variant of Win32/Toolbar.CrossRider.BP potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid-Codec V9.0\Uninstall.exe.vir"
sh=49448B5DE799AECA9D7B98080F94861551BA6A9B ft=1 fh=7e05902df47f29df vn="Win32/Toolbar.CrossRider.AB potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid-Codec V9.0\utils.exe.vir"
sh=C333FF75FA536C3EBEC7C14007F57D63FA062C88 ft=1 fh=0de28d41e92b06b2 vn="Win32/Packed.ScrambleWrapper.M potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvidCodec.com\hdvidextsetup.exe.vir"
sh=7F0C0B1EC1F7BFAC85A0B474FAE3F6F35D652C76 ft=1 fh=6a2aac723764a557 vn="Win32/Bundled.Toolbar.Ask.L potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\hotspot shield\Uninstall.exe.vir"
sh=E16893EC0AB084A8DB5F87A5C9A29B0B2846D7F9 ft=1 fh=cca47823c3292533 vn="a variant of Win32/Toolbar.Iminent.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\inst\Bootstrapper\IminentUninstall.exe.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir"
sh=570EB9952C88AF1EBF1B6E444948897310CCDC6B ft=1 fh=8dd053864897c267 vn="a variant of Win32/Adware.Mobogenie.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=E948D6C26EC43F7D597F9A8FC87D76E129932A9C ft=1 fh=8fda387ff5876f09 vn="a variant of Win32/Adware.EoRezo.AJ application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\fst_ar_35\upfst_ar_35.exe.vir"
sh=C13E6DDED21A40B46D2187CFEA6B86215143230F ft=1 fh=0a6eca5e3db47aec vn="a variant of Win32/Adware.EoRezo.AJ application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\fst_ar_9\upfst_ar_9.exe.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\genienext\nengine.dll.vir"
sh=A8BA4E33B30E22D5D23E01A6B0D52F21CF7181FB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\102_dealply_m.js.vir"
sh=CAC7F1D8D20B1F969BFEF1FEB2607752AA3F5DA9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=A1A2EC28719D19EC77B6A46A980A71FDE5E500AE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=ADB5D656E327D79C167FB53F0C9E8567AC7D297E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=07E7242E737B1924CA063AD8A18577661B6879A3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.O potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\14_CrossriderUtils.js.vir"
sh=73D7B96272D6B2775D77D0FCD72450BBC9C497D4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=57C69E7658E279B31B9FA45CCDC152F557936F92 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\175_coolmirage_m.js.vir"
sh=7EF151342936737A0EE87FF356E947372CE76900 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=12250796C9BC4714E3CB074EEC5A3B720E211DBE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\190_pops_5_m.js.vir"
sh=0BA9CC9FECD2F0FDE005631D6733406D491349F9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir"
sh=422ADC32103BA63A199F74837A656FC5EF4FC677 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\195_icm_convertmedia_m.js.vir"
sh=3B861553E2E5AB5258BAE46D7A6FD4EAE9705B69 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\19_CHAppAPIWrapper.js.vir"
sh=63D3217BF16BFB37091DD90C82E573D8CA13F08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\1_base.js.vir"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\21_debug.js.vir"
sh=AB37C567C86E950E0EEFC156AA3D9CB665729C40 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\220_icm_base_m.js.vir"
sh=92B962D1D4139AC19651CB941172295556B55597 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\223_imonomy_m.js.vir"
sh=E2543CA976B98D802C4A5A026450378DA3089F7D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\246_setup.js.vir"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\28_initializer.js.vir"
sh=2EBC101982648313FFE20510A6C6754410F9D89B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.M potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\47_resources_background.js.vir"
sh=148CA44D7C0A3E2F5E2A3D38EFC5D999D2701A84 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\64_appApiMessage.js.vir"
sh=DC790DFB6D4E0C15D927A3B20EFC147F44D4F5E7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=6525880159970F06A065C9AF1F007668456E7003 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=02E56AAFE10A8928A4C7E6CE7AC4AD724982177A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\97_resourceApiWrapper.js.vir"
sh=34C11A75B2A93EDE2B3B945AA6A09250EF5C06F4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\js\background.js.vir"
sh=832ADA6E9B2673CA1DE314A566FF76316F0A2997 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\js\api\chrome.js.vir"
sh=F4FE303A5886572113DF4DA3579956CEBB907F56 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\js\api\cookie.js.vir"
sh=FD2A3FEFF97D325433D2011C5ED5755B6D6A8FAA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\js\api\message.js.vir"
sh=F12AB7ECE7B656776B6C51962B568E2ABCDE1D4D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\js\api\monitor.js.vir"
sh=CA4563F63D05349DF3C504C456185B7559177496 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\js\lib\bg_app_api.js.vir"
sh=6B8D57805A81A0C2A68E87C410FF89D15BB71CC9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\js\lib\cookie_store.js.vir"
sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\js\lib\crossriderAPI.js.vir"
sh=EDB82EF0A2AC160256F1A5C49F0778E3A42AC559 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\js\lib\events.js.vir"
sh=902E327ADBC89F0A47999D10E7F6F6554CFCC0F4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\js\lib\onBGDocumentLoad.js.vir"
sh=09D5AE4A80F65C6B9123A1F494E3E181BF3C46FD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\js\lib\reports.js.vir"
sh=BE038417E468CAA3BBA91CFFD2F554922504407C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\js\lib\util.js.vir"
sh=D88F73897D0415B880A52D98AACBCBA8372956B2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\js\lib\xhr.js.vir"
sh=DD6FCCEDC3FD751B163389DB9F1C3BC91CFDADC0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.O potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\extensionData\plugins\14_CrossriderUtils.js.vir"
sh=E87ABD87A6168E160F36A5CE9E444C1719F203DC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=3B861553E2E5AB5258BAE46D7A6FD4EAE9705B69 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\extensionData\plugins\19_CHAppAPIWrapper.js.vir"
sh=63D3217BF16BFB37091DD90C82E573D8CA13F08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\extensionData\plugins\1_base.js.vir"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\extensionData\plugins\21_debug.js.vir"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\extensionData\plugins\28_initializer.js.vir"
sh=2EBC101982648313FFE20510A6C6754410F9D89B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.M potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\extensionData\plugins\47_resources_background.js.vir"
sh=148CA44D7C0A3E2F5E2A3D38EFC5D999D2701A84 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\extensionData\plugins\64_appApiMessage.js.vir"
sh=98B08CD93EE71B7F004706196B4D415BB5647686 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=02E56AAFE10A8928A4C7E6CE7AC4AD724982177A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\extensionData\plugins\97_resourceApiWrapper.js.vir"
sh=34C11A75B2A93EDE2B3B945AA6A09250EF5C06F4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\js\background.js.vir"
sh=832ADA6E9B2673CA1DE314A566FF76316F0A2997 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\js\api\chrome.js.vir"
sh=F4FE303A5886572113DF4DA3579956CEBB907F56 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\js\api\cookie.js.vir"
sh=FD2A3FEFF97D325433D2011C5ED5755B6D6A8FAA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\js\api\message.js.vir"
sh=F12AB7ECE7B656776B6C51962B568E2ABCDE1D4D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\js\api\monitor.js.vir"
sh=CA4563F63D05349DF3C504C456185B7559177496 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\js\lib\bg_app_api.js.vir"
sh=6B8D57805A81A0C2A68E87C410FF89D15BB71CC9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\js\lib\cookie_store.js.vir"
sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\js\lib\crossriderAPI.js.vir"
sh=EDB82EF0A2AC160256F1A5C49F0778E3A42AC559 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\js\lib\events.js.vir"
sh=902E327ADBC89F0A47999D10E7F6F6554CFCC0F4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\js\lib\onBGDocumentLoad.js.vir"
sh=09D5AE4A80F65C6B9123A1F494E3E181BF3C46FD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\js\lib\reports.js.vir"
sh=BE038417E468CAA3BBA91CFFD2F554922504407C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\js\lib\util.js.vir"
sh=D88F73897D0415B880A52D98AACBCBA8372956B2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.9_0\js\lib\xhr.js.vir"
sh=E075096D25B65981B61BA64BD595310C95BEA7B2 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.35.zip.vir"
sh=65DBF1D094F3C63AD12C8F034D8D132A962FA46E ft=1 fh=073c304ffb9fa3a8 vn="a variant of Win32/Adware.Mobogenie.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\aapt.exe.vir"
sh=B7832A1BC15B67EEA01C25B6C688021372FB4656 ft=1 fh=217f6af847730ddc vn="a variant of Win32/Adware.Mobogenie.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\CrashReport.exe.vir"
sh=85CC7149AE9F5B9C345C6E4291159EDB1E6D4AA2 ft=1 fh=28079c1ecc971f93 vn="a variant of Win32/Adware.Mobogenie.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\CrashRpt.dll.vir"
sh=460FAB593C52A20FF1C135BCB9045359E8D08DA4 ft=1 fh=7d490d691a4e705b vn="Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=9E2C3D7CDEDE2543CC0F7960D9837D1B6D2BE75F ft=1 fh=7a481a0f621bd9cc vn="a variant of Win32/Adware.Mobogenie.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\devcon_x64.exe.vir"
sh=E54955407B312B936C2873446E59355F0EA5CA73 ft=1 fh=d287fe18b11aa882 vn="a variant of Win32/Adware.Mobogenie.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\devcon_x86.exe.vir"
sh=7C8ADC955B8805D819D663DAB3E3875E4C55D72A ft=1 fh=82368099707bc5e6 vn="a variant of Win32/Adware.Mobogenie.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DriverInstall_x64.exe.vir"
sh=EB41EE3BAB58E356677FAE6BE0405D3AB1403FD9 ft=1 fh=61913740263e2abe vn="a variant of Win32/Adware.Mobogenie.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DriverInstall_x86.exe.vir"
sh=8EE77C3EA732059837B316BEEE37A0809CD68F0B ft=1 fh=77f6a6fe09a20461 vn="a variant of Win32/Adware.Mobogenie.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\lsusb.exe.vir"
sh=F62E24423D06DDAF273DFFBA831C25EBC13B82EE ft=1 fh=9b120be6f077dc20 vn="a variant of Win32/Adware.Mobogenie.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mgadb.exe.vir"
sh=02D365A799FDCBF8C8A507FCFC69946B402FEA53 ft=1 fh=92f3782890b0d44b vn="a variant of Win32/Adware.Mobogenie.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mgusb.exe.vir"
sh=A0FD1396ED2D7B79BDFB9AF24FD98AC701632E07 ft=1 fh=32cb4b5a2245d585 vn="a variant of Win32/Adware.Mobogenie.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=B3E9B985A45EF896577466209FC1FDEDB066EB70 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir"
sh=570EB9952C88AF1EBF1B6E444948897310CCDC6B ft=1 fh=8dd053864897c267 vn="a variant of Win32/Adware.Mobogenie.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=8C6F55634ADBCA6FAA8101C1B2FB024B4855499D ft=1 fh=2876557c9c75ac21 vn="a variant of Win32/Adware.Mobogenie.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\OutlookOperatorC.exe.vir"
sh=FEFE2A148E52A40A6A50C4FF7874F9C6F938910C ft=1 fh=a6e6b06e2f656293 vn="Win32/Toolbar.Babylon.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=0BA5FA78AED9104CF7E5A9B423F628AE34B6E8FC ft=1 fh=d2d2f2936e8e61a6 vn="Win32/Toolbar.Babylon.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\BabSolution\Shared\BUSolution.dll.vir"
sh=A71DCC8E809C572288416AD6965CE264770A34D7 ft=1 fh=3218f9fa4b043cb8 vn="a variant of Win32/Toolbar.Babylon.AD potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\BabSolution\Shared\GUninstaller.exe.vir"
sh=2A19E8791533376D8F930704C7487B990BE5B7CD ft=1 fh=a0530847b5c3752d vn="Win32/DownWare.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe.vir"
sh=2D3CF968E4458C385391B68A3BB4380B6BDCEDB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\chrome\content\core\xhr.js.vir"
sh=1484BCD0610A33CE49FBF5CE56BCD9F5AC9F3C67 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\102_dealply_m.js.vir"
sh=CAC7F1D8D20B1F969BFEF1FEB2607752AA3F5DA9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=A1A2EC28719D19EC77B6A46A980A71FDE5E500AE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=CCB558B5687695BA7F2AE8E878E8849383548D4F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=07E7242E737B1924CA063AD8A18577661B6879A3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.O potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\14_CrossriderUtils.js.vir"
sh=73D7B96272D6B2775D77D0FCD72450BBC9C497D4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=57C69E7658E279B31B9FA45CCDC152F557936F92 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\175_coolmirage_m.js.vir"
sh=0A04CA47526BEAE09C879B10373942CFCDE3C9E0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=12250796C9BC4714E3CB074EEC5A3B720E211DBE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\190_pops_5_m.js.vir"
sh=F8560D39A3C1164D953875839862D8A47D471648 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir"
sh=422ADC32103BA63A199F74837A656FC5EF4FC677 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\195_icm_convertmedia_m.js.vir"
sh=63D3217BF16BFB37091DD90C82E573D8CA13F08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\1_base.js.vir"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\21_debug.js.vir"
sh=122207C2834F8BBAC8FB7CA2E7D6DF60A935577E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\223_imonomy_m.js.vir"
sh=CA8EB6A3D414C06F4A4A55BC59116ACCAD6E9E27 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\246_setup.js.vir"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\28_initializer.js.vir"
sh=2EBC101982648313FFE20510A6C6754410F9D89B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.M potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\47_resources_background.js.vir"
sh=148CA44D7C0A3E2F5E2A3D38EFC5D999D2701A84 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\64_appApiMessage.js.vir"
sh=C44FEB9DD6271C71E9D4B4899D73CAA0F5F93746 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=5810D811E806061FDDD29AB9A8C3F6BAB99CA27D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=858524ED0C62DA7FEE38A551865CCDE45A41C289 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\sweetsearch@gmail.com\chrome\content\toolbar.js.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\newnext.me\nengine.dll.vir"
sh=9347E6FE9D55EB4F85C353E976AC3B554A83DDB4 ft=1 fh=b8e5ebbff77d2972 vn="a variant of Win32/SpeedUpMyPC.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Emilse\AppData\Roaming\OpenCandy\103B85D647AD405E85D78C03EC72A18B\speedupmypcROW.exe.vir"
sh=439BAEA6D4BD9496EA429CD024074F690B79AEA3 ft=1 fh=ec5b8e3f73eaf58c vn="a variant of Win32/Small.NIF trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\~C4D219.tmp.xBAD"
sh=02A40E3489799CCA06F3793FFCB9225E65F53601 ft=1 fh=fdeeb0affd325f87 vn="MSIL/FakeTool.PS trojan" ac=I fn="C:\Program Files\Adware-Removal-Tool\ARTP3.exe"
sh=19E22673015E434412BA7E7E2F149EDE26208C48 ft=1 fh=f2c3f4a195892f9d vn="Win32/AdWare.1ClickDownload.AQ application" ac=I fn="C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\File System\007\t\00\00000000"
sh=19E22673015E434412BA7E7E2F149EDE26208C48 ft=1 fh=f2c3f4a195892f9d vn="Win32/AdWare.1ClickDownload.AQ application" ac=I fn="C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\File System\007\t\00\00000001"
sh=3395E76ED69C29E96955998DDFD53A3B92489651 ft=1 fh=d8b6024ba5c33e8c vn="Win32/Adware.1ClickDownload.AX application" ac=I fn="C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\File System\008\t\00\00000000"
sh=D15028ADDF11DAE65EB25AA1E16A32154030C31F ft=1 fh=8bd062efbadd970f vn="Win32/Adware.1ClickDownload.AX application" ac=I fn="C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\File System\009\t\00\00000000"
sh=132A634CC12E3DCAFE0AF73A4F920562210D2E2D ft=1 fh=fdc98dc34048b16b vn="Win32/Adware.1ClickDownload.AX application" ac=I fn="C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\File System\009\t\00\00000001"
sh=4B02834326D7522FE2BF77336D415BACDCC120B7 ft=1 fh=e06fd6c2f548e716 vn="Win32/Adware.1ClickDownload.AX application" ac=I fn="C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\File System\015\t\00\00000000"
sh=3AA3B66E897BD32F8805085CA4C723619D75881F ft=1 fh=88750973a2da3b16 vn="a variant of Win32/SoftPulse.H potentially unwanted application" ac=I fn="C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\File System\016\t\00\00000000"
sh=439BAEA6D4BD9496EA429CD024074F690B79AEA3 ft=1 fh=ec5b8e3f73eaf58c vn="a variant of Win32/Small.NIF trojan" ac=I fn="C:\Program Files (x86)\Lineage II\system\vorbisfile.dll"
sh=439BAEA6D4BD9496EA429CD024074F690B79AEA3 ft=1 fh=ec5b8e3f73eaf58c vn="a variant of Win32/Small.NIF trojan" ac=I fn="C:\Program Files (x86)\Lineage II\systemSanity\vorbisfile.dll"
sh=439BAEA6D4BD9496EA429CD024074F690B79AEA3 ft=1 fh=ec5b8e3f73eaf58c vn="a variant of Win32/Small.NIF trojan" ac=I fn="C:\Program Files (x86)\Lineage II\systemXerus\vorbisfile.dll"
sh=439BAEA6D4BD9496EA429CD024074F690B79AEA3 ft=1 fh=ec5b8e3f73eaf58c vn="a variant of Win32/Small.NIF trojan" ac=I fn="C:\Program Files (x86)\Lineage II\systemxerusold\vorbisfile.dll"
sh=19E22673015E434412BA7E7E2F149EDE26208C48 ft=1 fh=f2c3f4a195892f9d vn="Win32/AdWare.1ClickDownload.AQ application" ac=I fn="C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000"
sh=19E22673015E434412BA7E7E2F149EDE26208C48 ft=1 fh=f2c3f4a195892f9d vn="Win32/AdWare.1ClickDownload.AQ application" ac=I fn="C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000001"
sh=3395E76ED69C29E96955998DDFD53A3B92489651 ft=1 fh=d8b6024ba5c33e8c vn="Win32/Adware.1ClickDownload.AX application" ac=I fn="C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\File System\008\t\00\00000000"
sh=D15028ADDF11DAE65EB25AA1E16A32154030C31F ft=1 fh=8bd062efbadd970f vn="Win32/Adware.1ClickDownload.AX application" ac=I fn="C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\File System\009\t\00\00000000"
sh=132A634CC12E3DCAFE0AF73A4F920562210D2E2D ft=1 fh=fdc98dc34048b16b vn="Win32/Adware.1ClickDownload.AX application" ac=I fn="C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\File System\009\t\00\00000001"
sh=4B02834326D7522FE2BF77336D415BACDCC120B7 ft=1 fh=e06fd6c2f548e716 vn="Win32/Adware.1ClickDownload.AX application" ac=I fn="C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\File System\015\t\00\00000000"
sh=3AA3B66E897BD32F8805085CA4C723619D75881F ft=1 fh=88750973a2da3b16 vn="a variant of Win32/SoftPulse.H potentially unwanted application" ac=I fn="C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\File System\016\t\00\00000000"
sh=C3EB68821E4A811137A32F2582A504F20A88FBDA ft=1 fh=c838f18768b7b9d4 vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\Users\Emilse\AppData\Roaming\uTorrent\uTorrent.exe"
sh=C3EB68821E4A811137A32F2582A504F20A88FBDA ft=1 fh=c838f18768b7b9d4 vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\Users\Emilse\AppData\Roaming\uTorrent\updates\3.4.3_40298.exe"
sh=66F59F946B116D84B2787EE2010CE6D1CC2635D9 ft=1 fh=fc91a06500238816 vn="Win32/DownloadAdmin.H potentially unwanted application" ac=I fn="C:\Users\Emilse\Desktop\Lau\hotspotshield-setup_540.exe"
sh=5E6A5F8E6844B02861731F2DDD4BC71B3EE45519 ft=1 fh=8b584825871a4b71 vn="a variant of Win32/Packed.Themida suspicious application" ac=I fn="C:\Users\Emilse\Downloads\sXeInjectedSetup.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"

And from step 4: FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
Ran by Emilse (administrator) on FAMILIA (22-10-2015 00:28:50)
Running from C:\Users\Emilse\Desktop
Loaded Profiles: Emilse (Available Profiles: Emilse & fbwuser)
Platform: Windows 8 Single Language (X64) Language: Español (España, internacional)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Flux Software LLC) C:\Users\Emilse\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe --silent
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-02] (Avast Software s.r.o.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\Run: [Spotify Web Helper] => C:\Users\Emilse\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-10-17] (Spotify Ltd)
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\Run: [WTFast Tray] => C:\Program Files (x86)\WTFast\WTFast.exe [4711000 2015-06-02] (AAA Internet Publishing, Inc.)
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-06-23] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53737488 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\Run: [Spotify] => C:\Users\Emilse\AppData\Roaming\Spotify\Spotify.exe [7736128 2015-10-17] (Spotify Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-01] (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 200.42.4.203 200.49.130.40
Tcpip\..\Interfaces\{77061900-1331-4C66-BC92-6C849285C112}: [DhcpNameServer] 200.42.4.203 200.49.130.40
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.sxe-anticheat.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.sxe-anticheat.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.sxe-anticheat.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.sxe-anticheat.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.sxe-anticheat.com/
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.bangho.com.ar
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2118594802-1783837968-1324960856-1001 -> DefaultScope {33D59858-89D9-4AC2-A956-93875EB02323} URL = hxxp://search.sxe-anticheat.com/?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2118594802-1783837968-1324960856-1001 -> {33D59858-89D9-4AC2-A956-93875EB02323} URL = hxxp://search.sxe-anticheat.com/?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-01] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-01] (Avast Software s.r.o.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Emilse\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-10] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2118594802-1783837968-1324960856-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Emilse\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\searchplugins\localstrike-search.xml [2013-12-15]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\creativecommons.xml [2014-07-30]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolibre-ar.xml [2014-07-30]
FF Extension: leethax.net extension - C:\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\leethax@leethax.net.xpi [2013-10-02] [not signed]
FF Extension: NewTabURL - C:\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\newtaburl_local.xpi [2011-08-30] [not signed]
FF Extension: Greasemonkey - C:\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-08-04]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-01] [not signed]
FF HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]
FF Extension: No Name - C:\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\extensions\defsearchp@gmail.com [not found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Presentaciones de Google) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-22]
CHR Extension: (Google Docs) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-22]
CHR Extension: (Google Drive) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Búsqueda de Google) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-22]
CHR Extension: (iMacros for Chrome) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp [2015-07-31]
CHR Extension: (Media Hint) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdagjpilmpmajpmgcojcppnhjjogfcn [2014-06-26] [UpdateUrl: hxxps://127.0.0.1] <==== ATTENTION
CHR Extension: (Hojas de cálculo de Google) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-22]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (AdBlock) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-14]
CHR Extension: (Hola - VPN Libre Ilimitada) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-10-18]
CHR Extension: (z player) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\klkkmdbmkipeeddocomfppoidkollfcj [2015-07-02]
CHR Extension: (Skype Click to Call) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-13]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR Extension: (Reproductor Z) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohbfcalhonopbkinbhdgdkgbjddgadon [2015-09-02]
CHR Extension: (Gmail) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-01] (Avast Software s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-09-22] (Nalpeiron Ltd.) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4702568 2012-10-24] (INCA Internet Co., Ltd.) [File not signed]
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-02] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-01] ()
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-04-22] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-01-24] ()
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [46792 2013-06-20] (AnchorFree Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
S3 ssudobex; C:\Windows\system32\DRIVERS\ssudobex.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [36288 2013-07-01] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [247216 2013-07-01] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 wanatw; \SystemRoot\system32\DRIVERS\wanatw64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-22 00:28 - 2015-10-22 00:28 - 00000000 ____D C:\Users\Emilse\Desktop\FRST-OlderVersion
2015-10-21 21:57 - 2015-10-21 21:57 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-21 21:56 - 2015-10-21 21:55 - 02870984 _____ (ESET) C:\Users\Emilse\Desktop\esetsmartinstaller_enu.exe
2015-10-21 21:55 - 2015-10-21 21:55 - 02870984 _____ (ESET) C:\Users\Emilse\Downloads\esetsmartinstaller_enu.exe
2015-10-21 20:22 - 2015-10-22 00:26 - 00000000 ____D C:\Users\Emilse\Desktop\Miercoles 21
2015-10-21 20:14 - 2015-10-21 20:14 - 01691648 _____ C:\Users\Emilse\Downloads\AdwCleaner.exe
2015-10-21 20:14 - 2015-10-21 20:14 - 01691648 _____ C:\Users\Emilse\Desktop\AdwCleaner.exe
2015-10-21 18:39 - 2015-10-21 18:39 - 00021759 _____ C:\ComboFix.txt
2015-10-21 17:59 - 2015-10-21 18:39 - 00000000 ____D C:\Qoobox
2015-10-21 17:59 - 2015-10-21 18:37 - 00000000 ____D C:\Windows\erdnt
2015-10-21 17:59 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-21 17:59 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-21 17:59 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-21 17:59 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-21 17:59 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-21 17:59 - 2000-08-30 21:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-10-21 17:59 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-21 17:59 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-21 17:59 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-21 17:57 - 2015-10-21 17:57 - 05637184 ____R (Swearware) C:\Users\Emilse\Desktop\ComboFix.exe
2015-10-21 17:57 - 2015-10-21 17:57 - 05637184 _____ (Swearware) C:\Users\Emilse\Downloads\ComboFix.exe
2015-10-21 12:49 - 2015-10-21 12:49 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Emilse\Desktop\tdsskiller.exe
2015-10-20 18:47 - 2015-10-22 00:29 - 00022132 _____ C:\Users\Emilse\Desktop\FRST.txt
2015-10-20 18:47 - 2015-10-20 18:47 - 00054441 _____ C:\Users\Emilse\Desktop\Addition.txt
2015-10-20 18:36 - 2015-10-20 18:44 - 00054441 _____ C:\Users\Emilse\Downloads\Addition.txt
2015-10-20 18:35 - 2015-10-20 18:44 - 00040429 _____ C:\Users\Emilse\Downloads\FRST.txt
2015-10-20 18:33 - 2015-10-22 00:28 - 02196480 _____ (Farbar) C:\Users\Emilse\Desktop\FRST64.exe
2015-10-20 17:36 - 2015-10-20 17:36 - 00000089 _____ C:\Users\Emilse\Desktop\High usage forum help.txt
2015-10-20 13:21 - 2015-10-20 13:21 - 01186640 _____ C:\Users\Emilse\Downloads\ProcessExplorer.zip
2015-10-16 21:33 - 2015-10-16 21:34 - 00005909 _____ C:\Users\Emilse\Downloads\LOL_OPGG_Observer_256419835_spectate.bat
2015-10-15 09:09 - 2015-10-15 09:09 - 00000000 ____D C:\Windows\pss
2015-10-12 20:35 - 2015-10-12 20:35 - 00048988 _____ C:\Users\Emilse\Downloads\The Walking Dead 6x01 - First Time Again (Español (Latinoamérica)).srt
2015-10-06 23:19 - 2015-10-06 23:19 - 00005918 _____ C:\Users\Emilse\Downloads\LOL_OPGG_Observer_1965814764_replay.bat
2015-10-06 23:11 - 2015-10-06 23:11 - 00005920 _____ C:\Users\Emilse\Downloads\LOL_OPGG_Observer_2325384464_replay.bat
2015-10-06 22:53 - 2015-10-06 22:53 - 00005918 _____ C:\Users\Emilse\Downloads\LOL_OPGG_Observer_1969890638_replay.bat
2015-10-06 14:04 - 2015-10-06 14:04 - 00005919 _____ C:\Users\Emilse\Downloads\LOL_OPGG_Observer_2097358323_replay.bat
2015-10-06 14:01 - 2015-10-06 14:01 - 00005919 _____ C:\Users\Emilse\Downloads\LOL_OPGG_Observer_2100172283_replay.bat
2015-10-06 01:39 - 2015-10-06 01:39 - 00063406 _____ C:\Users\Emilse\Downloads\Quantico 1x02 - America (Español (España)).srt
2015-10-04 15:23 - 2015-10-04 15:23 - 00043433 _____ C:\Users\Emilse\Downloads\Heroes Reborn 1x03 - Under the Mask (Español (Latinoamérica)).srt
2015-10-03 21:23 - 2015-10-03 22:30 - 00000000 ____D C:\Users\Emilse\Downloads\Hola
2015-10-03 21:20 - 2015-10-03 21:20 - 00073200 _____ C:\Users\Emilse\Downloads\limitless-s01e02-es.srt
2015-10-03 21:20 - 2015-10-03 21:20 - 00070774 _____ C:\Users\Emilse\Downloads\limitless-s01e02-en.srt
2015-10-03 21:19 - 2015-10-03 21:21 - 00000982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hola.lnk
2015-10-03 21:18 - 2015-10-03 21:18 - 23262848 _____ (Hola Networks Ltd.) C:\Users\Emilse\Downloads\Hola-Setup-x64-1.9.624.exe
2015-09-29 00:52 - 2015-09-29 00:52 - 00057906 _____ C:\Users\Emilse\Downloads\Quantico 1x01 - Run (Español (España)).srt
2015-09-26 23:32 - 2015-09-26 23:32 - 00087660 _____ C:\Users\Emilse\Downloads\Heroes Reborn 1x01 - Brave New World - 1x02 - Odessa (Español (España)).srt
2015-09-25 22:13 - 2015-09-25 22:13 - 00036710 _____ C:\Users\Emilse\Downloads\442505.zip
2015-09-25 22:11 - 2015-09-25 22:11 - 00039328 _____ C:\Users\Emilse\Downloads\436959.rar
2015-09-25 21:21 - 2015-09-25 21:21 - 00062731 _____ C:\Users\Emilse\Downloads\Limitless 1x01 - Pilot.srt
2015-09-25 20:54 - 2015-09-25 20:54 - 00063060 _____ C:\Users\Emilse\Downloads\Limitless 1x01 - Pilot (Español (Latinoamérica)).srt
2015-09-24 10:31 - 2015-09-24 10:31 - 00036971 _____ C:\Users\Emilse\Downloads\441829.rar
2015-09-23 23:19 - 2015-09-23 23:19 - 00037219 _____ C:\Users\Emilse\Downloads\442057.zip
2015-09-23 23:15 - 2015-09-23 23:15 - 00037050 _____ C:\Users\Emilse\Downloads\433310.rar
2015-09-23 18:49 - 2015-09-23 18:50 - 17561112 _____ C:\Users\Emilse\Downloads\kz_bhop_minimalism_sooshka_2533.49.rar
2015-09-23 13:48 - 2015-09-23 13:48 - 00766359 _____ C:\Users\Emilse\Downloads\kz_beach_R4D14710N_0052.22.rar
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-22 00:28 - 2015-04-06 01:05 - 00000000 ____D C:\FRST
2015-10-22 00:04 - 2013-03-06 23:33 - 00001060 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-21 23:54 - 2013-10-02 12:28 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-21 23:02 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\system32\sru
2015-10-21 21:37 - 2013-12-22 23:18 - 00000000 ____D C:\Users\Emilse\AppData\Roaming\TS3Client
2015-10-21 20:29 - 2013-03-06 23:05 - 01726292 _____ C:\Windows\WindowsUpdate.log
2015-10-21 20:28 - 2015-04-06 00:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-21 20:19 - 2013-03-06 23:33 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-21 20:18 - 2012-07-26 04:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-21 20:17 - 2013-08-31 09:17 - 00000000 ____D C:\AdwCleaner
2015-10-21 20:13 - 2015-05-15 21:30 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-21 20:13 - 2015-04-06 00:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-21 20:13 - 2015-04-06 00:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-21 18:39 - 2012-07-26 02:37 - 00000000 __RHD C:\Users\Default
2015-10-21 18:33 - 2012-07-26 02:26 - 00000215 _____ C:\Windows\system.ini
2015-10-21 18:23 - 2012-07-26 02:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-10-21 12:01 - 2012-07-26 08:20 - 00799076 _____ C:\Windows\system32\perfh00A.dat
2015-10-21 12:01 - 2012-07-26 08:20 - 00163386 _____ C:\Windows\system32\perfc00A.dat
2015-10-21 12:01 - 2012-07-26 04:28 - 01801978 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-20 18:32 - 2015-04-06 14:16 - 00000000 ____D C:\Users\Emilse\Desktop\Anti virus & Cleaners
2015-10-20 18:30 - 2013-05-15 16:09 - 00000000 ____D C:\Users\Emilse\AppData\Local\Spotify
2015-10-20 17:45 - 2013-05-15 16:08 - 00000000 ____D C:\Users\Emilse\AppData\Roaming\Spotify
2015-10-20 01:09 - 2015-07-30 03:28 - 00001680 _____ C:\Windows\Sandboxie.ini
2015-10-19 18:05 - 2015-09-18 20:25 - 00000000 ____D C:\Users\Emilse\AppData\Local\Popcorn-Time
2015-10-16 15:54 - 2013-10-02 12:28 - 00003726 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-16 13:10 - 2015-09-08 09:45 - 00000131 _____ C:\Users\Emilse\Desktop\Horne.txt
2015-10-16 13:10 - 2015-07-22 11:22 - 00000433 _____ C:\Users\Emilse\Desktop\Fernando Autos chocados.txt
2015-10-16 01:00 - 2014-08-18 19:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-15 13:22 - 2014-04-30 16:17 - 00000000 ____D C:\Users\Emilse\Desktop\N
2015-10-15 08:46 - 2013-03-06 23:33 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-15 06:34 - 2013-06-02 00:15 - 00000000 ____D C:\Users\Emilse\AppData\Roaming\vlc
2015-10-15 00:37 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\system32\NDF
2015-10-09 12:17 - 2014-02-24 21:38 - 00000000 ____D C:\Users\Emilse\Desktop\Limpio Y Terminado
2015-10-09 12:13 - 2015-03-24 11:26 - 00000132 _____ C:\Users\Emilse\AppData\Roaming\Prefs. de formato PNG de Adobe CC
2015-10-05 09:50 - 2015-04-06 00:38 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2015-04-06 00:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2014-01-24 00:56 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-03 23:19 - 2013-05-06 13:44 - 00000000 ____D C:\Users\Emilse\AppData\Roaming\Skype
2015-10-01 16:29 - 2013-03-06 23:11 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2118594802-1783837968-1324960856-1001
2015-10-01 09:20 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\SchCache
2015-10-01 09:19 - 2015-07-30 23:59 - 00001177 _____ C:\Users\Emilse\Desktop\EZBlocker - Acceso directo.lnk
2015-10-01 09:19 - 2015-07-21 23:06 - 00001216 _____ C:\Users\Emilse\Desktop\cmd.lnk
2015-10-01 09:19 - 2015-06-28 02:26 - 00001817 _____ C:\Users\Emilse\Desktop\Spotify.lnk
2015-10-01 09:19 - 2015-05-24 09:09 - 00001167 _____ C:\Users\Emilse\Desktop\PlayBNS - Acceso directo.lnk
2015-10-01 09:19 - 2015-05-16 21:17 - 00001869 _____ C:\Users\Emilse\Desktop\Counter Strike 1.6 Non Steam.lnk
2015-10-01 09:19 - 2015-05-16 01:32 - 00001131 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.0.lnk
2015-10-01 09:19 - 2015-05-13 10:54 - 00001071 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2015-10-01 09:19 - 2015-03-17 10:18 - 00001687 _____ C:\Users\Emilse\Desktop\Photoshop CC.lnk
2015-10-01 09:19 - 2015-03-17 10:08 - 00001067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk
2015-10-01 09:19 - 2015-03-17 10:04 - 00001351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2015-10-01 09:19 - 2015-03-17 10:04 - 00001345 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2015-10-01 09:19 - 2014-11-01 00:31 - 00000968 _____ C:\Users\Emilse\Desktop\Glyph.lnk
2015-10-01 09:19 - 2014-09-22 12:06 - 00000928 _____ C:\Users\Public\Desktop\Steam.lnk
2015-10-01 09:19 - 2014-08-18 19:55 - 00002691 _____ C:\Users\Public\Desktop\Skype.lnk
2015-10-01 09:19 - 2014-04-15 23:16 - 00002321 _____ C:\Users\Emilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-01 09:19 - 2014-02-10 21:15 - 00001838 _____ C:\Users\Emilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6.lnk
2015-10-01 09:19 - 2014-01-24 04:37 - 00001331 _____ C:\Users\Emilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\l2 - Acceso directo.lnk
2015-10-01 09:19 - 2014-01-16 20:33 - 00001138 _____ C:\Users\Emilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lin]e[age L2Java.com.lnk
2015-10-01 09:19 - 2013-10-18 12:29 - 00001060 _____ C:\Users\Emilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2015-10-01 09:19 - 2013-10-18 10:54 - 00001192 _____ C:\Users\Emilse\AppData\Roaming\Microsoft\Windows\Start Menu\Jugar a WoW CoRe.lnk
2015-10-01 09:19 - 2013-10-02 12:20 - 00001020 _____ C:\Users\Emilse\Desktop\Mozilla Firefox.lnk
2015-10-01 09:19 - 2013-10-02 12:20 - 00001020 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-01 09:19 - 2013-09-22 22:18 - 00001912 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
2015-10-01 09:19 - 2013-08-09 18:38 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-01 09:19 - 2013-06-15 23:26 - 00001042 _____ C:\Users\Emilse\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2015-10-01 09:19 - 2013-05-15 16:09 - 00001803 _____ C:\Users\Emilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-10-01 09:19 - 2013-03-30 08:08 - 00001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2015-10-01 09:19 - 2013-03-30 08:07 - 00001206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2015-10-01 09:19 - 2013-03-30 08:06 - 00001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2015-10-01 09:19 - 2013-03-30 08:05 - 00001168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2015-10-01 09:19 - 2013-03-30 08:03 - 00001518 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2015-10-01 09:19 - 2013-03-30 08:03 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2015-10-01 09:19 - 2013-03-30 06:47 - 00001038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
2015-10-01 09:19 - 2013-03-06 23:05 - 00000986 _____ C:\Users\Emilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-01 09:19 - 2012-11-15 06:16 - 00002481 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-10-01 09:19 - 2012-11-15 06:16 - 00001453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-10-01 09:19 - 2012-11-15 06:16 - 00001369 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-10-01 09:19 - 2012-11-15 06:16 - 00001300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-09-30 09:54 - 2013-03-07 04:23 - 00000000 ____D C:\Users\Emilse\AppData\Roaming\LolClient
2015-09-25 04:41 - 2014-04-15 22:57 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-23 19:14 - 2014-09-22 12:06 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-22 08:14 - 2015-03-02 15:53 - 00000000 ____D C:\Users\Emilse\Desktop\Otros
 
==================== Files in the root of some directories =======
 
2013-11-23 20:43 - 2013-11-23 20:52 - 0000132 _____ () C:\Users\Emilse\AppData\Roaming\Prefs. de formato BMP de Adobe CS6
2015-07-05 02:29 - 2015-07-13 13:24 - 0000132 _____ () C:\Users\Emilse\AppData\Roaming\Prefs. de formato GIF de Adobe CC
2015-03-24 11:26 - 2015-10-09 12:13 - 0000132 _____ () C:\Users\Emilse\AppData\Roaming\Prefs. de formato PNG de Adobe CC
2013-04-05 23:35 - 2015-03-14 12:52 - 0000132 _____ () C:\Users\Emilse\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2013-07-27 11:42 - 2013-08-30 05:42 - 0000071 _____ () C:\Users\Emilse\AppData\Roaming\WB.CFG
2013-06-28 06:42 - 2013-08-30 05:42 - 0000005 _____ () C:\Users\Emilse\AppData\Roaming\WBPU-TTL.DAT
2015-01-20 05:38 - 2015-04-16 02:24 - 0001456 _____ () C:\Users\Emilse\AppData\Local\Adobe Guardar para Web 13.0 Prefs
 
Some files in TEMP:
====================
C:\Users\Emilse\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-20 04:37
 
==================== End of FRST.txt ============================


Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Emilse (2015-10-22 00:29:40)
Running from C:\Users\Emilse\Desktop
Windows 8 Single Language (X64) (2013-03-07 02:05:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-2118594802-1783837968-1324960856-500 - Administrator - Disabled)
Emilse (S-1-5-21-2118594802-1783837968-1324960856-1001 - Administrator - Enabled) => C:\Users\Emilse
fbwuser (S-1-5-21-2118594802-1783837968-1324960856-1004 - Limited - Enabled) => C:\Users\fbwuser
HomeGroupUser$ (S-1-5-21-2118594802-1783837968-1324960856-1003 - Limited - Enabled)
Invitado (S-1-5-21-2118594802-1783837968-1324960856-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.32 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0932-000001000000}) (Version: 9.32.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlePing (HKLM-x32\...\{DB480AC3-1578-B8DC-3F8F-786A2A4E3BC7}) (Version: 1.3.3.4 - BattlePing)
Blade and Soul (HKLM-x32\...\{CEF766E5-6E15-441F-B14A-C44CB168DBE7}) (Version: 1.0.0 - PlayBns.com)
Color Efex Pro 4 (HKLM-x32\...\Color Efex Pro 4) (Version: 4.0.0.0 - Nik Software, Inc.)
Counter-Strike 1.6 (HKLM-x32\...\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}) (Version: 1.6 - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Cuevana Storm version 0.3b (HKLM-x32\...\{2AFB4518-E1D7-4D74-B4FC-C65AE00E531D}_is1) (Version: 0.3b - Cuevana)
CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dawngate (HKLM-x32\...\{25FAB7E0-526C-437F-8D55-7F00436B873D}) (Version: 180.16.77.0 - Electronic Arts, Inc.)
Desktop Live Streamer (HKLM-x32\...\{90B6DE78-F018-4479-AEAC-0FF6712356D1}) (Version: 0.9.4000 - Charnet3D)
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
f.lux (HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\Flux) (Version:  - )
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Gameforge Live 1.10.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.10.0 - Gameforge)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Gyazo 2.0.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HEX (HKLM-x32\...\{E31B651A-B48C-423C-8D0D-855756C8B7E8}_is1) (Version:  - HEX Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.8.208 - SurfRight B.V.)
IMVU Avatar Chat Software (HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\IMVU Avatar chat client software BETA) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4101 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
join.me (HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\JoinMe) (Version: 1.20.0.116 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Kreedz Climbing 2.0 (HKLM-x32\...\{64319B79-D347-4EF9-8AD5-AED5BAAC84A6}) (Version: 2.00.0000 - Kreedz Climbing Development Team - ObsessionSoft)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lineage II (HKLM-x32\...\{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}) (Version: 90.7.2281 - NCSoft)
Lineage II (HKLM-x32\...\{23664DA8-8872-4CF4-A2F2-327CC539823B}) (Version: 4.0.0.2 - NC Interactive, LLC)
Lineage® II: Freya (High Five) (HKLM-x32\...\{21040472-F8DF-48A9-A093-2986C1495670}) (Version: 198 - NCsoft)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MorphVOX Pro (HKLM-x32\...\{DE289787-7ECA-4BED-9D8C-99FAC407E3D6}) (Version: 4.3.13 - Screaming Bee)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 es-AR) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 es-AR)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MTA:SA v1.4.1 (HKLM-x32\...\MTA:SA 1.4) (Version: v1.4.1 - Multi Theft Auto)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Popcorn Time (HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\Popcorn Time) (Version:  - Popcorn Official)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.4-1.0.7299.14 - raidcall.com)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Sandboxie 4.20 (64-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 0.1.1989.5 - Hi-Rez Studios)
Software para dispositivos de chipset Intel® (x32 Version: 10.0.27 - Intel® Corporation) Hidden
Source SDK Base 2013 Multiplayer (HKLM-x32\...\Steam App 243750) (Version:  - )
Spotify (HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
sXe Injected (HKLM-x32\...\sXe Injected) (Version: 15.3.7.0 - Alejandro Cortés)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
Uninstall LSI (HKLM-x32\...\{62B332E9-239D-4692-BDE2-0CC1CF2833DA}_is1) (Version: 3.0b - Aequus Gaming Ltd.)
Unity Web Player (HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 10.0 (HKLM-x32\...\{3BE3A580-D09A-11DF-9D8B-0013D3D69929}) (Version: 10.0.387 - Sony)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WTFast 3.5 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.5.6.464 - Initex & AAA Internet Publishing)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2118594802-1783837968-1324960856-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Emilse\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
 
==================== Restore Points =========================
 
06-10-2015 22:11:04 Punto de control programado
16-10-2015 03:19:25 Punto de control programado
21-10-2015 18:00:06 ComboFix created restore point
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-29 16:41 - 2015-10-21 18:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {298F14AC-1D2C-4FEC-900A-C15EBCECB434} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2C71AA80-926A-453D-AF28-526B92919CFA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated)
Task: {397A8547-0547-4637-BA55-3C846BDA3F6B} - System32\Tasks\{2A939F44-BC9F-4B1E-8ABD-6BDD768B1D5D} => pcalua.exe -a C:\Users\Emilse\AppData\Local\TNT2\2.0.0.1599\TNT2User.exe -c /UNINSTALL PARTNER=10583
Task: {44B6B4CE-9B48-4157-89FF-FD5D99B0B24C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {4722E158-9468-4180-8181-4C87E7CFC7DF} - \SpyHunter4Startup -> No File <==== ATTENTION
Task: {667E7D31-0437-4ECB-8ADE-060D9DAA7D49} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {7BE57D59-FEBF-4C94-9584-22DA1B000BC0} - System32\Tasks\{E3BC1642-4316-442B-9D6A-7F0DF6B098D2} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.0.105/es/abandoninstall?source=lightinstaller&amp;page=tsProgressBar
Task: {7F406A76-A02A-4C2A-AEDD-D004181A0F64} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B4A5DA38-FCB7-461E-ACB7-75BEDFE310C8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-01] (Avast Software s.r.o.)
Task: {BD9F8E94-7739-40FD-AE21-61AADCF5D1BE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-04-15 22:57 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-11-14 12:32 - 2012-08-23 20:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-07-01 18:42 - 2015-07-01 18:42 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-01 18:42 - 2015-07-01 18:42 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-21 16:53 - 2015-10-21 16:53 - 02996080 _____ () C:\Program Files\AVAST Software\Avast\defs\15102102\algo.dll
2015-07-01 18:42 - 2015-07-01 18:42 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-11-14 12:34 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\Datos de programa:NT
AlternateDataStreams: C:\ProgramData\Datos de programa:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\Emilse\Datos de programa:NT
AlternateDataStreams: C:\Users\Emilse\Datos de programa:NT2
AlternateDataStreams: C:\Users\Emilse\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Emilse\AppData\Roaming:NT2
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\hola.org -> hxxp://hola.org
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 200.42.4.203 - 200.49.130.40
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "hola"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\...\StartupApproved\Run: => "WTFast Tray"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D6DF03C8-AFE5-4AD4-BD52-780F7C6A8892}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{80208AF4-FB6F-4EBB-874E-4B4812076942}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EFABBFAB-A151-49EC-9F58-FEE370CE2571}] => (Allow) LPort=2869
FirewallRules: [{C230E9F3-E5D9-4BF8-8DC4-AA5CF2F29945}] => (Allow) LPort=1900
FirewallRules: [{B38585CE-87F8-4A4C-86D1-BCD645A81894}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F0625CB8-567B-4063-9062-E9FC7284D349}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{3E5B2F58-3961-429D-AFA1-2EBF1362A5C1}C:\users\emilse\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\emilse\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{102A0B72-5920-462B-821D-0C24647DF1B6}C:\users\emilse\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\emilse\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AE65264F-9CA9-4C53-BE84-E32E9F896C94}] => (Block) C:\users\emilse\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C18FD538-52D5-4833-BE45-B164A51F22FA}] => (Block) C:\users\emilse\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5A413F54-2DAF-407E-A5FF-60BBD6FC133B}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{75762483-1D77-4E37-8C65-D61D114561A1}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{5096386D-84E1-4E08-BAFB-D236D80AD6A4}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe] => (Allow) C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe
FirewallRules: [UDP Query User{B18AC23B-C586-481A-8573-4E338D51899C}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe] => (Allow) C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe
FirewallRules: [TCP Query User{778B236E-7F5C-4848-BB0E-7C1B88777233}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [UDP Query User{EFB4C0BB-729F-4D7A-8D32-117E18BBCDC2}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [TCP Query User{D737CA1F-FD74-4BF6-B7B4-B2DB0D736D45}C:\users\emilse\desktop\tauti lineage2media\system\l2.bin] => (Allow) C:\users\emilse\desktop\tauti lineage2media\system\l2.bin
FirewallRules: [UDP Query User{A81C75BC-5B46-4FD7-9931-BB9F474B29A3}C:\users\emilse\desktop\tauti lineage2media\system\l2.bin] => (Allow) C:\users\emilse\desktop\tauti lineage2media\system\l2.bin
FirewallRules: [TCP Query User{BA65CA09-DFAB-47FD-8B13-0E6675D2B3D8}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [UDP Query User{28FA4257-204B-44B2-A7C1-2528002CFC2C}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [{06B45170-A814-4C76-B6B4-87F3A547310D}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe
FirewallRules: [{D1AADAAC-E662-4217-9AF9-E356355F4580}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe
FirewallRules: [{8A7F6BE6-9BEA-436F-9695-A03BBE8B923A}] => (Allow) C:\Program Files\World of Warcraft\Launcher.exe
FirewallRules: [{0EECC0B0-72BA-426D-9490-4697CECB7FD7}] => (Allow) C:\Program Files\World of Warcraft\Launcher.exe
FirewallRules: [TCP Query User{CA3166C7-7A70-4E67-935B-EB3504AA43DC}C:\program files\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-eses-downloader.exe
FirewallRules: [UDP Query User{753D9FB6-F09F-49BB-824B-082C6E1FF50B}C:\program files\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-eses-downloader.exe
FirewallRules: [TCP Query User{89F6B446-C6BB-45F1-965F-294B7AE3D22B}C:\program files\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-eses-downloader.exe
FirewallRules: [UDP Query User{EDF574F5-83D5-48E6-AC10-2DDE7EAAAC61}C:\program files\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-eses-downloader.exe
FirewallRules: [TCP Query User{67A2AFDA-3260-4830-AD28-865E1E6356A9}C:\program files\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-eses-downloader.exe
FirewallRules: [UDP Query User{99FAB62E-C5F7-49B7-AFA0-F8E87325301D}C:\program files\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-eses-downloader.exe
FirewallRules: [TCP Query User{B6472855-681B-427D-8A8D-150AA36639D7}C:\program files\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-eses-downloader.exe
FirewallRules: [UDP Query User{A7FB532E-DA55-4680-ABFE-CF7FB9F10227}C:\program files\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-eses-downloader.exe
FirewallRules: [TCP Query User{127D8A56-76EF-4712-A7EE-C08FDF0C406F}C:\program files\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-eses-downloader.exe
FirewallRules: [UDP Query User{0E33CA7D-C3FA-4997-B0BD-BFCC271F2B37}C:\program files\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-eses-downloader.exe
FirewallRules: [TCP Query User{4D89CCDA-0E61-4B5C-9BD4-0898C4A08708}C:\program files\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-eses-downloader.exe
FirewallRules: [UDP Query User{5BDA1092-F0D6-43F2-8179-11A366265360}C:\program files\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-eses-downloader.exe
FirewallRules: [TCP Query User{C407880B-68C8-4D0D-A217-56021F16281E}C:\program files\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-eses-downloader.exe
FirewallRules: [UDP Query User{45F8923B-3D8E-4393-9338-E6916F2E098F}C:\program files\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-eses-downloader.exe
FirewallRules: [TCP Query User{5F94B6E8-05B4-4BD3-B5C6-49B2352A213D}C:\program files\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-eses-downloader.exe
FirewallRules: [UDP Query User{6AB9ABDC-7B74-4F30-83F7-DF51C67513DC}C:\program files\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-eses-downloader.exe
FirewallRules: [TCP Query User{41C393A6-A035-4771-8AE7-527D6B9D5710}C:\program files\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-eses-downloader.exe
FirewallRules: [UDP Query User{B377DAB2-AF1E-4795-AF2D-DCF21A93BB11}C:\program files\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-eses-downloader.exe
FirewallRules: [TCP Query User{36332D1C-8B5C-4BAD-896D-483A53201469}C:\program files\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-eses-downloader.exe
FirewallRules: [UDP Query User{4B75277D-8203-490C-8CFC-6907C858CB6A}C:\program files\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-eses-downloader.exe] => (Allow) C:\program files\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-eses-downloader.exe
FirewallRules: [{DA5AD2D6-3235-4F63-BF17-0B17F9BE0E9B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{A317ED51-307C-403A-B83B-BAB02E764296}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{0DA7DB30-D68A-4B7E-924E-3B87F1773053}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{646ADF95-C6C8-4DC0-9F8F-67B176562E04}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{79C8C1B9-D72D-452A-B38E-1A798146D68B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1382306572\ee\aolsoftware.exe
FirewallRules: [{C424F8D3-CC1C-40A7-A1A4-73FC80190D85}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1382306572\ee\aolsoftware.exe
FirewallRules: [{6C8EFB13-8199-451D-BC22-E913F48BB3CF}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{F1596DB4-F9DF-4E50-BC47-C970FFBA7D5D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{CF47B1EC-0A37-45B3-B2D8-D3FB2E770953}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{52BC152E-F7C5-441C-BCB3-F697BFEE7D22}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{A4DB21DA-95D7-484C-BC3E-66829DC168B6}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{3541B081-C09C-468C-8287-A9AE504DBCCE}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{91868F75-4EBC-4910-9DF7-1DA9AC29E014}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{2B255524-0859-4C9C-A11E-B4C909A737F1}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{515964A0-1747-4DE4-871D-A0482F451105}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{D54ECFC2-001B-4BB4-8508-5874E43EF79D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [TCP Query User{2DC39CF0-22E0-457F-8B85-E774BFC07485}C:\program files (x86)\boxgames\rakion\bin\rakion.bin] => (Allow) C:\program files (x86)\boxgames\rakion\bin\rakion.bin
FirewallRules: [UDP Query User{49532E1E-85B4-4111-BF97-570EDF1B176F}C:\program files (x86)\boxgames\rakion\bin\rakion.bin] => (Allow) C:\program files (x86)\boxgames\rakion\bin\rakion.bin
FirewallRules: [{C95A0016-8B36-47E6-BADF-61FD616C35B6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{AFFC2AC9-EA10-40B5-BD4F-382F6FCC715A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{3B8A1DA8-CEF2-4F29-B245-A2DFDFD8EBB3}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{B7B3839C-449D-4642-9626-92C7D082D4F5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{24631E3D-E550-4B59-8278-7429980A128F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2359\Agent.exe
FirewallRules: [{78CD1A23-4338-44E1-B1F0-2B03EFFF32BC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2359\Agent.exe
FirewallRules: [{AD6FC439-86BD-4A51-84F8-E024EB13370B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{FBD201FE-13BA-4493-8FE5-9E7CA854D660}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [TCP Query User{67274125-E52D-4236-8A0C-6F6495D0A6C6}C:\users\emilse\downloadsሐ.exe] => (Block) C:\users\emilse\downloadsሐ.exe
FirewallRules: [UDP Query User{C409FBB8-B784-43EC-9478-025E4C1BB6DA}C:\users\emilse\downloadsሐ.exe] => (Block) C:\users\emilse\downloadsሐ.exe
FirewallRules: [TCP Query User{90E0611F-47D3-4015-A3C8-EBB6986EF69F}C:\users\emilse\desktopሐ.exe] => (Allow) C:\users\emilse\desktopሐ.exe
FirewallRules: [UDP Query User{F8D6C4E7-4CA9-48A5-B96F-E264C6F021E8}C:\users\emilse\desktopሐ.exe] => (Allow) C:\users\emilse\desktopሐ.exe
FirewallRules: [{3B98C02C-3154-4206-AABD-41A8158EC690}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2391\Agent.exe
FirewallRules: [{666AA05C-EF60-4B84-82CE-9AFB5E868501}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2391\Agent.exe
FirewallRules: [{1AE91D2F-4991-4739-A53E-FB4BA1CA2A50}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{2E5584E3-44ED-438C-974A-B0E967A88E0B}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{DB318F6C-2479-46BD-B1B9-CF272764B57F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{705853F2-AB6A-4BF0-9FC1-82B474A91083}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{D9872442-2F18-4A23-94C7-AC9134EE9FB5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{4D21E75B-AE9B-4F62-96C6-0C6E13F17C08}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [TCP Query User{8BFF23F6-EDB9-42A5-95AB-2C60C4EDCD58}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{FB7462D7-B9AC-4A16-950D-20EA12C32685}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{4647BC4C-42AF-42B4-BE59-B161DFAB0A4A}C:\program files (x86)\electronic arts\dawngate\game\dawngate.exe] => (Allow) C:\program files (x86)\electronic arts\dawngate\game\dawngate.exe
FirewallRules: [UDP Query User{4F933880-E6EF-4267-A6AD-919FDAE13160}C:\program files (x86)\electronic arts\dawngate\game\dawngate.exe] => (Allow) C:\program files (x86)\electronic arts\dawngate\game\dawngate.exe
FirewallRules: [TCP Query User{D69A9FA8-0A0E-4598-B1D6-5DEAFCC2BE1F}C:\program files (x86)\valve\hl.exe] => (Allow) C:\program files (x86)\valve\hl.exe
FirewallRules: [UDP Query User{0A32CF08-E90F-4CC1-A959-4241FAF6B867}C:\program files (x86)\valve\hl.exe] => (Allow) C:\program files (x86)\valve\hl.exe
FirewallRules: [{1FDFBA6D-7D80-4044-89BC-848106CADE62}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{DF0A319D-EBB0-4712-9425-31FC80ECA77C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{248E68F0-07E1-4F5E-BE18-A25505266E01}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{FBF3DC73-B46B-4BB3-8E66-D59EEC1A9CA5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{2DBBF320-D6F6-4664-9A9A-AB9B3FB9BDF5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{2523938E-D28C-4EFA-B3B7-1D02449B2CCE}] => (Block) %ProgramFiles% (x86)\sXe Injected\sXe Injected.exe
FirewallRules: [{B11E2F7F-AB3F-4F0B-BDB1-B224FFF5CDCA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{ED000969-D4DB-49D2-9F7A-FCD8BDB83477}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{735336E7-EA42-40DE-9656-1193E15786C2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{3CC5FE44-3F13-4DCD-BF57-56021097BA18}C:\jamaikamu\launcher.exe] => (Block) C:\jamaikamu\launcher.exe
FirewallRules: [UDP Query User{B980BF7D-084A-4463-B8E1-41A8A673FD63}C:\jamaikamu\launcher.exe] => (Block) C:\jamaikamu\launcher.exe
FirewallRules: [TCP Query User{CABE6B2C-A4A0-478E-8BD3-665644FA4496}C:\program files (x86)\cuevana storm\cuevana storm.exe] => (Allow) C:\program files (x86)\cuevana storm\cuevana storm.exe
FirewallRules: [UDP Query User{7953A8D7-5F92-4391-9717-53C129844180}C:\program files (x86)\cuevana storm\cuevana storm.exe] => (Allow) C:\program files (x86)\cuevana storm\cuevana storm.exe
FirewallRules: [{E2EF9E3C-D21C-462E-8807-1FC62CA1E708}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{67BC8EAF-C340-4D0C-992E-3DC75D77B6DE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{4E146F4A-B65F-407B-B455-453B24FCBE65}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{FA48A206-D262-4A17-B4BF-0B53FE5E95E7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{D8F3E44C-083D-4481-94E4-6F101FD6987B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{16502623-B637-4599-97EB-F4DDB660CC3F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2FE88B94-7653-4A8C-A80E-5D0D2AFAC843}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D629300F-1E73-4A7D-B8F4-94081423FD50}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{6C6D67F9-F41A-4284-9BE6-DF1114BD82B3}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe] => (Allow) C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe
FirewallRules: [UDP Query User{FFBB263E-5538-420F-9E3B-4DFD4E6FDBF8}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe] => (Allow) C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe
FirewallRules: [{773254D9-B88E-4124-B043-447EE6D72160}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{84801607-D3FC-4518-A012-A57D7BC92457}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{ACD3322C-6980-4AEA-A4BA-B65319B359BA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{383B32C8-50B3-4629-BD02-3E660D165BA4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{B35A7BAD-2BC0-480D-8639-F7E2BF69632B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{1E6400E2-4124-463C-A00D-8B34F74630DA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{D635441F-43D1-4E65-8853-C7B2FB797885}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E477503F-9384-4284-B479-5DDFA40CAD0B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0309F7F8-47B8-4CDA-8DFA-8F54AE3BF301}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{60702680-F9CD-4C33-9C6A-4C036F357B6D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{BD92D373-07AC-434A-B8DB-8CE5C032E229}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{22673A36-7D74-4B77-89F7-F0B15B24D2DB}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{D8FD07BD-D33C-411F-B4E3-EA5D1A5A4783}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{8EA911CF-9187-4D91-8F86-E483298C5B34}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{8DCA107F-824E-463A-BF47-2A986E48D7C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{96503002-5B4E-4A87-AB61-8FECB579BC7F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4A97E76A-18A2-4FCD-9D1B-894A0F34B396}] => (Allow) C:\Users\Emilse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8AC63DE9-D28F-44AB-8D58-EED9E52E64C4}] => (Allow) C:\Users\Emilse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5B905A5F-2D5D-4A9E-B35D-0F947E1C7574}] => (Allow) C:\Users\Emilse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B3A01433-803A-4E01-AFE5-E11104650A22}] => (Allow) C:\Users\Emilse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E719E3DC-FC7B-44CE-B846-853BC4394510}] => (Allow) C:\Users\Emilse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C2D8AE0B-6E28-4429-B8CC-E3BEE82B9E0B}] => (Allow) C:\Users\Emilse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C932499F-62C1-45E2-9C84-1147F2AF97A4}] => (Allow) C:\Program Files (x86)\PlayBns.com\Blade and Soul\bin\Client.exe
FirewallRules: [{B961932E-B6F0-47B8-946A-9D1244C20178}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{9F0E3CE4-0B1B-47A6-9885-E4AA688AA1CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{3211331A-421C-4D7D-BCD4-C80B361BD79A}C:\users\emilse\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\emilse\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{2D404A79-F4E0-4F3D-9951-99F86BDBA1F3}C:\users\emilse\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\emilse\appdata\local\popcorn time\nw.exe
FirewallRules: [{3368A69F-D18B-4806-95B4-10D549A9A340}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2013 Multiplayer\hl2.exe
FirewallRules: [{16CCEBDA-8999-4B6E-AA47-19E44F2DB8AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2013 Multiplayer\hl2.exe
FirewallRules: [{C0838487-2C07-4762-8012-E24CECD0B8AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/22/2015 12:28:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Error en el archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" en la línea C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error: (10/22/2015 12:24:51 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Error en el archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" en la línea C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error: (10/21/2015 09:57:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Error en el archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" en la línea C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error: (10/21/2015 09:56:05 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Error en el archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" en la línea C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error: (10/21/2015 08:13:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamscheduler.exe, versión: 3.1.3.0, marca de tiempo: 0x55252bff
Nombre del módulo con errores: MSVCR100.dll, versión: 10.0.40219.325, marca de tiempo: 0x4df2be1e
Código de excepción: 0x40000015
Desplazamiento de errores: 0x0008d6fd
Identificador del proceso con errores: 0x2f8
Hora de inicio de la aplicación con errores: 0xmbamscheduler.exe0
Ruta de acceso de la aplicación con errores: mbamscheduler.exe1
Ruta de acceso del módulo con errores: mbamscheduler.exe2
Identificador del informe: mbamscheduler.exe3
Nombre completo del paquete con errores: mbamscheduler.exe4
Identificador de aplicación relativa del paquete con errores: mbamscheduler.exe5
 
Error: (10/21/2015 06:38:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: dumphive.3XE, versión: 0.0.0.0, marca de tiempo: 0x2a425e19
Nombre del módulo con errores: dumphive.3XE, versión: 0.0.0.0, marca de tiempo: 0x2a425e19
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00005c0b
Identificador del proceso con errores: 0xc34
Hora de inicio de la aplicación con errores: 0xdumphive.3XE0
Ruta de acceso de la aplicación con errores: dumphive.3XE1
Ruta de acceso del módulo con errores: dumphive.3XE2
Identificador del informe: dumphive.3XE3
Nombre completo del paquete con errores: dumphive.3XE4
Identificador de aplicación relativa del paquete con errores: dumphive.3XE5
 
Error: (10/14/2015 01:23:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa IMVUClient.exe, versión 522.0.0.0, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.
 
Identificador de proceso: 888
 
Hora de inicio: 01d1063778d462d6
 
Hora de finalización: 49
 
Ruta de acceso de la aplicación: C:\Users\Emilse\AppData\Roaming\IMVUClient\IMVUClient.exe
 
Identificador de informe: 5acecf7e-722b-11e5-bf7b-902b34b87d9d
 
Nombre completo de paquete con errores: 
 
Identificador de aplicación relativa del paquete con errores:
 
Error: (10/06/2015 11:17:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa League of Legends.exe, versión 5.19.0.295, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.
 
Identificador de proceso: 1458
 
Hora de inicio: 01d100a5faa57786
 
Hora de finalización: 4294967295
 
Ruta de acceso de la aplicación: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.107\deploy\League of Legends.exe
 
Identificador de informe: 8774df6b-6c99-11e5-bf79-902b34b87d9d
 
Nombre completo de paquete con errores: 
 
Identificador de aplicación relativa del paquete con errores:
 
Error: (10/01/2015 10:45:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamscheduler.exe, versión: 3.1.3.0, marca de tiempo: 0x55252bff
Nombre del módulo con errores: MSVCR100.dll, versión: 10.0.40219.325, marca de tiempo: 0x4df2be1e
Código de excepción: 0x40000015
Desplazamiento de errores: 0x0008d6fd
Identificador del proceso con errores: 0x850
Hora de inicio de la aplicación con errores: 0xmbamscheduler.exe0
Ruta de acceso de la aplicación con errores: mbamscheduler.exe1
Ruta de acceso del módulo con errores: mbamscheduler.exe2
Identificador del informe: mbamscheduler.exe3
Nombre completo del paquete con errores: mbamscheduler.exe4
Identificador de aplicación relativa del paquete con errores: mbamscheduler.exe5
 
Error: (09/28/2015 02:21:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Explorer.EXE, versión: 6.2.9200.16628, marca de tiempo: 0x51a94434
Nombre del módulo con errores: AltTab.dll, versión: 6.2.9200.16384, marca de tiempo: 0x501080a3
Código de excepción: 0xc0000094
Desplazamiento de errores: 0x0000000000005550
Identificador del proceso con errores: 0x908
Hora de inicio de la aplicación con errores: 0xExplorer.EXE0
Ruta de acceso de la aplicación con errores: Explorer.EXE1
Ruta de acceso del módulo con errores: Explorer.EXE2
Identificador del informe: Explorer.EXE3
Nombre completo del paquete con errores: Explorer.EXE4
Identificador de aplicación relativa del paquete con errores: Explorer.EXE5
 
 
System errors:
=============
Error: (10/21/2015 09:58:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
%%1275
 
Error: (10/21/2015 09:58:45 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Emilse\AppData\Local\Temp\ehdrv.sys
 
Error: (10/21/2015 09:58:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
%%1275
 
Error: (10/21/2015 09:58:45 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Emilse\AppData\Local\Temp\ehdrv.sys
 
Error: (10/21/2015 09:58:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
%%1275
 
Error: (10/21/2015 09:58:45 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Emilse\AppData\Local\Temp\ehdrv.sys
 
Error: (10/21/2015 08:18:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio SpyHunter 4 Service no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (10/21/2015 08:18:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Virtualización de archivos UAC no pudo iniciarse debido al siguiente error: 
%%1275
 
Error: (10/21/2015 08:18:36 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (10/21/2015 08:17:38 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: El Administrador de control de servicios intentó realizar una acción correctora (Reiniciar el servicio) después de la terminación inesperada del servicio Windows Search, pero ocurrió el siguiente error: 
%%1056
 
 
CodeIntegrity:
===================================
  Date: 2015-10-21 18:19:05.138
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G640 @ 2.80GHz
Percentage of memory in use: 32%
Total physical RAM: 3981.96 MB
Available physical RAM: 2680.11 MB
Total Virtual: 5069.96 MB
Available Virtual: 3785.81 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:450.44 GB) (Free:119.49 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 913D1C65)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:12 AM

Posted 22 October 2015 - 02:42 AM

What problems are left on your computer right now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 Cute

Cute
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:12 PM

Posted 22 October 2015 - 03:04 AM

Hello Jürgen, the only one i'm aware of it's the CPU usage at 98-99% unless the task manager it's open.. sometimes the CPU usage goes to 1-5% wich is normal and also rare of happening but then the Disk goes to 99% when it should not.

Edit: Also i'm pretty sure you know but the 160 "infected files" from ESET were not deleted, it just an scan as you told me.


Edited by Cute, 22 October 2015 - 03:07 AM.


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:12 AM

Posted 22 October 2015 - 11:43 AM

...the CPU usage at 98-99% unless the task manager it's open..

I guess you are using process explorer? Please post a screenshot of it with all running processes and their CPU usage.


Edit: Also i'm pretty sure you know but the 160 "infected files" from ESET were not deleted, it just an scan as you told me.[/size][/font][/color]

No active malware has been found. Just some files that already are quarantined and some irrelevant remnants.

Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM\...\Run: [hola] => 
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
    HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    FF DefaultSearchEngine: webssearches
    FF SelectedSearchEngine: webssearches
    FF Extension: No Name - C:\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\extensions\defsearchp@gmail.com [not found]
    CHR Extension: (Media Hint) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdagjpilmpmajpmgcojcppnhjjogfcn [2014-06-26] 
    S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
    C:\Program Files\Enigma Software Group
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-04-22] ()
    C:\Windows\System32\DRIVERS\EsgScanner.sys
    C:\Users\Emilse\AppData\Local\TNT2
    Task: {397A8547-0547-4637-BA55-3C846BDA3F6B} - System32\Tasks\{2A939F44-BC9F-4B1E-8ABD-6BDD768B1D5D} => 
    Task: {4722E158-9468-4180-8181-4C87E7CFC7DF} - \SpyHunter4Startup -> No File 
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 Cute

Cute
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:12 PM

Posted 22 October 2015 - 12:13 PM

Hello Jürgen, i was able to take a picture even tho the usage of the CPU goes down very quickly after opening it, i manage to catch it at 91% with a screenshot, i was running absolutely nothing, and the usage was at 98% until the task manager, sorry if the language of the task manager it's not  english, i dont know how to change it.

f2e55a03243efb1d875a536fe2247b66.png


Here is  the disk at 99%

2a311851f9f001c68b67eabf4b02c922.png


And the logs!
 

Fix result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Emilse (2015-10-22 13:56:57) Run:2
Running from C:\Users\Emilse\Desktop
Loaded Profiles: Emilse (Available Profiles: Emilse & fbwuser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
HKLM\...\Run: [hola] => 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Extension: No Name - C:\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\extensions\defsearchp@gmail.com [not found]
CHR Extension: (Media Hint) - C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdagjpilmpmajpmgcojcppnhjjogfcn [2014-06-26] 
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
C:\Program Files\Enigma Software Group
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-04-22] ()
C:\Windows\System32\DRIVERS\EsgScanner.sys
C:\Users\Emilse\AppData\Local\TNT2
Task: {397A8547-0547-4637-BA55-3C846BDA3F6B} - System32\Tasks\{2A939F44-BC9F-4B1E-8ABD-6BDD768B1D5D} => 
Task: {4722E158-9468-4180-8181-4C87E7CFC7DF} - \SpyHunter4Startup -> No File 
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\hola => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2118594802-1783837968-1324960856-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Firefox DefaultSearchEngine removed successfully
Firefox SelectedSearchEngine removed successfully
C:\Users\Emilse\AppData\Roaming\Mozilla\Firefox\Profiles\kv8c63mh.default\extensions\defsearchp@gmail.com => path removed successfully
C:\Users\Emilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdagjpilmpmajpmgcojcppnhjjogfcn => moved successfully
SpyHunter 4 Service => service removed successfully
"C:\Program Files\Enigma Software Group" => not found.
EsgScanner => service removed successfully
C:\Windows\System32\DRIVERS\EsgScanner.sys => moved successfully
"C:\Users\Emilse\AppData\Local\TNT2" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{397A8547-0547-4637-BA55-3C846BDA3F6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{397A8547-0547-4637-BA55-3C846BDA3F6B}" => key removed successfully
C:\Windows\System32\Tasks\{2A939F44-BC9F-4B1E-8ABD-6BDD768B1D5D} => => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2A939F44-BC9F-4B1E-8ABD-6BDD768B1D5D} => => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4722E158-9468-4180-8181-4C87E7CFC7DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4722E158-9468-4180-8181-4C87E7CFC7DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => key removed successfully
EmptyTemp: => 1.3 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 13:57:30 ====

Edited by Cute, 22 October 2015 - 12:16 PM.


#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:12 AM

Posted 22 October 2015 - 12:23 PM

Please post screenshots from process explorer as well.
https://technet.microsoft.com/de-de/sysinternals/bb896653.aspx

C:\Users\Emilse\Downloads\ProcessExplorer.zip

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 Cute

Cute
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:12 PM

Posted 22 October 2015 - 12:33 PM

Hi Jürgen, i took the picture here is!

12df3b80e7af68be73a42c8064648695.png






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users