Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kaspersky is telling me I have malware & trojan. It keeps coming back


  • This topic is locked This topic is locked
21 replies to this topic

#1 blondy71

blondy71

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 17 November 2015 - 06:56 PM

I obviously have malware because Kaspersky keeps finding it and deleting it but it keeps coming back.  I'm not sure what else I might have.  This has been going on for a week or two.  In case this helps, here is the location of the files that Kaspersky keeps deleting:

 

c:\users\j\appdata\local\microsoft\windows\temporary internet files\content.ie5\hur2zkla\protectupdater20151102[1].exe

 

c:\users\j\appdata\local\microsoft\windows\temporary internet files\content.ie5\hur2zkla\protectupdater20151102[1].exe//data0001

 

c:\users\j\appdata\local\temp\file_to_run551193.exe

 

c:\users\j\appdata\local\temp\file_to_run551193.exe//data0001

 

c:\users\j\appdata\local\temp\file_to_run5579.exe

 

c:\users\j\appdata\local\temp\file_to_run5579.exe//data0001

 

In the past few weeks there are over 100 of these files that Kaspersky deleted.  They all start like the first four above but the numbers are different.

 

Also, two files just showed up in my downloads folder that I didn't put there and my computer won't let me delete them.

 

downloads\webscr

 

downloads\i

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-11-2015
Ran by J (administrator) on MOMHPLAPTOP (17-11-2015 15:20:44)
Running from C:\Users\J\Downloads
Loaded Profiles: J (Available Profiles: J & Kids)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
( ) C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Users\J\AppData\Roaming\ShieldSoft\UI\bin\shieldsoftService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(ShieldSoft) C:\Users\J\AppData\Roaming\ShieldSoft\UI\bin\shieldsoft.exe
() C:\Users\J\AppData\Roaming\ShieldSoft\UI\bin\shieldui.exe
() C:\Users\J\AppData\Roaming\ShieldSoft\UI\bin\shieldsoft64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2014-06-13] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-06-26] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [659456 2013-09-03] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [286272 2015-07-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [608320 2015-06-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\J\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\Run: [Google Update] => C:\Users\J\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\Run: [Facebook Update] => C:\Users\J\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-01] (Facebook Inc.)
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [405504 2012-07-25] (Microsoft Corporation)
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\MountPoints2: {95e87927-720c-11e3-beab-8434978c5d61} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\MountPoints2: {cce24fc0-9a88-11e3-beb8-8434978c5d61} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\MountPoints2: {f87a295d-4255-11e4-bf09-8434978c5d61} - "F:\TL_Bootstrap.exe" 
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2014-01-01]
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-02-11]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-09-10]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-09-10]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-09-10]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-07-24]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2014-01-01]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2014-01-01]
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
Startup: C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-12-22]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk [2013-05-06]
ShortcutTarget: RollerCoaster Tycoon 3 Registration.lnk -> C:\Users\J\AppData\Local\Temp\{84B6B5C1-1EDF-4F5D-B080-CAF5AC955169}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{21B2E6A3-3F52-4D37-AA1F-A4CFC45367B2}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{383BED90-6F5D-49B8-B884-4CBECFBD58C4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DA877A23-504E-4E4C-91C1-96870815EDF2}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {3EA88E10-3D41-4311-9F65-D4270DB7172B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {8E48961F-6BA1-4379-9CCC-6E55A1648C8D} URL = 
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {3EA88E10-3D41-4311-9F65-D4270DB7172B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002 -> DefaultScope {8E48961F-6BA1-4379-9CCC-6E55A1648C8D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279411&CUI=UN38125961091851189&UM=2
SearchScopes: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = 
SearchScopes: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002 -> {3EA88E10-3D41-4311-9F65-D4270DB7172B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002 -> {8E48961F-6BA1-4379-9CCC-6E55A1648C8D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279411&CUI=UN38125961091851189&UM=2
SearchScopes: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = 
SearchScopes: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-06-17] (RealDownloader)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-03-26] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-03-26] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-03-26] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-06-17] (RealDownloader)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-03-26] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-09-28] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-03-26] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-09-28] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-03-26] (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
DPF: HKLM-x32 {B25AB9F1-B8A2-4072-8964-00C7EDF99750} hxxps://transfer.dmv.gov/COM/MOVEitUploadWizard7.0.0.ocx
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2012-06-02] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn64.dll [2011-12-01] (Musicnotes, Inc.)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-09-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-09-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files (x86)\Musicnotes\npmusicn.dll [2011-12-01] (Musicnotes, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=18.0.1.9 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-07-24] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.0.1.9 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-07-24] (RealTimes)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [No File]
FF Plugin HKU\S-1-5-21-1962473557-1781975835-3520380482-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\J\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1962473557-1781975835-3520380482-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\J\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1962473557-1781975835-3520380482-1002: @talk.google.com/O1DPlugin -> C:\Users\J\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1962473557-1781975835-3520380482-1002: @tools.google.com/Google Update;version=3 -> C:\Users\J\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1962473557-1781975835-3520380482-1002: @tools.google.com/Google Update;version=9 -> C:\Users\J\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\J\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\J\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [speedanalysis02@SpeedAnalysis.com] - C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
FF Extension: Speed Analysis 2 - C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013-06-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [pluswinks@PlusWinks] - C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks
FF Extension: Smiley Bar for Facebook - C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks [2013-06-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-12-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-12-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-12-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-12-17] [not signed]
FF HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\Firefox\Extensions: [speedanalysis02@SpeedAnalysis.com] - C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
FF HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\Firefox\Extensions: [pluswinks@PlusWinks] - C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks
 
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-03-26] (Kaspersky Lab ZAO)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-10-07] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 HPSLPSVC; C:\Users\J\AppData\Local\Temp\7zS23A4\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 mitsijm2013; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-30] ( )
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S4 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] ()
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-06-26] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-06-26] (Intuit Inc.) [File not signed]
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-06-17] ()
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1115224 2015-07-24] (RealNetworks, Inc.)
R2 ShieldSoft; C:\Users\J\AppData\Roaming\ShieldSoft\UI\bin\ShieldsoftService.exe [83456 2015-11-02] () [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
S3 Steam Client Service; "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-26] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-03-26] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-26] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-03-26] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-03-26] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-03-26] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-07-30] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-03-26] (Kaspersky Lab ZAO)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 usbbus; C:\Windows\System32\drivers\lgx64bus.sys [17920 2010-04-13] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\system32\DRIVERS\lgx64diag.sys [27648 2010-04-13] (LG Electronics Inc.)
S3 USBModem; C:\Windows\system32\DRIVERS\lgx64modem.sys [33280 2010-04-13] (LG Electronics Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-17 15:20 - 2015-11-17 15:21 - 00067324 _____ C:\Users\J\Downloads\FRST.txt
2015-11-17 15:19 - 2015-11-17 15:20 - 00000000 ____D C:\FRST
2015-11-17 15:18 - 2015-11-17 15:18 - 02008576 _____ (Farbar) C:\Users\J\Downloads\FRST64.exe
2015-11-17 11:46 - 2015-11-17 11:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
2015-11-17 11:46 - 2015-11-17 11:46 - 00002014 _____ C:\Users\Public\Desktop\Adobe Reader 8.lnk
2015-11-17 09:03 - 2015-11-02 19:20 - 00809944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-17 09:03 - 2015-11-02 19:20 - 00176088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-16 18:05 - 2015-11-16 18:05 - 00000044 _____ C:\Users\J\Downloads\webscr
2015-11-14 13:16 - 2015-11-14 16:16 - 00000427 ____H C:\Windows\system32\Rebecca.dat
2015-11-13 11:29 - 2015-10-01 08:10 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-11-13 11:29 - 2015-10-01 08:09 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-11-13 08:13 - 2015-10-20 08:53 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-13 08:12 - 2015-10-20 10:01 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-13 08:12 - 2015-10-20 10:00 - 14292992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-13 08:12 - 2015-10-20 10:00 - 13775360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-13 08:12 - 2015-10-20 10:00 - 02866176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-13 08:12 - 2015-10-20 10:00 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-13 08:12 - 2015-10-20 10:00 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-13 08:12 - 2015-10-20 10:00 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-11-13 08:12 - 2015-10-20 10:00 - 00715776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-13 08:12 - 2015-10-20 10:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-13 08:12 - 2015-10-20 08:54 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-13 08:12 - 2015-10-20 08:54 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-13 08:12 - 2015-10-20 08:53 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-13 08:12 - 2015-10-20 08:53 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-13 08:12 - 2015-10-20 08:53 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-11-13 08:12 - 2015-10-20 08:53 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-13 08:11 - 2015-10-20 10:01 - 00525824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-13 08:11 - 2015-10-20 10:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-13 08:11 - 2015-10-20 10:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-13 08:11 - 2015-10-20 08:54 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-13 08:11 - 2015-10-20 08:53 - 03960832 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-13 08:11 - 2015-10-20 08:53 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-13 08:09 - 2015-10-27 09:46 - 00320000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-13 08:09 - 2015-10-27 09:46 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-13 08:09 - 2015-10-27 09:46 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-13 08:09 - 2015-10-27 08:55 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-13 08:09 - 2015-10-27 08:54 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-13 08:09 - 2015-10-27 08:54 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-13 08:09 - 2015-10-11 01:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-13 08:09 - 2015-10-11 01:45 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-13 08:09 - 2015-09-23 08:10 - 00377552 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-13 08:09 - 2015-09-23 08:10 - 00332576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-13 08:06 - 2015-10-17 08:28 - 04063744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-13 08:06 - 2015-10-13 08:16 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-13 08:06 - 2015-10-13 08:16 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-13 08:06 - 2015-09-12 08:09 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-12 22:33 - 2015-10-28 11:46 - 06970704 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-12 22:33 - 2015-10-28 09:59 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-12 22:33 - 2015-10-28 09:59 - 00171864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-12 22:33 - 2015-10-28 09:37 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-12 22:33 - 2015-09-23 08:10 - 00570256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-12 22:16 - 2015-11-12 22:16 - 00000000 ____D C:\Windows\SysWOW64\Power2Go8
2015-11-12 06:29 - 2015-11-12 06:29 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2015-11-04 09:09 - 2015-11-04 09:10 - 00000000 ____D C:\Users\J\AppData\Local\{424528B0-8998-4CF8-B880-AB384A4B859E}
2015-11-02 09:03 - 2015-11-12 18:14 - 00000000 ____D C:\Users\J\AppData\Roaming\ShieldSoft
2015-11-01 17:47 - 2015-11-01 17:47 - 00000028 _____ C:\Users\J\Downloads\i
2015-10-20 18:03 - 2014-04-16 13:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-10-20 18:02 - 2014-04-16 13:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-17 15:21 - 2012-12-25 09:41 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1962473557-1781975835-3520380482-1002
2015-11-17 15:08 - 2014-01-06 11:58 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1962473557-1781975835-3520380482-1002UA.job
2015-11-17 15:00 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\sru
2015-11-17 14:50 - 2013-01-17 14:19 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-17 14:29 - 2012-12-25 09:28 - 01631574 _____ C:\Windows\WindowsUpdate.log
2015-11-17 14:13 - 2014-06-01 18:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-17 13:16 - 2014-07-01 00:11 - 00000960 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1962473557-1781975835-3520380482-1002UA.job
2015-11-17 12:39 - 2014-06-26 17:28 - 00000000 ____D C:\Users\J\AppData\Local\Adobe
2015-11-17 11:46 - 2013-03-19 07:23 - 00000000 ____D C:\ProgramData\Adobe
2015-11-17 11:45 - 2013-03-19 07:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-17 11:43 - 2014-04-04 04:59 - 00000000 ___RD C:\Users\J\Google Drive
2015-11-17 11:42 - 2013-01-17 14:19 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-17 11:28 - 2014-10-13 06:06 - 00000364 _____ C:\Windows\Tasks\HPCeeScheduleForJ.job
2015-11-17 11:28 - 2012-07-26 02:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-17 11:28 - 2012-07-26 00:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-11-17 09:35 - 2014-10-13 06:06 - 00003182 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJ
2015-11-17 09:35 - 2012-12-25 09:27 - 00000000 ____D C:\Users\J
2015-11-17 09:00 - 2015-03-17 07:24 - 00497448 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-17 08:55 - 2012-08-03 17:23 - 00806156 _____ C:\Windows\PFRO.log
2015-11-17 05:29 - 2012-12-25 09:33 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6A2AD662-2D47-4087-8302-25A4EA232D37}
2015-11-16 19:08 - 2014-01-06 11:58 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1962473557-1781975835-3520380482-1002Core.job
2015-11-16 17:34 - 2015-07-24 19:42 - 00000000 ____D C:\Users\J\AppData\Roaming\Real
2015-11-16 14:28 - 2013-01-17 15:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-16 14:28 - 2012-07-26 02:59 - 00000000 ____D C:\Windows\CbsTemp
2015-11-16 11:23 - 2012-12-27 20:56 - 00000000 ____D C:\Users\J\AppData\Local\CrashDumps
2015-11-15 14:33 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\rescache
2015-11-15 13:34 - 2013-10-24 10:51 - 00556032 ___SH C:\Users\J\Documents\Thumbs.db
2015-11-14 11:53 - 2012-07-26 02:28 - 00941114 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-14 01:16 - 2014-07-01 00:11 - 00000938 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1962473557-1781975835-3520380482-1002Core.job
2015-11-13 18:08 - 2013-08-19 18:31 - 00002288 ____H C:\Users\J\Documents\Default.rdp
2015-11-13 18:00 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-11-13 15:04 - 2013-03-25 10:59 - 04613632 ___SH C:\Users\J\Desktop\Thumbs.db
2015-11-13 11:21 - 2013-08-24 12:31 - 00000000 ____D C:\Windows\system32\MRT
2015-11-13 10:31 - 2012-12-26 11:10 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-13 09:40 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-11-13 08:10 - 2013-01-17 20:17 - 00000000 ____D C:\Windows\Minidump
2015-11-12 18:14 - 2013-03-17 22:39 - 00000000 ____D C:\Temp
2015-11-12 06:29 - 2015-07-31 04:21 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-09 22:27 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-11-07 15:19 - 2013-11-04 09:51 - 10067456 ___SH C:\Users\J\Downloads\Thumbs.db
2015-10-19 05:52 - 2014-04-04 04:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
 
==================== Files in the root of some directories =======
 
2013-06-08 12:50 - 2013-06-08 12:49 - 0030894 _____ () C:\Users\J\AppData\Roaming\speedanalysis.ico
2014-07-08 07:37 - 2014-10-28 20:52 - 0008704 _____ () C:\Users\J\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-06 06:00 - 2013-03-06 06:00 - 0007602 _____ () C:\Users\J\AppData\Local\Resmon.ResmonCfg
2014-06-08 07:59 - 2014-06-08 07:59 - 0000000 _____ () C:\Users\J\AppData\Local\{02C62D85-60EE-411D-95E8-E84572E029A0}
2015-02-11 06:45 - 2015-06-25 11:40 - 0009690 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\J\AppData\Local\Temp\VP6Install.exe
C:\Users\J\AppData\Local\Temp\VP6VFW.dll
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\vp6vfw.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. 
 
 
LastRegBack: 2015-11-12 08:43
 
==================== End of FRST.txt ============================

 

 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:24 AM

Posted 18 November 2015 - 04:09 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

tdss.gif


Edited by deeprybka, 18 November 2015 - 04:10 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 blondy71

blondy71
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 18 November 2015 - 07:24 AM

Thank you for your quick reply!

 

 

 

07:13:08.0792 0x0a40  TDSS rootkit removing tool 3.1.0.6 Nov 16 2015 12:17:23
07:13:08.0792 0x0a40  UEFI system
07:13:22.0081 0x0a40  ============================================================
07:13:22.0081 0x0a40  Current date / time: 2015/11/18 07:13:22.0081
07:13:22.0081 0x0a40  SystemInfo:
07:13:22.0081 0x0a40  
07:13:22.0081 0x0a40  OS Version: 6.2.9200 ServicePack: 0.0
07:13:22.0081 0x0a40  Product type: Workstation
07:13:22.0081 0x0a40  ComputerName: MOMHPLAPTOP
07:13:22.0081 0x0a40  UserName: J
07:13:22.0081 0x0a40  Windows directory: C:\Windows
07:13:22.0081 0x0a40  System windows directory: C:\Windows
07:13:22.0081 0x0a40  Running under WOW64
07:13:22.0081 0x0a40  Processor architecture: Intel x64
07:13:22.0097 0x0a40  Number of processors: 2
07:13:22.0097 0x0a40  Page size: 0x1000
07:13:22.0097 0x0a40  Boot type: Normal boot
07:13:22.0097 0x0a40  ============================================================
07:13:23.0345 0x0a40  KLMD registered as C:\Windows\system32\drivers\66259561.sys
07:13:24.0186 0x0a40  System UUID: {BF919B64-F38F-79B1-7A50-5A813E862291}
07:13:25.0767 0x0a40  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:13:25.0812 0x0a40  ============================================================
07:13:25.0812 0x0a40  \Device\Harddisk0\DR0:
07:13:25.0812 0x0a40  GPT partitions:
07:13:25.0828 0x0a40  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {793AB8E8-E06F-4450-B0EA-3B6723E432E4}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
07:13:25.0828 0x0a40  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {06C80568-E49E-4481-A1CA-2E646F0D9654}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x82000
07:13:25.0828 0x0a40  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {EBD64F1A-22A3-4E8C-8F43-702CE2DD5AD0}, Name: Microsoft reserved partition, StartLBA 0x14A800, BlocksNum 0x40000
07:13:25.0828 0x0a40  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {8BF25B1B-72FB-4037-8523-62C9DC0AE670}, Name: Basic data partition, StartLBA 0x18A800, BlocksNum 0x712DF800
07:13:25.0828 0x0a40  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {675BF693-1D9B-4DD5-9C49-5538469CE92B}, Name: Basic data partition, StartLBA 0x7146A000, BlocksNum 0x329C800
07:13:25.0828 0x0a40  MBR partitions:
07:13:25.0828 0x0a40  ============================================================
07:13:25.0906 0x0a40  C: <-> \Device\Harddisk0\DR0\Partition4
07:13:25.0953 0x0a40  D: <-> \Device\Harddisk0\DR0\Partition5
07:13:25.0953 0x0a40  ============================================================
07:13:25.0953 0x0a40  Initialize success
07:13:25.0953 0x0a40  ============================================================
07:13:50.0031 0x0dd4  ============================================================
07:13:50.0031 0x0dd4  Scan started
07:13:50.0031 0x0dd4  Mode: Manual; SigCheck; TDLFS; 
07:13:50.0031 0x0dd4  ============================================================
07:13:50.0031 0x0dd4  KSN ping started
07:13:52.0404 0x0dd4  KSN ping finished: true
07:13:54.0689 0x0dd4  ================ Scan system memory ========================
07:13:54.0689 0x0dd4  System memory - ok
07:13:54.0704 0x0dd4  ================ Scan services =============================
07:13:55.0261 0x0dd4  [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
07:13:55.0593 0x0dd4  1394ohci - ok
07:13:55.0624 0x0dd4  [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware           C:\Windows\system32\drivers\3ware.sys
07:13:55.0656 0x0dd4  3ware - ok
07:13:55.0702 0x0dd4  [ 899B7E724BF19F17978B6A37B864A277, F7D166DC5F7642D4B834B1E0D956929BA94F3E4D402989FC1A681A08FA1F86B6 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
07:13:55.0780 0x0dd4  Accelerometer - ok
07:13:55.0843 0x0dd4  [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI            C:\Windows\system32\drivers\ACPI.sys
07:13:55.0890 0x0dd4  ACPI - ok
07:13:55.0921 0x0dd4  [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
07:13:55.0936 0x0dd4  acpiex - ok
07:13:55.0968 0x0dd4  [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
07:13:56.0048 0x0dd4  acpipagr - ok
07:13:56.0103 0x0dd4  [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
07:13:56.0185 0x0dd4  AcpiPmi - ok
07:13:56.0225 0x0dd4  [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
07:13:56.0275 0x0dd4  acpitime - ok
07:13:56.0335 0x0dd4  [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
07:13:56.0380 0x0dd4  adp94xx - ok
07:13:56.0434 0x0dd4  [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci         C:\Windows\system32\drivers\adpahci.sys
07:13:56.0484 0x0dd4  adpahci - ok
07:13:56.0506 0x0dd4  [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
07:13:56.0538 0x0dd4  adpu320 - ok
07:13:56.0616 0x0dd4  [ 480C020D9B58E881A5349F5F1189A418, 8AE8ED9CD8F239DF47853FBCE45DB34652CE94E3FD296FDF3897AC6DD5F9B143 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
07:13:56.0725 0x0dd4  AeLookupSvc - ok
07:13:56.0803 0x0dd4  [ 8252EE6D7F87846EA409D0DA602FB1D9, 2A89C654B2C92B8E2445A35A1B6ACA4926AFDC2C875142E0A21D339B8FC8D474 ] AFD             C:\Windows\system32\drivers\afd.sys
07:13:57.0295 0x0dd4  AFD - ok
07:13:57.0325 0x0dd4  [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440          C:\Windows\system32\drivers\agp440.sys
07:13:57.0363 0x0dd4  agp440 - ok
07:13:57.0395 0x0dd4  [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG             C:\Windows\System32\alg.exe
07:13:57.0493 0x0dd4  ALG - ok
07:13:57.0535 0x0dd4  [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
07:13:57.0613 0x0dd4  AllUserInstallAgent - ok
07:13:57.0660 0x0dd4  [ E14F7B22FD0BD5FAA8C885C64690965D, B50217D1C23AF191389B9A335270A2B6254B8A3035BFCAFE4A5F7DB0FDBD7DF6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
07:13:57.0847 0x0dd4  AMD External Events Utility - ok
07:13:57.0925 0x0dd4  AMD FUEL Service - ok
07:13:58.0039 0x0dd4  [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
07:13:58.0115 0x0dd4  AmdK8 - ok
07:13:59.0221 0x0dd4  [ F931C2ED6C8294909C10657DCB9A9A4E, 7A9CEA4ADF31C5C93F0FE433A78817FAEE57DB737D8FC4F6A0E53F1D527EA10F ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
07:13:59.0783 0x0dd4  amdkmdag - ok
07:13:59.0890 0x0dd4  [ 0D481A7FE3A66724DC11AD8A4E417A9A, 85726C7AC933ABD5ADE7A508E7C114BA512795F6BDC53663521AE66C27231527 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
07:13:59.0978 0x0dd4  amdkmdap - ok
07:14:00.0023 0x0dd4  [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
07:14:00.0078 0x0dd4  AmdPPM - ok
07:14:00.0158 0x0dd4  [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata         C:\Windows\system32\drivers\amdsata.sys
07:14:00.0180 0x0dd4  amdsata - ok
07:14:00.0243 0x0dd4  [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
07:14:00.0660 0x0dd4  amdsbs - ok
07:14:00.0687 0x0dd4  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
07:14:00.0775 0x0dd4  amdxata - ok
07:14:00.0837 0x0dd4  [ A2EFE3869B976296E097DEF368280F95, 121CD4A16146A9DF59D6E415181F48CA0D1DCD4D2B6BC4CBDABC2F3D296E28C6 ] amd_sata        C:\Windows\system32\drivers\amd_sata.sys
07:14:00.0862 0x0dd4  amd_sata - ok
07:14:00.0890 0x0dd4  [ 625396421C29FB305C6C6235D01130B8, 3FAF8D3B530F1B74B2C9B0ED3377836746CE2D0A4008E1BC454095671AC9E1AF ] amd_xata        C:\Windows\system32\drivers\amd_xata.sys
07:14:00.0917 0x0dd4  amd_xata - ok
07:14:00.0987 0x0dd4  [ 823F34D1DEF120A657BB7529ABF4461F, C56D6614F6B3DA13DF7F6AC6B70ACA39D1DB146F7324CF96029CA038C3063DB3 ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
07:14:01.0070 0x0dd4  AppHostSvc - ok
07:14:01.0095 0x0dd4  [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID           C:\Windows\system32\drivers\appid.sys
07:14:01.0209 0x0dd4  AppID - ok
07:14:01.0271 0x0dd4  [ A33B59C8DF9012E7B129D0A1D2F50E81, 50F1E05AA808600B49595CD9FDDDB4327272CC09647E3D94D3FD1B426381F839 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
07:14:01.0379 0x0dd4  AppIDSvc - ok
07:14:01.0426 0x0dd4  [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo         C:\Windows\System32\appinfo.dll
07:14:01.0504 0x0dd4  Appinfo - ok
07:14:01.0551 0x0dd4  [ 44695679881DEB85CAD7C249B151066E, A44413ACA911DDB5757DE9F9ECC3968979C47617CF9DF81B24E7ECDE7E0D54BC ] APXACC          C:\Windows\system32\DRIVERS\appexDrv.sys
07:14:01.0591 0x0dd4  APXACC - ok
07:14:01.0631 0x0dd4  [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc             C:\Windows\system32\drivers\arc.sys
07:14:01.0661 0x0dd4  arc - ok
07:14:01.0681 0x0dd4  [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
07:14:01.0714 0x0dd4  arcsas - ok
07:14:01.0914 0x0dd4  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:14:01.0946 0x0dd4  aspnet_state - ok
07:14:01.0964 0x0dd4  [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:14:02.0024 0x0dd4  AsyncMac - ok
07:14:02.0074 0x0dd4  [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi           C:\Windows\system32\drivers\atapi.sys
07:14:02.0096 0x0dd4  atapi - ok
07:14:02.0362 0x0dd4  [ 62B78165A465844CC7552F5D2E051E71, F155BB64A8FE6332E34E4DDFCD08F02CA148908E55A9E5DBEF958605FF8B9A2E ] athr            C:\Windows\system32\DRIVERS\athw8x.sys
07:14:02.0689 0x0dd4  athr - ok
07:14:02.0752 0x0dd4  [ 506907D2E7F3A5B67DBD39C00A788B7C, 618C91FB9F49C69F88A993F164D7E9E4B7CAD0F34DCF77CF0C6F259A28448171 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW86.sys
07:14:02.0767 0x0dd4  AtiHDAudioService - ok
07:14:02.0830 0x0dd4  [ 8FB10919E1283FD108334FDBFB173574, EAD11C6FA884AAC9E8534C267E9B1D2EAB1F2A396EACC900525465A2AEAB84D3 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
07:14:02.0939 0x0dd4  AudioEndpointBuilder - ok
07:14:03.0032 0x0dd4  [ 463E7457227E970CB249031AEAE7902C, 2F627BC558E5764592B08269F3EE4C6ECD544904963312A60F5B0C0B9C8C5D32 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
07:14:03.0173 0x0dd4  Audiosrv - ok
07:14:03.0345 0x0dd4  [ 0D2F8F4055903A762AD46204E5A42E86, D3270039E4F066C69D844060388D3F895137C37C0FBE4C106BE1C71AE9DBC17A ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
07:14:03.0478 0x0dd4  AVP - ok
07:14:03.0525 0x0dd4  [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
07:14:03.0691 0x0dd4  AxInstSV - ok
07:14:03.0753 0x0dd4  [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
07:14:03.0831 0x0dd4  b06bdrv - ok
07:14:03.0847 0x0dd4  [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
07:14:03.0925 0x0dd4  BasicDisplay - ok
07:14:03.0987 0x0dd4  [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
07:14:04.0018 0x0dd4  BasicRender - ok
07:14:04.0096 0x0dd4  [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC          C:\Windows\System32\bdesvc.dll
07:14:04.0174 0x0dd4  BDESVC - ok
07:14:04.0206 0x0dd4  [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep            C:\Windows\system32\drivers\Beep.sys
07:14:04.0325 0x0dd4  Beep - ok
07:14:04.0418 0x0dd4  [ 431320C07A4073BD77AF7E32DB241FA8, 9285D8CE161291751A037C19ABA744A74B41EA6F9805F5A1101198C6E519F444 ] BFE             C:\Windows\System32\bfe.dll
07:14:04.0578 0x0dd4  BFE - ok
07:14:04.0656 0x0dd4  [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS            C:\Windows\System32\qmgr.dll
07:14:04.0797 0x0dd4  BITS - ok
07:14:04.0890 0x0dd4  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:14:04.0937 0x0dd4  Bonjour Service - ok
07:14:04.0968 0x0dd4  [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:14:05.0093 0x0dd4  bowser - ok
07:14:05.0155 0x0dd4  [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
07:14:05.0280 0x0dd4  BrokerInfrastructure - ok
07:14:05.0327 0x0dd4  [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser         C:\Windows\System32\browser.dll
07:14:05.0412 0x0dd4  Browser - ok
07:14:05.0462 0x0dd4  [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
07:14:05.0571 0x0dd4  BthAvrcpTg - ok
07:14:05.0602 0x0dd4  [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
07:14:05.0774 0x0dd4  BthHFEnum - ok
07:14:05.0821 0x0dd4  [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
07:14:05.0945 0x0dd4  bthhfhid - ok
07:14:05.0977 0x0dd4  [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
07:14:06.0086 0x0dd4  BTHMODEM - ok
07:14:06.0133 0x0dd4  [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv         C:\Windows\system32\bthserv.dll
07:14:06.0179 0x0dd4  bthserv - ok
07:14:06.0226 0x0dd4  [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:14:06.0289 0x0dd4  cdfs - ok
07:14:06.0351 0x0dd4  [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom           C:\Windows\System32\drivers\cdrom.sys
07:14:06.0413 0x0dd4  cdrom - ok
07:14:06.0445 0x0dd4  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc     C:\Windows\System32\certprop.dll
07:14:06.0538 0x0dd4  CertPropSvc - ok
07:14:06.0570 0x0dd4  [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass        C:\Windows\System32\drivers\circlass.sys
07:14:06.0641 0x0dd4  circlass - ok
07:14:06.0708 0x0dd4  [ 94250D5AE3E7269DB29BCF96E07F21A6, 538C6CDCD193AABDE40CC25220528F8F80AEF828C46D8660234CB0E592B607CB ] CLFS            C:\Windows\system32\drivers\CLFS.sys
07:14:06.0748 0x0dd4  CLFS - ok
07:14:06.0812 0x0dd4  [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive  C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
07:14:06.0844 0x0dd4  CLVirtualDrive - ok
07:14:06.0875 0x0dd4  [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
07:14:06.0937 0x0dd4  CmBatt - ok
07:14:07.0031 0x0dd4  [ 1824F120E8390BC47B1C3013C9E84D84, CEC0D3F32410A33FD2CAE3533F0361615037FC20A4229262CB2ED555732EDBFC ] CNG             C:\Windows\system32\Drivers\cng.sys
07:14:07.0093 0x0dd4  CNG - ok
07:14:07.0125 0x0dd4  [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
07:14:07.0187 0x0dd4  CompositeBus - ok
07:14:07.0202 0x0dd4  COMSysApp - ok
07:14:07.0234 0x0dd4  [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv          C:\Windows\system32\drivers\condrv.sys
07:14:07.0296 0x0dd4  condrv - ok
07:14:07.0358 0x0dd4  [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:14:07.0449 0x0dd4  CryptSvc - ok
07:14:07.0496 0x0dd4  [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam             C:\Windows\system32\drivers\dam.sys
07:14:07.0511 0x0dd4  dam - ok
07:14:07.0605 0x0dd4  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:14:07.0740 0x0dd4  DcomLaunch - ok
07:14:07.0818 0x0dd4  [ FC1569B5705887D74FE7C8A39BE1C71C, 7DEB8FE472C72C439A2F54B6277C0A87AC2083869BD9AF8226071B7AA33B09FF ] defragsvc       C:\Windows\System32\defragsvc.dll
07:14:07.0880 0x0dd4  defragsvc - ok
07:14:07.0943 0x0dd4  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\Windows\system32\das.dll
07:14:08.0052 0x0dd4  DeviceAssociationService - ok
07:14:08.0114 0x0dd4  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
07:14:08.0192 0x0dd4  DeviceInstall - ok
07:14:08.0255 0x0dd4  [ 431141C6859990824D17F71C30A78728, 448B3DC20C8FDD5B66217E0E01DBCC4904F94BDA0826F109D139DDD2C2D7FBF2 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
07:14:08.0333 0x0dd4  Dfsc - ok
07:14:08.0411 0x0dd4  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
07:14:08.0426 0x0dd4  dg_ssudbus - ok
07:14:08.0504 0x0dd4  [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
07:14:08.0613 0x0dd4  Dhcp - ok
07:14:08.0645 0x0dd4  [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache        C:\Windows\system32\drivers\discache.sys
07:14:08.0676 0x0dd4  discache - ok
07:14:08.0738 0x0dd4  [ AE3786294CC246A5403783E1B86A0168, 29A7B4B490CBB16DAEF5D67D0A58A2577CF3FEE8F889484DB867F6913D9D2A28 ] disk            C:\Windows\system32\drivers\disk.sys
07:14:08.0769 0x0dd4  disk - ok
07:14:08.0801 0x0dd4  [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
07:14:08.0832 0x0dd4  dmvsc - ok
07:14:08.0957 0x0dd4  [ B9450BC3F1820A99D010D7426BCA60E9, FC7C35A0C522E5DA52B0616CF99F4903EAC14946180A18A8D8A0FF555BAA87C5 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:14:09.0050 0x0dd4  Dnscache - ok
07:14:09.0097 0x0dd4  [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc         C:\Windows\System32\dot3svc.dll
07:14:09.0222 0x0dd4  dot3svc - ok
07:14:09.0284 0x0dd4  [ 27069CFFF29B7F04F4B1BB10154BE52B, 6869626F9A1D3F64224883C5E661638CEE893A3E29651C7B9302A03E52180415 ] dot4            C:\Windows\system32\DRIVERS\Dot4.sys
07:14:09.0300 0x0dd4  dot4 - ok
07:14:09.0378 0x0dd4  [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print       C:\Windows\System32\drivers\Dot4Prt.sys
07:14:09.0393 0x0dd4  Dot4Print - ok
07:14:09.0500 0x0dd4  [ B7D595F2F464F7B628AD53F06547792C, F5D06A91EF54FBF56305FCC882B854350B266B2A005D80CC77AEBC2929440729 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
07:14:09.0515 0x0dd4  dot4usb - ok
07:14:09.0577 0x0dd4  [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS             C:\Windows\system32\dps.dll
07:14:09.0640 0x0dd4  DPS - ok
07:14:09.0749 0x0dd4  [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
07:14:09.0852 0x0dd4  drmkaud - ok
07:14:09.0910 0x0dd4  [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
07:14:10.0004 0x0dd4  DsmSvc - ok
07:14:10.0129 0x0dd4  [ 2BB5627EB587FA995086C3D8C21B6D3F, 871E35BBE66180781324D38823B74263B660CF9254EE348A15421FAC5667F294 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
07:14:10.0253 0x0dd4  DXGKrnl - ok
07:14:10.0300 0x0dd4  [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost         C:\Windows\System32\eapsvc.dll
07:14:10.0363 0x0dd4  Eaphost - ok
07:14:10.0581 0x0dd4  [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv           C:\Windows\system32\drivers\evbda.sys
07:14:10.0891 0x0dd4  ebdrv - ok
07:14:10.0985 0x0dd4  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] EFS             C:\Windows\System32\lsass.exe
07:14:11.0125 0x0dd4  EFS - ok
07:14:11.0172 0x0dd4  [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
07:14:11.0203 0x0dd4  EhStorClass - ok
07:14:11.0234 0x0dd4  [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
07:14:11.0266 0x0dd4  EhStorTcgDrv - ok
07:14:11.0281 0x0dd4  [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev          C:\Windows\System32\drivers\errdev.sys
07:14:11.0313 0x0dd4  ErrDev - ok
07:14:11.0391 0x0dd4  [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem     C:\Windows\system32\es.dll
07:14:11.0476 0x0dd4  EventSystem - ok
07:14:11.0507 0x0dd4  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat           C:\Windows\system32\drivers\exfat.sys
07:14:11.0585 0x0dd4  exfat - ok
07:14:11.0617 0x0dd4  [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
07:14:11.0663 0x0dd4  fastfat - ok
07:14:11.0757 0x0dd4  [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax             C:\Windows\system32\fxssvc.exe
07:14:11.0866 0x0dd4  Fax - ok
07:14:11.0913 0x0dd4  [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc             C:\Windows\System32\drivers\fdc.sys
07:14:11.0975 0x0dd4  fdc - ok
07:14:12.0022 0x0dd4  [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost         C:\Windows\system32\fdPHost.dll
07:14:12.0084 0x0dd4  fdPHost - ok
07:14:12.0100 0x0dd4  [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub        C:\Windows\system32\fdrespub.dll
07:14:12.0162 0x0dd4  FDResPub - ok
07:14:12.0209 0x0dd4  [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc           C:\Windows\system32\fhsvc.dll
07:14:12.0287 0x0dd4  fhsvc - ok
07:14:12.0334 0x0dd4  [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:14:12.0396 0x0dd4  FileInfo - ok
07:14:12.0428 0x0dd4  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
07:14:12.0490 0x0dd4  Filetrace - ok
07:14:12.0677 0x0dd4  [ 64AB6F28047744B9B19C97459C2AB31B, B1F3FEE6DF1E72003DEAC8712C3E29D82DF67A095C4AC16A379BCD995C2F3833 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
07:14:12.0771 0x0dd4  FLEXnet Licensing Service 64 - ok
07:14:12.0802 0x0dd4  [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
07:14:12.0849 0x0dd4  flpydisk - ok
07:14:12.0913 0x0dd4  [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:14:12.0973 0x0dd4  FltMgr - ok
07:14:13.0078 0x0dd4  [ AD61E8B66750B9C921F52FF6287C9B30, 6C284E7DC99D2A7DEE269FBCBF2FA97B035268F37633EE667DEEBAE627D51F83 ] FontCache       C:\Windows\system32\FntCache.dll
07:14:13.0234 0x0dd4  FontCache - ok
07:14:13.0297 0x0dd4  [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:14:13.0328 0x0dd4  FontCache3.0.0.0 - ok
07:14:13.0359 0x0dd4  [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
07:14:13.0374 0x0dd4  FsDepends - ok
07:14:13.0421 0x0dd4  [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:14:13.0452 0x0dd4  Fs_Rec - ok
07:14:13.0532 0x0dd4  [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
07:14:13.0626 0x0dd4  fvevol - ok
07:14:13.0688 0x0dd4  [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
07:14:13.0720 0x0dd4  FxPPM - ok
07:14:13.0751 0x0dd4  [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
07:14:13.0782 0x0dd4  gagp30kx - ok
07:14:13.0907 0x0dd4  [ 06C7EDFE18BC65E6D0AA7161C254F403, 679A75C8FA059F9719F80D3A6CD8B11C563DFDD924E8FD4B9C3813737301B227 ] GamesAppIntegrationService C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
07:14:13.0939 0x0dd4  GamesAppIntegrationService - ok
07:14:13.0991 0x0dd4  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
07:14:14.0022 0x0dd4  GamesAppService - ok
07:14:14.0068 0x0dd4  [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
07:14:14.0100 0x0dd4  gencounter - ok
07:14:14.0162 0x0dd4  [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
07:14:14.0193 0x0dd4  GPIOClx0101 - ok
07:14:14.0302 0x0dd4  [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc           C:\Windows\System32\gpsvc.dll
07:14:14.0427 0x0dd4  gpsvc - ok
07:14:14.0537 0x0dd4  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:14:14.0552 0x0dd4  gupdate - ok
07:14:14.0568 0x0dd4  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:14:14.0599 0x0dd4  gupdatem - ok
07:14:14.0661 0x0dd4  [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:14:14.0739 0x0dd4  HdAudAddService - ok
07:14:14.0771 0x0dd4  [ 58CC013EFA9893057160EDA018D8ADCE, BE8AA220CFBD90202C1B130DF349C3198E3447F3C2DC7BC5FC8816F57F78BA00 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
07:14:14.0848 0x0dd4  HDAudBus - ok
07:14:14.0880 0x0dd4  [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
07:14:14.0926 0x0dd4  HidBatt - ok
07:14:14.0973 0x0dd4  [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth          C:\Windows\System32\drivers\hidbth.sys
07:14:15.0051 0x0dd4  HidBth - ok
07:14:15.0114 0x0dd4  [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
07:14:15.0207 0x0dd4  hidi2c - ok
07:14:15.0239 0x0dd4  [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr           C:\Windows\System32\drivers\hidir.sys
07:14:15.0285 0x0dd4  HidIr - ok
07:14:15.0332 0x0dd4  [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv         C:\Windows\system32\hidserv.dll
07:14:15.0379 0x0dd4  hidserv - ok
07:14:15.0410 0x0dd4  [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
07:14:15.0496 0x0dd4  HidUsb - ok
07:14:15.0527 0x0dd4  [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:14:15.0574 0x0dd4  hkmsvc - ok
07:14:15.0636 0x0dd4  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:14:15.0698 0x0dd4  HomeGroupListener - ok
07:14:15.0776 0x0dd4  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:14:15.0870 0x0dd4  HomeGroupProvider - ok
07:14:16.0011 0x0dd4  [ 6515296E8F9D81BB6C4588C4878A9AC1, 4102FCA9CC6CDAA52E68F030034C6C15DF036D5E9B6E0A8007B72655A3D1E3DD ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
07:14:16.0042 0x0dd4  HP Support Assistant Service - detected UnsignedFile.Multi.Generic ( 1 )
07:14:18.0655 0x0dd4  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
07:14:21.0220 0x0dd4  [ D104FF402FC3DDB686E6DEF00334DB26, 6CCE56587C02ECE474C6BF959C4A6F752A1FF0B718FBE8EE4FD9755313A207C1 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
07:14:21.0235 0x0dd4  hpdskflt - ok
07:14:21.0422 0x0dd4  [ 930370725FA0FE272346583A7A7D6BDB, 98195638D548A6E5E574E062FDCF4E5833DDE834399787EC51C340699B6E5E64 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
07:14:21.0453 0x0dd4  hpqcxs08 - ok
07:14:21.0485 0x0dd4  [ EE281DD6843F3F697C1AD7933EEB1E9B, 1ECE31C2150B92DDC1DCBBCECFE3E979F2C60B3F106280E3167BEC0269BF7A41 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
07:14:21.0492 0x0dd4  hpqddsvc - ok
07:14:21.0617 0x0dd4  [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
07:14:21.0742 0x0dd4  hpqwmiex - ok
07:14:21.0789 0x0dd4  [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
07:14:21.0820 0x0dd4  HpSAMD - ok
07:14:22.0179 0x0dd4  [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Users\J\AppData\Local\Temp\7zS23A4\hpslpsvc64.dll
07:14:22.0257 0x0dd4  HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
07:14:24.0634 0x0dd4  Detect skipped due to KSN trusted
07:14:24.0634 0x0dd4  HPSLPSVC - ok
07:14:24.0697 0x0dd4  [ 55FFCBB036D7BE4BCA6FA1421203A27F, 5BB865FC631390F59AF5F2452D4D2DA47E34A49E194C8010E942F5A2013F3895 ] hpsrv           C:\Windows\system32\Hpservice.exe
07:14:24.0728 0x0dd4  hpsrv - ok
07:14:24.0775 0x0dd4  [ 1878A79551F2EDAE7EBD110AAE6D33AD, 1F409360B44AEB3A6023E953EAB350FFB3EB8322F589E2422AB312288B33A2DA ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
07:14:24.0790 0x0dd4  HPSupportSolutionsFrameworkService - ok
07:14:24.0853 0x0dd4  [ F50912B0A861ED396F6062E79C37A4A7, 9B53EA5A03BB664EF5343B766C760BB8A96697ED4F2A0C81A4F58C443B4BC329 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
07:14:24.0868 0x0dd4  HPWMISVC - ok
07:14:24.0915 0x0dd4  [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64        C:\Windows\System32\Drivers\ANDROIDUSB.sys
07:14:24.0993 0x0dd4  HTCAND64 - ok
07:14:25.0056 0x0dd4  [ B8B1B284362E1D8135112573395D5DA5, 97BC6A7B2DCD7CC854B912A85BB2FCF199592E8E16A7C405EAF89B02D5DE4AEE ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
07:14:25.0102 0x0dd4  htcnprot - ok
07:14:25.0258 0x0dd4  [ 258A9103842E36CD27D07D5A1F6D2A23, 883E797263DB0A971C5FDDB588AAE041DD1021F079A891E8AA4525799C795B04 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:14:25.0383 0x0dd4  HTTP - ok
07:14:25.0415 0x0dd4  [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
07:14:25.0446 0x0dd4  hwpolicy - ok
07:14:25.0477 0x0dd4  [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
07:14:25.0535 0x0dd4  hyperkbd - ok
07:14:25.0565 0x0dd4  [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
07:14:25.0615 0x0dd4  HyperVideo - ok
07:14:25.0646 0x0dd4  [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
07:14:25.0835 0x0dd4  i8042prt - ok
07:14:25.0913 0x0dd4  [ 050F2539E14F9D5E90A4B61738EC29BD, 0E65468B9F452FA7DB6DF2C1B2B2E9439C79031E27054FBDBDFE28A9F98721D7 ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
07:14:25.0976 0x0dd4  iaStorA - ok
07:14:26.0022 0x0dd4  [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
07:14:26.0069 0x0dd4  iaStorV - ok
07:14:26.0241 0x0dd4  [ ABEFA4BD23329FD9BD47496BF2E58774, 9689D4C6380735EE1CC7F480696CDDC229E0FA511942AC813314D353584D82DD ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
07:14:26.0412 0x0dd4  IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )
07:14:28.0777 0x0dd4  Detect skipped due to KSN trusted
07:14:28.0779 0x0dd4  IconMan_R - ok
07:14:29.0451 0x0dd4  [ 83915E05E168AB63B48302F7DC5D8E00, CD7300A5FFD5A8CE47690CDC1223F4693C536D5667F842CA457CC8716AA3F618 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
07:14:30.0158 0x0dd4  igfx - ok
07:14:30.0221 0x0dd4  [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
07:14:30.0236 0x0dd4  iirsp - ok
07:14:30.0345 0x0dd4  [ 6F3037196ED82BA5ABA3135C49A1BAB4, 3862C6A27E78A279E974A5B97A1648CFD4FEF824CBEF6493F52812ECEA688D93 ] IKEEXT          C:\Windows\System32\ikeext.dll
07:14:30.0455 0x0dd4  IKEEXT - ok
07:14:30.0501 0x0dd4  [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide        C:\Windows\system32\drivers\intelide.sys
07:14:30.0517 0x0dd4  intelide - ok
07:14:30.0564 0x0dd4  [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
07:14:30.0642 0x0dd4  intelppm - ok
07:14:30.0689 0x0dd4  [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:14:30.0751 0x0dd4  IpFilterDriver - ok
07:14:30.0845 0x0dd4  [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
07:14:30.0938 0x0dd4  iphlpsvc - ok
07:14:30.0985 0x0dd4  [ A4071DA3AE419F9694BFCB267C7DB8D7, 392DEE1DA51606C29418A98D2861F115E9F67C688B4281C53E87BA73A98809FB ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
07:14:31.0094 0x0dd4  IPMIDRV - ok
07:14:31.0141 0x0dd4  [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
07:14:31.0203 0x0dd4  IPNAT - ok
07:14:31.0235 0x0dd4  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:14:31.0281 0x0dd4  IRENUM - ok
07:14:31.0313 0x0dd4  [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:14:31.0328 0x0dd4  isapnp - ok
07:14:31.0391 0x0dd4  [ E6530FD4F61B40F338BF4355A21B9A09, FE9BF039B9901BEC260A69F7C49ACFA9881AD470DCCBA70C7EC36F518DA71702 ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
07:14:31.0437 0x0dd4  iScsiPrt - ok
07:14:31.0469 0x0dd4  [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
07:14:31.0484 0x0dd4  kbdclass - ok
07:14:31.0515 0x0dd4  [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
07:14:31.0562 0x0dd4  kbdhid - ok
07:14:31.0624 0x0dd4  [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
07:14:31.0671 0x0dd4  kdnic - ok
07:14:31.0816 0x0dd4  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] KeyIso          C:\Windows\system32\lsass.exe
07:14:31.0861 0x0dd4  KeyIso - ok
07:14:31.0931 0x0dd4  [ 795EC29BA21F1D948FD6FD740C00B599, 780900717A812C5DB78C67057010BD62DF2C756C087599A6F8C67CB4EFA7518C ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
07:14:32.0029 0x0dd4  kl1 - ok
07:14:32.0060 0x0dd4  [ 2248A9F2B7704271C72E306001C7FBE0, FEC8E10F4FAB332E36C1C5801396174B4CE21186431A2A234CE49695C4674ACA ] klelam          C:\Windows\system32\DRIVERS\klelam.sys
07:14:32.0091 0x0dd4  klelam - ok
07:14:32.0138 0x0dd4  [ BC996B5D96CB7463268DE67E2D99F496, F2763242B69B1290FCAF54B6353BC1469C47D774724249D4CB9BFEC100890970 ] klflt           C:\Windows\system32\DRIVERS\klflt.sys
07:14:32.0169 0x0dd4  klflt - ok
07:14:32.0231 0x0dd4  [ E8D6C80D4E11383CEE269F9C27E6464C, 5E9EAD64AE221AE8BF87730A7FDDF8023805184D12A058A147ECD887FA3D3012 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
07:14:32.0278 0x0dd4  KLIF - ok
07:14:32.0310 0x0dd4  [ B6822DEFE601629F19E0A2D7F0D623F2, FD71A2AA3FC4698B5436D185E2F2A3EB6A111AE8F35606E1658E2D18CE744F13 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
07:14:32.0325 0x0dd4  KLIM6 - ok
07:14:32.0356 0x0dd4  [ B45DEC5BD71885E833DF3D837CE7C606, 8A81802122EE6BD791E36F9F27D921C9BC4D5B6604C0A79F9F1D806AD44B9869 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
07:14:32.0372 0x0dd4  klkbdflt - ok
07:14:32.0403 0x0dd4  [ 8849D8F6259D3494E8C5C9482EE40A08, 62C60FD28916407AEF3C4F8B8FF7E5FCDFAE261E772E672E3E06F0D0CA6D6729 ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
07:14:32.0419 0x0dd4  klmouflt - ok
07:14:32.0466 0x0dd4  [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd            C:\Windows\system32\DRIVERS\klpd.sys
07:14:32.0512 0x0dd4  klpd - ok
07:14:32.0559 0x0dd4  [ C66A4C640B7F9606668D35D726D2FF51, B6708A516D55FDDB3C5F018827D4E0B52D2B65D7B0DC33A9AECC301A05A860DE ] klwfp           C:\Windows\system32\DRIVERS\klwfp.sys
07:14:32.0590 0x0dd4  klwfp - ok
07:14:32.0606 0x0dd4  [ 91BC1C5B00275A4D7FD669EFF0DDEB2A, B745518E1916441A49565478EA77C8DBC784E7B4D9DAD1EA1F648ED1727F413D ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
07:14:32.0637 0x0dd4  kneps - ok
07:14:32.0684 0x0dd4  [ 559A933F5647A7A2783C8A0C6CB0514C, B4CF12D409F14E21DE081A5D7FC935719582FADA1505D03301B444B6B027F1EB ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:14:32.0715 0x0dd4  KSecDD - ok
07:14:32.0793 0x0dd4  [ F30A4233D39280A3E6C18ED034663B47, 0BB0ED9C59CB3B70ADB0D4678E153022DD7E4570B388544387D9D0761DD5C22E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
07:14:32.0834 0x0dd4  KSecPkg - ok
07:14:32.0872 0x0dd4  [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
07:14:32.0920 0x0dd4  ksthunk - ok
07:14:32.0998 0x0dd4  [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm           C:\Windows\system32\msdtckrm.dll
07:14:33.0061 0x0dd4  KtmRm - ok
07:14:33.0123 0x0dd4  [ 05A5B36592BB5F371B6AB020A2691E42, 384230A10EA0394E260282509B7D8EFCBFF8814611F6EFAB2DD346B97963EC55 ] LanmanServer    C:\Windows\system32\srvsvc.dll
07:14:33.0217 0x0dd4  LanmanServer - ok
07:14:33.0295 0x0dd4  [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:14:33.0326 0x0dd4  LanmanWorkstation - ok
07:14:33.0357 0x0dd4  [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:14:33.0404 0x0dd4  lltdio - ok
07:14:33.0482 0x0dd4  [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
07:14:33.0599 0x0dd4  lltdsvc - ok
07:14:33.0630 0x0dd4  [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts         C:\Windows\System32\lmhsvc.dll
07:14:33.0692 0x0dd4  lmhosts - ok
07:14:33.0739 0x0dd4  [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
07:14:33.0770 0x0dd4  LSI_SAS - ok
07:14:33.0802 0x0dd4  [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
07:14:33.0833 0x0dd4  LSI_SAS2 - ok
07:14:33.0848 0x0dd4  [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
07:14:33.0879 0x0dd4  LSI_SCSI - ok
07:14:33.0895 0x0dd4  [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
07:14:33.0926 0x0dd4  LSI_SSS - ok
07:14:34.0067 0x0dd4  [ 1DC9B701F8EB7D67774035AC9C3104F6, 77371267CDA605F78674BF8FA14B134B22299CD96EADA60A68762207595F0B46 ] LSM             C:\Windows\System32\lsm.dll
07:14:34.0223 0x0dd4  LSM - ok
07:14:34.0254 0x0dd4  [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv           C:\Windows\system32\drivers\luafv.sys
07:14:34.0332 0x0dd4  luafv - ok
07:14:34.0379 0x0dd4  [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas         C:\Windows\system32\drivers\megasas.sys
07:14:34.0394 0x0dd4  megasas - ok
07:14:34.0441 0x0dd4  [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
07:14:34.0488 0x0dd4  MegaSR - ok
07:14:34.0737 0x0dd4  [ 551A5E070F5DF69A64463852E93009DD, D226F4D198AD8A1A0CB399BA5299332995BF75615952DF6D3610B95EB7D180BB ] mitsijm2013     C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
07:14:34.0769 0x0dd4  mitsijm2013 - ok
07:14:34.0831 0x0dd4  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS           C:\Windows\system32\mmcss.dll
07:14:34.0925 0x0dd4  MMCSS - ok
07:14:34.0940 0x0dd4  [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem           C:\Windows\system32\drivers\modem.sys
07:14:35.0011 0x0dd4  Modem - ok
07:14:35.0051 0x0dd4  [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor         C:\Windows\System32\drivers\monitor.sys
07:14:35.0112 0x0dd4  monitor - ok
07:14:35.0175 0x0dd4  [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
07:14:35.0206 0x0dd4  mouclass - ok
07:14:35.0237 0x0dd4  [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid          C:\Windows\System32\drivers\mouhid.sys
07:14:35.0315 0x0dd4  mouhid - ok
07:14:35.0393 0x0dd4  [ A1825437F11C4FD9778F293A08DE65F3, 8AD337363F6BDEB816770EFDA7C3F1AAFA88BA7E265ED168ACBC03001669B902 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
07:14:35.0424 0x0dd4  mountmgr - ok
07:14:35.0487 0x0dd4  [ 4CCBBD4944777CA100B9A6C2F149A46F, 7FC172FAF8266BFBBBBAD94FD67EA3C1872F5927DC3900A9A54DB2DFE34E7415 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:14:35.0590 0x0dd4  mpsdrv - ok
07:14:35.0668 0x0dd4  [ 9DE3341BD4E14BC5FADFCAD3019F2D0D, 37E0531EADABC6D4BCC496826651D4D14CF0D10156FF13C11BDE466084B44FF4 ] MpsSvc          C:\Windows\system32\mpssvc.dll
07:14:35.0746 0x0dd4  MpsSvc - ok
07:14:35.0808 0x0dd4  [ 25560C1656DC7F0723A0CC0B0E1C6BED, 17E8565B833ED58CCB6F85B90A42553464C4408C54006E019AA5641EDB682E31 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:14:35.0918 0x0dd4  MRxDAV - ok
07:14:35.0983 0x0dd4  [ 6BA2A5D1C74E7CB3AFAF301A7E5D9E44, 92CACD154D3D7E738C6D2492186270762B1888E89F505EE00C3CAE58F71650ED ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:14:36.0079 0x0dd4  mrxsmb - ok
07:14:36.0111 0x0dd4  [ 7E86B45D5F84E0F96AE18BEAC7A51EE4, 2B4DC0B017FD90D7D2F6A35342F5A17B20E79D077D3DFC4AD2455C0D814B7B5E ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:14:36.0204 0x0dd4  mrxsmb10 - ok
07:14:36.0251 0x0dd4  [ 1BB4582396718EDEFF8A4493AEF67D66, 62AA83190CA041131E43B2031175D9F0F8ACD9A0EB0EC8B8F66C2951F15420E4 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:14:36.0313 0x0dd4  mrxsmb20 - ok
07:14:36.0345 0x0dd4  [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
07:14:36.0469 0x0dd4  MsBridge - ok
07:14:36.0516 0x0dd4  [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC           C:\Windows\System32\msdtc.exe
07:14:36.0563 0x0dd4  MSDTC - ok
07:14:36.0625 0x0dd4  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:14:36.0703 0x0dd4  Msfs - ok
07:14:36.0750 0x0dd4  [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
07:14:36.0781 0x0dd4  msgpiowin32 - ok
07:14:36.0797 0x0dd4  [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
07:14:36.0891 0x0dd4  mshidkmdf - ok
07:14:36.0922 0x0dd4  [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
07:14:36.0937 0x0dd4  mshidumdf - ok
07:14:36.0969 0x0dd4  [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:14:36.0984 0x0dd4  msisadrv - ok
07:14:37.0031 0x0dd4  [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
07:14:37.0062 0x0dd4  MSiSCSI - ok
07:14:37.0078 0x0dd4  msiserver - ok
07:14:37.0109 0x0dd4  [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
07:14:37.0125 0x0dd4  MSKSSRV - ok
07:14:37.0140 0x0dd4  [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
07:14:37.0171 0x0dd4  MsLldp - ok
07:14:37.0187 0x0dd4  [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:14:37.0234 0x0dd4  MSPCLOCK - ok
07:14:37.0265 0x0dd4  [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
07:14:37.0296 0x0dd4  MSPQM - ok
07:14:37.0359 0x0dd4  [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
07:14:37.0390 0x0dd4  MsRPC - ok
07:14:37.0421 0x0dd4  [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
07:14:37.0437 0x0dd4  mssmbios - ok
07:14:37.0468 0x0dd4  [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
07:14:37.0515 0x0dd4  MSTEE - ok
07:14:37.0530 0x0dd4  [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
07:14:37.0574 0x0dd4  MTConfig - ok
07:14:37.0621 0x0dd4  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup             C:\Windows\system32\Drivers\mup.sys
07:14:37.0636 0x0dd4  Mup - ok
07:14:37.0668 0x0dd4  [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
07:14:37.0683 0x0dd4  mvumis - ok
07:14:37.0746 0x0dd4  [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent        C:\Windows\system32\qagentRT.dll
07:14:37.0808 0x0dd4  napagent - ok
07:14:37.0886 0x0dd4  [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
07:14:37.0933 0x0dd4  NativeWifiP - ok
07:14:37.0980 0x0dd4  [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc          C:\Windows\System32\ncasvc.dll
07:14:38.0058 0x0dd4  NcaSvc - ok
07:14:38.0089 0x0dd4  [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
07:14:38.0167 0x0dd4  NcdAutoSetup - ok
07:14:38.0274 0x0dd4  [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:14:38.0337 0x0dd4  NDIS - ok
07:14:38.0352 0x0dd4  [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
07:14:38.0399 0x0dd4  NdisCap - ok
07:14:38.0446 0x0dd4  [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
07:14:38.0539 0x0dd4  NdisImPlatform - ok
07:14:38.0602 0x0dd4  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:14:38.0664 0x0dd4  NdisTapi - ok
07:14:38.0727 0x0dd4  [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
07:14:38.0773 0x0dd4  Ndisuio - ok
07:14:38.0820 0x0dd4  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
07:14:38.0883 0x0dd4  NdisWan - ok
07:14:38.0898 0x0dd4  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
07:14:38.0914 0x0dd4  NDISWANLEGACY - ok
07:14:38.0961 0x0dd4  [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
07:14:39.0007 0x0dd4  NDProxy - ok
07:14:39.0023 0x0dd4  [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu             C:\Windows\system32\drivers\Ndu.sys
07:14:39.0070 0x0dd4  Ndu - ok
07:14:39.0101 0x0dd4  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\System32\HPZinw12.dll
07:14:39.0145 0x0dd4  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
07:14:41.0536 0x0dd4  Detect skipped due to KSN trusted
07:14:41.0536 0x0dd4  Net Driver HPZ12 - ok
07:14:41.0577 0x0dd4  [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
07:14:41.0624 0x0dd4  NetBIOS - ok
07:14:41.0686 0x0dd4  [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
07:14:41.0764 0x0dd4  NetBT - ok
07:14:41.0795 0x0dd4  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] Netlogon        C:\Windows\system32\lsass.exe
07:14:41.0826 0x0dd4  Netlogon - ok
07:14:41.0873 0x0dd4  [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman          C:\Windows\System32\netman.dll
07:14:41.0982 0x0dd4  Netman - ok
07:14:42.0045 0x0dd4  [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm        C:\Windows\System32\netprofmsvc.dll
07:14:42.0138 0x0dd4  netprofm - ok
07:14:42.0306 0x0dd4  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:14:42.0342 0x0dd4  NetTcpPortSharing - ok
07:14:42.0374 0x0dd4  [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
07:14:42.0389 0x0dd4  nfrd960 - ok
07:14:42.0467 0x0dd4  [ 5177E35B186D2DED6F1EFF57BA61B975, B48C2E0FE2E95C37697107BDB8E0843D3E56200D2E242BF02E205C53978655D9 ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:14:42.0576 0x0dd4  NlaSvc - ok
07:14:42.0623 0x0dd4  [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:14:42.0670 0x0dd4  Npfs - ok
07:14:42.0701 0x0dd4  [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
07:14:42.0748 0x0dd4  npsvctrig - ok
07:14:42.0795 0x0dd4  [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi             C:\Windows\system32\nsisvc.dll
07:14:42.0826 0x0dd4  nsi - ok
07:14:42.0873 0x0dd4  [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:14:42.0920 0x0dd4  nsiproxy - ok
07:14:43.0060 0x0dd4  [ 7BE3EDFFA3216F989A6BDCB14795DD08, 19A2D0120C46CA9BCFBC16DC3E65687ACDDCBA33B79128188652BA2AFAA2EE2F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:14:43.0216 0x0dd4  Ntfs - ok
07:14:43.0247 0x0dd4  [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null            C:\Windows\system32\drivers\Null.sys
07:14:43.0294 0x0dd4  Null - ok
07:14:43.0357 0x0dd4  [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:14:43.0388 0x0dd4  nvraid - ok
07:14:43.0419 0x0dd4  [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:14:43.0466 0x0dd4  nvstor - ok
07:14:43.0481 0x0dd4  [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
07:14:43.0513 0x0dd4  nv_agp - ok
07:14:43.0583 0x0dd4  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:14:43.0676 0x0dd4  ose - ok
07:14:44.0066 0x0dd4  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:14:44.0378 0x0dd4  osppsvc - ok
07:14:44.0529 0x0dd4  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
07:14:44.0597 0x0dd4  p2pimsvc - ok
07:14:44.0643 0x0dd4  [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc          C:\Windows\system32\p2psvc.dll
07:14:44.0690 0x0dd4  p2psvc - ok
07:14:44.0737 0x0dd4  [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport         C:\Windows\System32\drivers\parport.sys
07:14:44.0768 0x0dd4  Parport - ok
07:14:44.0830 0x0dd4  [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
07:14:44.0861 0x0dd4  partmgr - ok
07:14:44.0970 0x0dd4  [ 3CAE2BBC86FCF7F94C9696994AF30386, 4DA063A60523567272CFB35DF5D7CA142B100EF9123B1F23A6F11AB89DB83486 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
07:14:44.0986 0x0dd4  PassThru Service - detected UnsignedFile.Multi.Generic ( 1 )
07:14:47.0382 0x0dd4  Detect skipped due to KSN trusted
07:14:47.0382 0x0dd4  PassThru Service - ok
07:14:47.0460 0x0dd4  [ 4811D9EC53649105A5A8BEA661B0F936, C77907E03D0561500FCFEAFAC323E9679E66297329901A0CA2BD7E919419A8E8 ] PcaSvc          C:\Windows\System32\pcasvc.dll
07:14:47.0611 0x0dd4  PcaSvc - ok
07:14:47.0671 0x0dd4  [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci             C:\Windows\system32\drivers\pci.sys
07:14:47.0709 0x0dd4  pci - ok
07:14:47.0725 0x0dd4  [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide          C:\Windows\system32\drivers\pciide.sys
07:14:47.0756 0x0dd4  pciide - ok
07:14:47.0772 0x0dd4  [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
07:14:47.0819 0x0dd4  pcmcia - ok
07:14:47.0897 0x0dd4  [ 1B7464E530D6FB7A9F94613B33662EB1, EC343440BC97E4C3320868B8EE22C3983C8B5F17E4545D233E2274888FB960FC ] pcregservice    C:\Program Files\pcreg\pcreg.exe
07:14:47.0928 0x0dd4  pcregservice - ok
07:14:47.0943 0x0dd4  [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw             C:\Windows\system32\drivers\pcw.sys
07:14:47.0975 0x0dd4  pcw - ok
07:14:48.0037 0x0dd4  [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc             C:\Windows\system32\drivers\pdc.sys
07:14:48.0068 0x0dd4  pdc - ok
07:14:48.0162 0x0dd4  [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:14:48.0271 0x0dd4  PEAUTH - ok
07:14:48.0365 0x0dd4  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost        C:\Windows\SysWow64\perfhost.exe
07:14:48.0458 0x0dd4  PerfHost - ok
07:14:48.0613 0x0dd4  [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla             C:\Windows\system32\pla.dll
07:14:48.0765 0x0dd4  pla - ok
07:14:48.0812 0x0dd4  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:14:48.0859 0x0dd4  PlugPlay - ok
07:14:48.0922 0x0dd4  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\System32\HPZipm12.dll
07:14:48.0937 0x0dd4  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
07:14:51.0295 0x0dd4  Detect skipped due to KSN trusted
07:14:51.0295 0x0dd4  Pml Driver HPZ12 - ok
07:14:51.0342 0x0dd4  [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
07:14:51.0404 0x0dd4  PNRPAutoReg - ok
07:14:51.0435 0x0dd4  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
07:14:51.0554 0x0dd4  PNRPsvc - ok
07:14:51.0622 0x0dd4  [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
07:14:51.0702 0x0dd4  PolicyAgent - ok
07:14:51.0757 0x0dd4  [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power           C:\Windows\system32\umpo.dll
07:14:51.0843 0x0dd4  Power - ok
07:14:51.0874 0x0dd4  [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:14:51.0937 0x0dd4  PptpMiniport - ok
07:14:52.0358 0x0dd4  [ 3D312AC13CB8D05822E9EFD234766BA7, 5914CAA563FAE4E21AD58A262369657135D320788A56ABF15C9D77E9ADC4CA36 ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
07:14:52.0596 0x0dd4  PrintNotify - ok
07:14:52.0660 0x0dd4  [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor       C:\Windows\System32\drivers\processr.sys
07:14:52.0742 0x0dd4  Processor - ok
07:14:52.0813 0x0dd4  [ 1D7127048413309629233B50BF2DD9A6, 918322AFDD576D9966961B111F5E38BDDB4278F9456E7AA1A3453EC8CAF4B8A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
07:14:52.0911 0x0dd4  ProfSvc - ok
07:14:52.0960 0x0dd4  [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
07:14:53.0015 0x0dd4  Psched - ok
07:14:53.0212 0x0dd4  [ 7C75107713DDE649101F7259A58839D8, 04EA0048A5E8723D33322AD8560658EBD8D4FEE5223F6956F23861CE79954A55 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
07:14:53.0243 0x0dd4  QBCFMonitorService - detected UnsignedFile.Multi.Generic ( 1 )
07:14:55.0615 0x0dd4  Detect skipped due to KSN trusted
07:14:55.0615 0x0dd4  QBCFMonitorService - ok
07:14:55.0733 0x0dd4  [ 9EE9AA5D1FB3F3B99467A20B03B47C5D, 5C43150DF7FC7786DD7568219860BEC89460EE13889B37F01A6D15D4059EC146 ] QBFCService     C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
07:14:55.0766 0x0dd4  QBFCService - detected UnsignedFile.Multi.Generic ( 1 )
07:14:58.0133 0x0dd4  Detect skipped due to KSN trusted
07:14:58.0133 0x0dd4  QBFCService - ok
07:14:58.0280 0x0dd4  [ A0A4C760E18DF1F62D535B817B0ADD0D, 68D521941141CF81FA35302ABC7EA06BB30D9F553867AFA2DD3B4061620287BE ] QBVSS           C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
07:14:58.0400 0x0dd4  QBVSS - detected UnsignedFile.Multi.Generic ( 1 )
07:15:00.0761 0x0dd4  Detect skipped due to KSN trusted
07:15:00.0763 0x0dd4  QBVSS - ok
07:15:00.0932 0x0dd4  [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE           C:\Windows\system32\qwave.dll
07:15:01.0009 0x0dd4  QWAVE - ok
07:15:01.0067 0x0dd4  [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:15:01.0123 0x0dd4  QWAVEdrv - ok
07:15:01.0161 0x0dd4  [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:15:01.0211 0x0dd4  RasAcd - ok
07:15:01.0262 0x0dd4  [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
07:15:01.0313 0x0dd4  RasAgileVpn - ok
07:15:01.0360 0x0dd4  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto         C:\Windows\System32\rasauto.dll
07:15:01.0410 0x0dd4  RasAuto - ok
07:15:01.0462 0x0dd4  [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
07:15:01.0529 0x0dd4  Rasl2tp - ok
07:15:01.0579 0x0dd4  [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan          C:\Windows\System32\rasmans.dll
07:15:01.0669 0x0dd4  RasMan - ok
07:15:01.0702 0x0dd4  [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:15:01.0742 0x0dd4  RasPppoe - ok
07:15:01.0782 0x0dd4  [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
07:15:01.0824 0x0dd4  RasSstp - ok
07:15:01.0894 0x0dd4  [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
07:15:01.0979 0x0dd4  rdbss - ok
07:15:02.0012 0x0dd4  [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
07:15:02.0097 0x0dd4  rdpbus - ok
07:15:02.0192 0x0dd4  [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
07:15:02.0296 0x0dd4  RDPDR - ok
07:15:02.0398 0x0dd4  [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
07:15:02.0411 0x0dd4  RdpVideoMiniport - ok
07:15:02.0475 0x0dd4  [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
07:15:02.0585 0x0dd4  RDPWD - ok
07:15:02.0610 0x0dd4  [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
07:15:02.0664 0x0dd4  rdyboost - ok
07:15:02.0769 0x0dd4  [ 1BC4D923B0E6CC2E17B7409B20A7FB52, EA715BC38B890AB42D427F66F8DB66FE15C748A34C4DD6A11A8797B651D177D9 ] RealPlayerUpdateSvc C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
07:15:02.0807 0x0dd4  RealPlayerUpdateSvc - ok
07:15:02.0943 0x0dd4  [ 912EFA53B6D7EF8BE08BE5567AAEE797, 5E4EA31F89956CA1121B4CEEA7DB274EF8E80E9C97D1A0161BE5521AAD50DA87 ] RealTimes Desktop Service C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
07:15:03.0026 0x0dd4  RealTimes Desktop Service - ok
07:15:03.0086 0x0dd4  [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess    C:\Windows\System32\mprdim.dll
07:15:03.0175 0x0dd4  RemoteAccess - ok
07:15:03.0226 0x0dd4  [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:15:03.0312 0x0dd4  RemoteRegistry - ok
07:15:03.0343 0x0dd4  [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
07:15:03.0458 0x0dd4  RpcEptMapper - ok
07:15:03.0489 0x0dd4  [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator      C:\Windows\system32\locator.exe
07:15:03.0552 0x0dd4  RpcLocator - ok
07:15:03.0647 0x0dd4  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs           C:\Windows\system32\rpcss.dll
07:15:03.0713 0x0dd4  RpcSs - ok
07:15:03.0777 0x0dd4  [ D38250F459BF60D6F4B69B79DCD948CC, E68C864C1A4C9352EA939062F28789ADE9F0672E8CB3F3909D2891786C76F06F ] RSP2STOR        C:\Windows\system32\DRIVERS\RtsP2Stor.sys
07:15:03.0861 0x0dd4  RSP2STOR - ok
07:15:03.0895 0x0dd4  [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:15:03.0926 0x0dd4  rspndr - ok
07:15:03.0999 0x0dd4  [ 34DA0D14F5C3F1883A331AFB975AB434, BB5D580C1DCAE59CC1DB75C411A5A4DDF435931469E7EBFF5DFDADBFE07ADEBF ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
07:15:04.0061 0x0dd4  RTL8168 - ok
07:15:04.0086 0x0dd4  [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
07:15:04.0127 0x0dd4  s3cap - ok
07:15:04.0211 0x0dd4  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] SamSs           C:\Windows\system32\lsass.exe
07:15:04.0242 0x0dd4  SamSs - ok
07:15:04.0283 0x0dd4  [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:15:04.0311 0x0dd4  sbp2port - ok
07:15:04.0365 0x0dd4  [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:15:04.0442 0x0dd4  SCardSvr - ok
07:15:04.0495 0x0dd4  [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
07:15:04.0542 0x0dd4  scfilter - ok
07:15:04.0696 0x0dd4  [ C67ACB63A860E041995414148B3DC840, 54883B7ECE8921B2CA0A0FE35B0E3B4B7D8CA8890F0CA7EACD54E706F04880C5 ] Schedule        C:\Windows\system32\schedsvc.dll
07:15:04.0827 0x0dd4  Schedule - ok
07:15:04.0895 0x0dd4  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
07:15:04.0927 0x0dd4  SCPolicySvc - ok
07:15:04.0990 0x0dd4  [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
07:15:05.0026 0x0dd4  sdbus - ok
07:15:05.0070 0x0dd4  [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:15:05.0161 0x0dd4  SDRSVC - ok
07:15:05.0241 0x0dd4  [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor          C:\Windows\System32\drivers\sdstor.sys
07:15:05.0276 0x0dd4  sdstor - ok
07:15:05.0313 0x0dd4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:15:05.0410 0x0dd4  secdrv - ok
07:15:05.0464 0x0dd4  [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon        C:\Windows\system32\seclogon.dll
07:15:05.0513 0x0dd4  seclogon - ok
07:15:05.0567 0x0dd4  [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS            C:\Windows\System32\sens.dll
07:15:05.0612 0x0dd4  SENS - ok
07:15:05.0628 0x0dd4  [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
07:15:05.0696 0x0dd4  SensrSvc - ok
07:15:05.0743 0x0dd4  [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
07:15:05.0804 0x0dd4  SerCx - ok
07:15:05.0827 0x0dd4  [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum         C:\Windows\System32\drivers\serenum.sys
07:15:05.0880 0x0dd4  Serenum - ok
07:15:05.0943 0x0dd4  [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial          C:\Windows\System32\drivers\serial.sys
07:15:06.0016 0x0dd4  Serial - ok
07:15:06.0044 0x0dd4  [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
07:15:06.0092 0x0dd4  sermouse - ok
07:15:06.0164 0x0dd4  [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv      C:\Windows\system32\sessenv.dll
07:15:06.0212 0x0dd4  SessionEnv - ok
07:15:06.0284 0x0dd4  [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
07:15:06.0327 0x0dd4  sfloppy - ok
07:15:06.0411 0x0dd4  [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
07:15:06.0491 0x0dd4  SharedAccess - ok
07:15:06.0594 0x0dd4  [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:15:06.0681 0x0dd4  ShellHWDetection - ok
07:15:06.0953 0x0dd4  [ F314131B855D9934C4D45E14370DA82B, EE46095A7835A8C97956CEDD2C9C33ABB91494862140BAE3F057C2B9D0C8AB6D ] ShieldSoft      C:\Users\J\AppData\Roaming\ShieldSoft\UI\bin\ShieldsoftService.exe
07:15:06.0968 0x0dd4  ShieldSoft - detected UnsignedFile.Multi.Generic ( 1 )
07:15:09.0342 0x0dd4  ShieldSoft ( UnsignedFile.Multi.Generic ) - warning
07:15:11.0833 0x0dd4  [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
07:15:11.0858 0x0dd4  SiSRaid2 - ok
07:15:11.0893 0x0dd4  [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
07:15:11.0962 0x0dd4  SiSRaid4 - ok
07:15:12.0077 0x0dd4  [ 0B70786BD1062CD4C6B58E412B9C3E55, 60ED027642FFF97BFFA55AE3EFFCCBB6D6AD8196D35E9ED06F9AF431E3C0402A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
07:15:12.0125 0x0dd4  SkypeUpdate - ok
07:15:12.0145 0x0dd4  [ AF5CC3F9B88F140D78FC967ABF0F4EC7, 7CE3AB7B0A36635CF00E35E84C14B8661FAF794ABCFA61AE45A0E5E8EA996A3B ] SmbDrv          C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
07:15:12.0177 0x0dd4  SmbDrv - ok
07:15:12.0232 0x0dd4  [ 19555D03CB179BED8B8AAA239A36BDA4, 7B975821D52ABE077496B3CFC010B33D478CD2C36E6A74D8F72D2BF582B8C84A ] SmbDrvI         C:\Windows\System32\drivers\Smb_driver_Intel.sys
07:15:12.0252 0x0dd4  SmbDrvI - ok
07:15:12.0302 0x0dd4  [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:15:12.0343 0x0dd4  SNMPTRAP - ok
07:15:12.0425 0x0dd4  [ 9110193D93960E38B8692E4519C75D72, 789381B4CCC056EE431E78E2339AC9802264A1CE4B378DDA9769649664C9A7A0 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
07:15:12.0473 0x0dd4  spaceport - ok
07:15:12.0511 0x0dd4  [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
07:15:12.0542 0x0dd4  SpbCx - ok
07:15:12.0633 0x0dd4  [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler         C:\Windows\System32\spoolsv.exe
07:15:12.0801 0x0dd4  Spooler - ok
07:15:13.0140 0x0dd4  [ 061A977C920FBE4BF71FF47C966DDDCA, 746516396B72E4ADB05D978C819CD45FE44EE194756F6DA50121D755439CA590 ] sppsvc          C:\Windows\system32\sppsvc.exe
07:15:13.0471 0x0dd4  sppsvc - ok
07:15:13.0523 0x0dd4  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv             C:\Windows\system32\DRIVERS\srv.sys
07:15:13.0591 0x0dd4  srv - ok
07:15:13.0711 0x0dd4  [ B56A855B23676CCE05B626C6037FD02F, 3C0DCB16A96BD6A002A4FAF1AF939AF470D95137CB745F5DAD039B5D8C956E30 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:15:13.0863 0x0dd4  srv2 - ok
07:15:13.0909 0x0dd4  [ 78E9665C8DC59106D133CBEF0F0C3DE3, 380FD51EE00CEF3FFEF9BFB5E14538E084F1DDF8D8F8BCDF4EC23CB8C3A40D2F ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:15:13.0995 0x0dd4  srvnet - ok
07:15:14.0076 0x0dd4  [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
07:15:14.0123 0x0dd4  SSDPSRV - ok
07:15:14.0169 0x0dd4  [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
07:15:14.0277 0x0dd4  SstpSvc - ok
07:15:14.0340 0x0dd4  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
07:15:14.0371 0x0dd4  ssudmdm - ok
07:15:14.0507 0x0dd4  [ 098185E9B7C417CF7480BB9F839DB652, 5573CB98057DC2F01E8958780165A32AFD08E4C768F5625250628CB8A4C509D3 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
07:15:14.0605 0x0dd4  STacSV - ok
07:15:14.0612 0x0dd4  Steam Client Service - ok
07:15:14.0655 0x0dd4  [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor        C:\Windows\system32\drivers\stexstor.sys
07:15:14.0677 0x0dd4  stexstor - ok
07:15:14.0755 0x0dd4  [ 32BE0B7CCA47A5BE30E7E43DC54B54F3, D4667E88E14393311F93D787C902B993B9451A94D332A65B0E22A8C40C3DFF44 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
07:15:14.0821 0x0dd4  STHDA - ok
07:15:14.0872 0x0dd4  [ F38F79114380246B6D40CD53FB2CA28D, 5F4001F6D97903DCBB2399B3AC36329A515823D44CDEE784613F2976398DB950 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
07:15:14.0924 0x0dd4  StillCam - ok
07:15:15.0078 0x0dd4  [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc          C:\Windows\System32\wiaservc.dll
07:15:15.0202 0x0dd4  stisvc - ok
07:15:15.0261 0x0dd4  [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci        C:\Windows\system32\drivers\storahci.sys
07:15:15.0276 0x0dd4  storahci - ok
07:15:15.0323 0x0dd4  [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
07:15:15.0354 0x0dd4  storflt - ok
07:15:15.0403 0x0dd4  [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc         C:\Windows\system32\storsvc.dll
07:15:15.0479 0x0dd4  StorSvc - ok
07:15:15.0526 0x0dd4  [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc         C:\Windows\system32\drivers\storvsc.sys
07:15:15.0557 0x0dd4  storvsc - ok
07:15:15.0612 0x0dd4  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc           C:\Windows\system32\svsvc.dll
07:15:15.0654 0x0dd4  svsvc - ok
07:15:15.0687 0x0dd4  [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum          C:\Windows\System32\drivers\swenum.sys
07:15:15.0718 0x0dd4  swenum - ok
07:15:15.0793 0x0dd4  [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv           C:\Windows\System32\swprv.dll
07:15:15.0893 0x0dd4  swprv - ok
07:15:15.0973 0x0dd4  [ 0F34FE968C91D02CE30D76C257F2BDA0, 4BD7BD9B94C14D14214910EF83D5F7B62081D02F9EE80E2FC6103D385482A605 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
07:15:16.0060 0x0dd4  SynTP - ok
07:15:16.0171 0x0dd4  [ DC695DCF6C9A4A2B23C2FA284BBF19F8, 0D0357874CCC3AA9E76340ACFDB8FCF79DD79A3B333CC36A836B40ECFC61E4A1 ] SysMain         C:\Windows\system32\sysmain.dll
07:15:16.0340 0x0dd4  SysMain - ok
07:15:16.0412 0x0dd4  [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
07:15:16.0525 0x0dd4  SystemEventsBroker - ok
07:15:16.0567 0x0dd4  [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\Windows\System32\TabSvc.dll
07:15:16.0682 0x0dd4  TabletInputService - ok
07:15:16.0730 0x0dd4  [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv         C:\Windows\System32\tapisrv.dll
07:15:16.0805 0x0dd4  TapiSrv - ok
07:15:17.0081 0x0dd4  [ 2AE9136724568DB4F08BC04F131CFC54, 11AA017AE39D0A63233D01A8AE33FD53D5302683E037D29B73366D6233764080 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
07:15:17.0353 0x0dd4  Tcpip - ok
07:15:17.0503 0x0dd4  [ 2AE9136724568DB4F08BC04F131CFC54, 11AA017AE39D0A63233D01A8AE33FD53D5302683E037D29B73366D6233764080 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
07:15:17.0662 0x0dd4  TCPIP6 - ok
07:15:17.0700 0x0dd4  [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:15:17.0731 0x0dd4  tcpipreg - ok
07:15:17.0799 0x0dd4  [ 217AEE5DAE1BEF81A1E9A184C4C0BF6A, E554EBE85EE27186C1BD3005E757F356D76574EAFD3E5E03A490C9B8DF19F21A ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
07:15:17.0826 0x0dd4  tdx - ok
07:15:17.0859 0x0dd4  [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
07:15:17.0876 0x0dd4  terminpt - ok
07:15:17.0970 0x0dd4  [ 2B3D2FDF50EDABEBE0A9E6F741C81858, F0C3A1DC968C5D28EF68BE4352577B4F8D4B4FB6274268DCCCD8A5C132DEC2F9 ] TermService     C:\Windows\System32\termsrv.dll
07:15:18.0098 0x0dd4  TermService - ok
07:15:18.0130 0x0dd4  [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes          C:\Windows\system32\themeservice.dll
07:15:18.0197 0x0dd4  Themes - ok
07:15:18.0245 0x0dd4  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER     C:\Windows\system32\mmcss.dll
07:15:18.0273 0x0dd4  THREADORDER - ok
07:15:18.0322 0x0dd4  [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
07:15:18.0359 0x0dd4  TimeBroker - ok
07:15:18.0445 0x0dd4  [ E94F7A7B48C7638D1F3F8089344C97B7, 276CDE59614D563A52529BCC4BFC726E5F5BE131C9C4142558A644D79328C810 ] TPM             C:\Windows\system32\drivers\tpm.sys
07:15:18.0476 0x0dd4  TPM - ok
07:15:18.0492 0x0dd4  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks          C:\Windows\System32\trkwks.dll
07:15:18.0523 0x0dd4  TrkWks - ok
07:15:18.0628 0x0dd4  [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:15:18.0739 0x0dd4  TrustedInstaller - ok
07:15:18.0793 0x0dd4  [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
07:15:18.0843 0x0dd4  TsUsbFlt - ok
07:15:18.0891 0x0dd4  [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
07:15:18.0938 0x0dd4  TsUsbGD - ok
07:15:18.0995 0x0dd4  [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:15:19.0082 0x0dd4  tunnel - ok
07:15:19.0122 0x0dd4  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
07:15:19.0160 0x0dd4  uagp35 - ok
07:15:19.0205 0x0dd4  [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
07:15:19.0312 0x0dd4  UASPStor - ok
07:15:19.0390 0x0dd4  [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
07:15:19.0427 0x0dd4  UCX01000 - ok
07:15:19.0492 0x0dd4  [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:15:19.0603 0x0dd4  udfs - ok
07:15:19.0662 0x0dd4  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
07:15:19.0693 0x0dd4  UI0Detect - ok
07:15:19.0747 0x0dd4  [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:15:19.0778 0x0dd4  uliagpkx - ok
07:15:19.0814 0x0dd4  [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus           C:\Windows\System32\drivers\umbus.sys
07:15:19.0859 0x0dd4  umbus - ok
07:15:19.0919 0x0dd4  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass          C:\Windows\System32\drivers\umpass.sys
07:15:19.0929 0x0dd4  UmPass - ok
07:15:19.0976 0x0dd4  [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService    C:\Windows\System32\umrdp.dll
07:15:20.0064 0x0dd4  UmRdpService - ok
07:15:20.0142 0x0dd4  [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost        C:\Windows\System32\upnphost.dll
07:15:20.0234 0x0dd4  upnphost - ok
07:15:20.0299 0x0dd4  [ E4EB7DD07EECA792A2982CE4622BE04B, 88618CB6F788831F83C12B0E0DE59BC675AE09E537E096488A358B4564D98D2C ] usbbus          C:\Windows\System32\drivers\lgx64bus.sys
07:15:20.0422 0x0dd4  usbbus - ok
07:15:20.0477 0x0dd4  [ C976C4306F9AE133D6BBD47FDFC3BF92, 820413D92D6A89055A7F26523BF5CC4B668610C4A06E8B0D163FBF929B1DFA9A ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
07:15:20.0555 0x0dd4  usbccgp - ok
07:15:20.0613 0x0dd4  [ 427B6DB8C05A5A977E8C3525370A2595, C67222CA9123AE12D953995326B3B582C146CEA89594B7209DB0B1F628A0118D ] usbcir          C:\Windows\System32\drivers\usbcir.sys
07:15:20.0661 0x0dd4  usbcir - ok
07:15:20.0707 0x0dd4  [ B4074DD520E0E66BD122D510EBF94468, 52EE3D6332273F8B4B4BE5EC9E57BEFE9B09E311FC50B33CCB9A02C2D3E6F3A3 ] UsbDiag         C:\Windows\system32\DRIVERS\lgx64diag.sys
07:15:20.0723 0x0dd4  UsbDiag - ok
07:15:20.0759 0x0dd4  [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
07:15:20.0801 0x0dd4  usbehci - ok
07:15:20.0839 0x0dd4  [ 4875DC63E548812C75D4FDEF84970C89, 6A29306BAB6F95F0384E16533A9588A654A6E3CFC35D55A4CEB2B14EF34EEE19 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
07:15:20.0859 0x0dd4  usbfilter - ok
07:15:20.0925 0x0dd4  [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] usbhub          C:\Windows\System32\drivers\usbhub.sys
07:15:21.0015 0x0dd4  usbhub - ok
07:15:21.0106 0x0dd4  [ FAAB461D5AEB21EE5FC5C0DBD6648223, 187EB7AC6CDE39621C587EB1551DBC358DE2BC7C8A4265DB817C9D6F5ADE54A3 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
07:15:21.0175 0x0dd4  USBHUB3 - ok
07:15:21.0213 0x0dd4  [ 52870DDCF2AD4F8C451BA1C0CF3BF838, 25E989B61A8836D6EA8B72FF5C0BE464E5A6322E1AAA0AAECE95FA731C272C65 ] USBModem        C:\Windows\system32\DRIVERS\lgx64modem.sys
07:15:21.0269 0x0dd4  USBModem - ok
07:15:21.0377 0x0dd4  [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci         C:\Windows\System32\drivers\usbohci.sys
07:15:21.0410 0x0dd4  usbohci - ok
07:15:21.0458 0x0dd4  [ 9FDBA6982582A6F2354144980F641E7B, 054A65412CB22C5BE970FD3A266E140110D869B614B9F9894628D553CE82C991 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
07:15:21.0599 0x0dd4  usbprint - ok
07:15:21.0657 0x0dd4  [ AD91D1BBE5D3CF4501887DC1C09384FD, ED9E27CD1D52401087427EC20E389FBE2497193483C2E53E8DE5D70DACF5D928 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
07:15:21.0751 0x0dd4  usbscan - ok
07:15:21.0810 0x0dd4  [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
07:15:21.0845 0x0dd4  USBSTOR - ok
07:15:21.0893 0x0dd4  [ 1ABF657259DB57F7E5558E4DF1357C0C, 34EAF5DEA3293CFA96BA81B036305FD90ABAE05B9CB73D4F54FB236448C1978C ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
07:15:21.0955 0x0dd4  usbuhci - ok
07:15:22.0093 0x0dd4  [ 9EF7C01D3ACCBC243B5CB1A95865B2FF, 367A7640B4992E68EB3E1BBD78D3014742F4CC4056750E389048C653251DAD33 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
07:15:22.0176 0x0dd4  usbvideo - ok
07:15:22.0276 0x0dd4  [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
07:15:22.0349 0x0dd4  USBXHCI - ok
07:15:22.0412 0x0dd4  [ 9AD9560606A3049CE492E3A06FB12716, D154976648BC3F6B3E3B8E055ECF18C6BE93359B3F679D9BFC5430E4746CB52E ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
07:15:22.0490 0x0dd4  usb_rndisx - ok
07:15:22.0559 0x0dd4  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] VaultSvc        C:\Windows\system32\lsass.exe
07:15:22.0584 0x0dd4  VaultSvc - ok
07:15:22.0612 0x0dd4  [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
07:15:22.0643 0x0dd4  vdrvroot - ok
07:15:22.0728 0x0dd4  [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds             C:\Windows\System32\vds.exe
07:15:22.0903 0x0dd4  vds - ok
07:15:22.0930 0x0dd4  [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
07:15:22.0965 0x0dd4  VerifierExt - ok
07:15:23.0028 0x0dd4  [ D4051AA2ACD38AABF9DEC24B8A331EB1, 377D5DD98E4E09F3CCC330852F9FD9E4CC2069AE1A1C1AFBC90002FE3101708B ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
07:15:23.0119 0x0dd4  vhdmp - ok
07:15:23.0162 0x0dd4  [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide          C:\Windows\system32\drivers\viaide.sys
07:15:23.0178 0x0dd4  viaide - ok
07:15:23.0209 0x0dd4  [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
07:15:23.0250 0x0dd4  vmbus - ok
07:15:23.0278 0x0dd4  [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
07:15:23.0358 0x0dd4  VMBusHID - ok
07:15:23.0435 0x0dd4  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
07:15:23.0482 0x0dd4  vmicheartbeat - ok
07:15:23.0495 0x0dd4  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\Windows\System32\ICSvc.dll
07:15:23.0541 0x0dd4  vmickvpexchange - ok
07:15:23.0573 0x0dd4  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv         C:\Windows\System32\ICSvc.dll
07:15:23.0638 0x0dd4  vmicrdv - ok
07:15:23.0663 0x0dd4  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown    C:\Windows\System32\ICSvc.dll
07:15:23.0694 0x0dd4  vmicshutdown - ok
07:15:23.0726 0x0dd4  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync    C:\Windows\System32\ICSvc.dll
07:15:23.0779 0x0dd4  vmictimesync - ok
07:15:23.0806 0x0dd4  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss         C:\Windows\System32\ICSvc.dll
07:15:23.0841 0x0dd4  vmicvss - ok
07:15:23.0862 0x0dd4  [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:15:23.0893 0x0dd4  volmgr - ok
07:15:23.0924 0x0dd4  [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
07:15:23.0975 0x0dd4  volmgrx - ok
07:15:24.0027 0x0dd4  [ AA37946941ED3805AB3A924965907147, 11BD8FA585F193EED050458E93679D730FC2C09D19237DA40B0190132D328CB2 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
07:15:24.0074 0x0dd4  volsnap - ok
07:15:24.0090 0x0dd4  [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci            C:\Windows\System32\drivers\vpci.sys
07:15:24.0128 0x0dd4  vpci - ok
07:15:24.0156 0x0dd4  [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
07:15:24.0186 0x0dd4  vsmraid - ok
07:15:24.0310 0x0dd4  [ FE37051171F3B90B18037FDBAC5B9D76, F220D71512E059F298F3CD958D69BE7225A8E8D492387347E75A0E615159782A ] VSS             C:\Windows\system32\vssvc.exe
07:15:24.0426 0x0dd4  VSS - ok
07:15:24.0481 0x0dd4  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
07:15:24.0511 0x0dd4  VSTXRAID - ok
07:15:24.0557 0x0dd4  [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
07:15:24.0592 0x0dd4  vwifibus - ok
07:15:24.0610 0x0dd4  [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
07:15:24.0674 0x0dd4  vwififlt - ok
07:15:24.0704 0x0dd4  [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
07:15:24.0806 0x0dd4  vwifimp - ok
07:15:24.0871 0x0dd4  [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time         C:\Windows\system32\w32time.dll
07:15:24.0943 0x0dd4  W32Time - ok
07:15:24.0979 0x0dd4  [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
07:15:25.0026 0x0dd4  WacomPen - ok
07:15:25.0112 0x0dd4  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
07:15:25.0209 0x0dd4  Wanarp - ok
07:15:25.0209 0x0dd4  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:15:25.0240 0x0dd4  Wanarpv6 - ok
07:15:25.0365 0x0dd4  [ 901CC968412F8155B08D7ABE0171166A, D05A8E3D4D159546394E902C618D0583FE497B51C8F1C86D8E3B9E046819DD53 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
07:15:25.0480 0x0dd4  WAS - ok
07:15:25.0613 0x0dd4  [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine        C:\Windows\system32\wbengine.exe
07:15:25.0795 0x0dd4  wbengine - ok
07:15:25.0853 0x0dd4  [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
07:15:25.0913 0x0dd4  WbioSrvc - ok
07:15:25.0998 0x0dd4  [ F43314B83101DEBF7D7CCD42493CFC60, F4B70372559F2FD9A74FB87422EC6EF024F925AE4D838473E04E6B48AB7255AF ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
07:15:26.0111 0x0dd4  Wcmsvc - ok
07:15:26.0187 0x0dd4  [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
07:15:26.0279 0x0dd4  wcncsvc - ok
07:15:26.0325 0x0dd4  [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:15:26.0427 0x0dd4  WcsPlugInService - ok
07:15:26.0488 0x0dd4  [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd              C:\Windows\system32\drivers\wd.sys
07:15:26.0511 0x0dd4  Wd - ok
07:15:26.0558 0x0dd4  [ 413935CA0DB07EB40002B4384187821F, 223B26B233B308CA311E970EBF6E159268EB93D61DD0D863CE11A7F54D746A18 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
07:15:26.0588 0x0dd4  WdBoot - ok
07:15:26.0641 0x0dd4  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\System32\drivers\wdcsam64.sys
07:15:26.0672 0x0dd4  WDC_SAM - ok
07:15:26.0749 0x0dd4  [ 334E5ED94D3FAFF3C44F4D36B1FE1C90, 3B409603754E74077CEE09125D691BE75DA2A6220EF744446E388BF89FD9313B ] WDDMService     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
07:15:26.0764 0x0dd4  WDDMService - detected UnsignedFile.Multi.Generic ( 1 )
07:15:29.0116 0x0dd4  Detect skipped due to KSN trusted
07:15:29.0116 0x0dd4  WDDMService - ok
07:15:29.0279 0x0dd4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:15:29.0372 0x0dd4  Wdf01000 - ok
07:15:29.0467 0x0dd4  [ 4E69BE2A5DB2B01B3D6F6A07C62953B2, D2C9FCE14EF4E333101623D8C2E27A292880FB8F2F7EDFC6481E6E88E2C7A845 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
07:15:29.0495 0x0dd4  WdFilter - ok
07:15:29.0541 0x0dd4  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:15:29.0674 0x0dd4  WdiServiceHost - ok
07:15:29.0679 0x0dd4  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost   C:\Windows\system32\wdi.dll
07:15:29.0726 0x0dd4  WdiSystemHost - ok
07:15:29.0841 0x0dd4  [ 138AB06ADBBF300AA804D7974A5AEC82, 61A99CB8176C291E858F9D964A9B2EC36970F3BFFF3D5F933A16E9B28BF922DD ] WDSmartWareBackgroundService C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
07:15:29.0961 0x0dd4  WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic ( 1 )
07:15:32.0341 0x0dd4  Detect skipped due to KSN trusted
07:15:32.0341 0x0dd4  WDSmartWareBackgroundService - ok
07:15:32.0409 0x0dd4  [ E8CC1297B90D9DB8288200EB29A96021, CE097E703D1C41A84F582F9FE356A9EF0DAB4705A1209649E5A4772FC9553116 ] WebClient       C:\Windows\System32\webclnt.dll
07:15:32.0496 0x0dd4  WebClient - ok
07:15:32.0579 0x0dd4  [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:15:32.0640 0x0dd4  Wecsvc - ok
07:15:32.0688 0x0dd4  [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
07:15:32.0800 0x0dd4  wercplsupport - ok
07:15:32.0841 0x0dd4  [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc          C:\Windows\System32\WerSvc.dll
07:15:32.0908 0x0dd4  WerSvc - ok
07:15:32.0955 0x0dd4  [ 8FDA12E934C7BB7CC317F90FC70DC4FC, AA0DA063BCE5692DFD46F0AAE07727B38D4AA87A9BAEBAFF137F9CAAF2808EC0 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
07:15:33.0070 0x0dd4  WFPLWFS - ok
07:15:33.0098 0x0dd4  [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc          C:\Windows\System32\wiarpc.dll
07:15:33.0145 0x0dd4  WiaRpc - ok
07:15:33.0186 0x0dd4  [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
07:15:33.0211 0x0dd4  WIMMount - ok
07:15:33.0242 0x0dd4  WinDefend - ok
07:15:33.0373 0x0dd4  [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
07:15:33.0473 0x0dd4  WinHttpAutoProxySvc - ok
07:15:33.0535 0x0dd4  [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
07:15:33.0596 0x0dd4  Winmgmt - ok
07:15:33.0826 0x0dd4  [ 89DA335401D956F2696E35A38817BE19, D5A8D5C0BE285564AB0DF1B4594FE612359C72BE3B64063C3460BB73AA34F413 ] WinRM           C:\Windows\system32\WsmSvc.dll
07:15:34.0078 0x0dd4  WinRM - ok
07:15:34.0166 0x0dd4  [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb          C:\Windows\System32\drivers\WinUsb.sys
07:15:34.0240 0x0dd4  WinUsb - ok
07:15:34.0288 0x0dd4  [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] WirelessButtonDriver C:\Windows\System32\drivers\WirelessButtonDriver64.sys
07:15:34.0296 0x0dd4  WirelessButtonDriver - ok
07:15:34.0441 0x0dd4  [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc         C:\Windows\System32\wlansvc.dll
07:15:34.0557 0x0dd4  WlanSvc - ok
07:15:34.0726 0x0dd4  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
07:15:35.0009 0x0dd4  wlidsvc - ok
07:15:35.0071 0x0dd4  [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
07:15:35.0096 0x0dd4  WmiAcpi - ok
07:15:35.0143 0x0dd4  [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:15:35.0198 0x0dd4  wmiApSrv - ok
07:15:35.0226 0x0dd4  WMPNetworkSvc - ok
07:15:35.0275 0x0dd4  [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
07:15:35.0340 0x0dd4  wpcfltr - ok
07:15:35.0386 0x0dd4  [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:15:35.0424 0x0dd4  WPCSvc - ok
07:15:35.0482 0x0dd4  [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:15:35.0526 0x0dd4  WPDBusEnum - ok
07:15:35.0575 0x0dd4  [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
07:15:35.0641 0x0dd4  WpdUpFltr - ok
07:15:35.0725 0x0dd4  [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
07:15:35.0804 0x0dd4  ws2ifsl - ok
07:15:35.0861 0x0dd4  [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc          C:\Windows\System32\wscsvc.dll
07:15:35.0909 0x0dd4  wscsvc - ok
07:15:35.0941 0x0dd4  [ 74EFDA0526862C3D8D01A776182798EA, 7C9AD6118CB344C63B60A8BA5FA8C85ADED30933821ABD1427857E826EFC2952 ] WSDPrintDevice  C:\Windows\System32\drivers\WSDPrint.sys
07:15:35.0986 0x0dd4  WSDPrintDevice - ok
07:15:35.0996 0x0dd4  WSearch - ok
07:15:36.0176 0x0dd4  [ D4D04839F3DFAF09D94BAB1016F7A297, 944A41D251F522EE87189C1D01CF7EEE2C70BF4353BA4005C44F03DB485F843F ] WSService       C:\Windows\System32\WSService.dll
07:15:36.0393 0x0dd4  WSService - ok
07:15:36.0679 0x0dd4  [ C5B45464B98F211FE58AEE62CFF21F05, A0AB6142F35707102B75C9C29A749C7EB12CB6F5E85E6BA67C5B961AF7EB3BE8 ] wuauserv        C:\Windows\system32\wuaueng.dll
07:15:36.0925 0x0dd4  wuauserv - ok
07:15:36.0984 0x0dd4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
07:15:37.0040 0x0dd4  WudfPf - ok
07:15:37.0109 0x0dd4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
07:15:37.0140 0x0dd4  WUDFRd - ok
07:15:37.0176 0x0dd4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFSensorLP    C:\Windows\system32\DRIVERS\WUDFRd.sys
07:15:37.0211 0x0dd4  WUDFSensorLP - ok
07:15:37.0242 0x0dd4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
07:15:37.0311 0x0dd4  wudfsvc - ok
07:15:37.0326 0x0dd4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
07:15:37.0370 0x0dd4  WUDFWpdFs - ok
07:15:37.0392 0x0dd4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp      C:\Windows\System32\drivers\WUDFRd.sys
07:15:37.0425 0x0dd4  WUDFWpdMtp - ok
07:15:37.0541 0x0dd4  [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc         C:\Windows\System32\wwansvc.dll
07:15:37.0670 0x0dd4  WwanSvc - ok
07:15:37.0708 0x0dd4  ================ Scan global ===============================
07:15:37.0808 0x0dd4  [ B31E908A78791A4B61DF39F4271CAF2F, 663F940E68A8C1839AD0133DEB13FCF9F45041EA0DCF9E91B67288CA0E0D3326 ] C:\Windows\system32\basesrv.dll
07:15:37.0887 0x0dd4  [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\Windows\system32\winsrv.dll
07:15:37.0946 0x0dd4  [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\Windows\system32\sxssrv.dll
07:15:38.0029 0x0dd4  [ 590A2B4198DD35AA42893BA04F66FD3F, BDD9609F43275E895AE3A685DF921B19F11E4D8617F7BD3D4BA21A230EB9A060 ] C:\Windows\system32\services.exe
07:15:38.0094 0x0dd4  [ Global ] - ok
07:15:38.0094 0x0dd4  ================ Scan MBR ==================================
07:15:38.0109 0x0dd4  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
07:15:38.0293 0x0dd4  \Device\Harddisk0\DR0 - ok
07:15:38.0295 0x0dd4  ================ Scan VBR ==================================
07:15:38.0327 0x0dd4  [ 58A5BA5FB193A83F4CBC094E62CE0BF7 ] \Device\Harddisk0\DR0\Partition1
07:15:38.0410 0x0dd4  \Device\Harddisk0\DR0\Partition1 - ok
07:15:38.0495 0x0dd4  [ 31EC1175CDA70740166DD81BB1EF2865 ] \Device\Harddisk0\DR0\Partition2
07:15:38.0541 0x0dd4  \Device\Harddisk0\DR0\Partition2 - ok
07:15:38.0572 0x0dd4  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
07:15:38.0572 0x0dd4  \Device\Harddisk0\DR0\Partition3 - ok
07:15:38.0582 0x0dd4  [ 1250AD3E313A367DB71A02AEFEED7FA7 ] \Device\Harddisk0\DR0\Partition4
07:15:38.0641 0x0dd4  \Device\Harddisk0\DR0\Partition4 - ok
07:15:38.0708 0x0dd4  [ 90575CC4934237804129B11C9634622B ] \Device\Harddisk0\DR0\Partition5
07:15:38.0723 0x0dd4  \Device\Harddisk0\DR0\Partition5 - ok
07:15:38.0723 0x0dd4  ================ Scan generic autorun ======================
07:15:38.0862 0x0dd4  [ 690051005AED736DA0F5DD40DA5937DB, FA3CD1CF50EFEE6AAFCAAC4D3FE6699ADB2BD7DCC497CA994AAABD8B45B157E0 ] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
07:15:38.0894 0x0dd4  Autodesk Sync - ok
07:15:38.0987 0x0dd4  [ 092E2BEB0FD18D670CE2BFA361FB89EE, 34847BCE1EE0A9950C215520A663549C0AB60160F578F81A9D18BD206BC4832C ] C:\Program Files\pcreg\service.exe
07:15:39.0004 0x0dd4  pcreg - ok
07:15:39.0125 0x0dd4  [ 210875E72C45D712120904128F357233, 4998BF27D28D4DDE79F9B06E0562E28A9D433DBFC0D3D4144A7A97EBF5110091 ] C:\Program Files\IDT\WDM\sttray64.exe
07:15:39.0311 0x0dd4  SysTrayApp - ok
07:15:39.0504 0x0dd4  [ 38161F642AA7A2882914DDB0E90FF41C, 76236F618A6646BFD286641543E068285B71169FBF44381BB7EE6396EA67EC24 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
07:15:39.0569 0x0dd4  StartCCC - ok
07:15:39.0725 0x0dd4  [ B7995C675014EEBE77A0BEB7AFCCFC08, 41D186C63273301CF0A1C1EE7B6EB0BB75A251DD441532C5CEB7A4095FB103CD ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
07:15:39.0759 0x0dd4  RemoteControl10 - ok
07:15:39.0909 0x0dd4  [ EBAE9EE13F51F38B57D616CF4A420682, E27969D5F0B796C2C8DA7C46680AB6C797A8F297B105477B71B4871F8F7B62FD ] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
07:15:39.0973 0x0dd4  HP Quick Launch - ok
07:15:40.0142 0x0dd4  [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
07:15:40.0170 0x0dd4  APSDaemon - ok
07:15:40.0211 0x0dd4  [ EBC0E8C0A4DDA2C32A7D5863462A321A, 2F410138DB66D0219254339F1F098E401CEDAA032596F1F67BC54F394256FC68 ] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
07:15:40.0242 0x0dd4  amd_dc_opt - detected UnsignedFile.Multi.Generic ( 1 )
07:15:42.0641 0x0dd4  Detect skipped due to KSN trusted
07:15:42.0641 0x0dd4  amd_dc_opt - ok
07:15:42.0679 0x0dd4  [ 092E2BEB0FD18D670CE2BFA361FB89EE, 34847BCE1EE0A9950C215520A663549C0AB60160F578F81A9D18BD206BC4832C ] C:\Program Files\pcreg\service.exe
07:15:42.0695 0x0dd4  pcreg - ok
07:15:42.0805 0x0dd4  [ D35AC3FFDBF9FAB743024FC88AA90056, FCF39545D3F9C21E444C5A9E02B33B809E5545F6886123D034C6AF35AD11C1EB ] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
07:15:42.0841 0x0dd4  CLVirtualDrive - ok
07:15:43.0210 0x0dd4  [ 4CDF90E852837C827C855F8E8E2C5FE2, 1918CE3A880E2067D52C538096DA2D35DFCA2D742E2ED370CF2DFE22840024FD ] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe
07:15:43.0441 0x0dd4  Intuit SyncManager - ok
07:15:43.0655 0x0dd4  [ A20FC661CEF156B60C4FD02717FAF863, AED47EAE1784513AF10B568B2CF425C953467FA4686C1520A421A58A6213D256 ] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
07:15:43.0785 0x0dd4  HTC Sync Loader - detected UnsignedFile.Multi.Generic ( 1 )
07:15:46.0163 0x0dd4  Detect skipped due to KSN trusted
07:15:46.0163 0x0dd4  HTC Sync Loader - ok
07:15:46.0254 0x0dd4  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
07:15:46.0295 0x0dd4  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
07:15:48.0693 0x0dd4  Detect skipped due to KSN trusted
07:15:48.0693 0x0dd4  QuickTime Task - ok
07:15:48.0786 0x0dd4  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
07:15:48.0803 0x0dd4  HP Software Update - ok
07:15:48.0878 0x0dd4  Akamai NetSession Interface - ok
07:15:49.0055 0x0dd4  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] C:\Users\J\AppData\Local\Google\Update\GoogleUpdate.exe
07:15:49.0086 0x0dd4  Google Update - ok
07:15:49.0208 0x0dd4  GoogleDriveSync - ok
07:15:49.0239 0x0dd4  [ 092E2BEB0FD18D670CE2BFA361FB89EE, 34847BCE1EE0A9950C215520A663549C0AB60160F578F81A9D18BD206BC4832C ] C:\Program Files\pcreg\service.exe
07:15:49.0273 0x0dd4  pcreg - ok
07:15:49.0283 0x0dd4  Power2GoExpress8 - ok
07:15:49.0326 0x0dd4  [ 2A3FB4C98F139038E23330D2439DB8A4, DE9253AD362B03FA5D3D4912662398E5C4AC76F7274B83E51C251A6921A5B838 ] C:\Users\J\AppData\Local\Facebook\Update\FacebookUpdate.exe
07:15:49.0362 0x0dd4  Facebook Update - ok
07:15:49.0441 0x0dd4  [ FC41BEFCD3AB244B6931B118C6FAC6E2, 8D40A17161C8F7A7BD8D397DB8F5FD23F19B7349F6C0AE151AF213388C4B5535 ] C:\Windows\System32\StikyNot.exe
07:15:49.0541 0x0dd4  RESTART_STICKY_NOTES - ok
07:15:49.0541 0x0dd4  Waiting for KSN requests completion. In queue: 3
07:15:50.0557 0x0dd4  Waiting for KSN requests completion. In queue: 3
07:15:51.0565 0x0dd4  Waiting for KSN requests completion. In queue: 3
07:15:52.0676 0x0dd4  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
07:15:52.0676 0x0dd4  AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmiav.exe ( 14.0.0.4651 ), 0x41000 ( enabled : updated )
07:15:52.0676 0x0dd4  FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmifw.exe ( 14.0.0.4651 ), 0x41010 ( enabled )
07:15:55.0152 0x0dd4  ============================================================
07:15:55.0152 0x0dd4  Scan finished
07:15:55.0152 0x0dd4  ============================================================
07:15:55.0187 0x0cdc  Detected object count: 2
07:15:55.0187 0x0cdc  Actual detected object count: 2
07:16:17.0318 0x0cdc  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
07:16:17.0318 0x0cdc  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:16:17.0349 0x0cdc  ShieldSoft ( UnsignedFile.Multi.Generic ) - skipped by user
07:16:17.0349 0x0cdc  ShieldSoft ( UnsignedFile.Multi.Generic ) - User select action: Skip 


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:24 AM

Posted 18 November 2015 - 11:22 AM

Hi there,

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 blondy71

blondy71
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 18 November 2015 - 06:49 PM

Combofix seemed to run without any problems, then it tried to restart the computer.  When shutting down, my computer said it was updating 1 of 1 update.  It stayed on the screen for over 2 hours so I had to turn the computer off manually.  But when I turned it back on, it seemed like Combofix continued okay because then it ran the log report.

 

 

ComboFix 15-11-17.01 - J 11/18/2015  15:53:13.1.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.7650.5505 [GMT -5:00]
Running from: c:\users\J\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
SP: Kaspersky Internet Security *Disabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6088C4A2-D1AC-46C7-95FD-00A8256A1449}.xps
c:\users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BFAEF011-19C3-457F-9533-AD8B5E0F1AC6}.xps
c:\users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\1280AccountantCenter.html
c:\users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\1384AccountantCenter.html
c:\users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\18276AccountantCenter.html
c:\users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\ac.css
c:\users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\ac.js
c:\users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\close_pop.png
c:\users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\jq.css
c:\users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\jquery.corner.js
c:\users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\jquery.min.js
c:\users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\qbw.css
c:\users\J\AppData\Local\TBHostSupport
c:\users\J\AppData\Local\TBHostSupport\TBHostSupport.dll
c:\users\J\AppData\Local\TBHostSupport\TBHostSupport_0.dll
c:\users\J\AppData\Local\Temp\_MEI62602\_ctypes.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\_elementtree.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\_hashlib.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\_multiprocessing.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\_psutil_windows.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\_socket.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\_ssl.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\_yappi.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\common.time34.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\hashobjs_ext.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\pyexpat.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\pysqlite2._sqlite.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\python27.dll
c:\users\J\AppData\Local\Temp\_MEI62602\pythoncom27.dll
c:\users\J\AppData\Local\Temp\_MEI62602\PyWinTypes27.dll
c:\users\J\AppData\Local\Temp\_MEI62602\select.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\unicodedata.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\usb_ext.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\win32api.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\win32com.shell.shell.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\win32crypt.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\win32event.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\win32file.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\win32gui.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\win32inet.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\win32pdh.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\win32pipe.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\win32process.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\win32profile.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\win32security.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\win32ts.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\windows._lib_cacheinvalidation.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\wx._animate.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\wx._controls_.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\wx._core_.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\wx._gdi_.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\wx._html2.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\wx._misc_.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\wx._windows_.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\wx._wizard.pyd
c:\users\J\AppData\Local\Temp\_MEI62602\wxbase30u_net_vc90.dll
c:\users\J\AppData\Local\Temp\_MEI62602\wxbase30u_vc90.dll
c:\users\J\AppData\Local\Temp\_MEI62602\wxmsw30u_adv_vc90.dll
c:\users\J\AppData\Local\Temp\_MEI62602\wxmsw30u_core_vc90.dll
c:\users\J\AppData\Local\Temp\_MEI62602\wxmsw30u_html_vc90.dll
c:\users\J\AppData\Local\Temp\_MEI62602\wxmsw30u_webview_vc90.dll
c:\users\J\AppData\Local\Temp\7zS23A4\HPSLPSVC64.DLL
c:\users\J\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_HPSLPSVC
-------\Service_HPSLPSVC
.
.
(((((((((((((((((((((((((   Files Created from 2015-10-18 to 2015-11-18  )))))))))))))))))))))))))))))))
.
.
2015-11-18 21:18 . 2015-11-18 21:18 -------- d-----w- c:\users\Kids\AppData\Local\temp
2015-11-17 20:19 . 2015-11-17 20:23 -------- d-----w- C:\FRST
2015-11-17 14:03 . 2015-11-03 00:20 809944 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-11-17 14:03 . 2015-11-03 00:20 176088 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-11-14 01:13 . 2015-11-14 01:13 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2015-11-13 16:29 . 2015-10-01 13:10 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-11-13 16:29 . 2015-10-01 13:09 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-11-13 13:13 . 2015-10-20 13:53 19283456 ----a-w- c:\windows\system32\mshtml.dll
2015-11-13 13:11 . 2015-10-20 15:01 525824 ----a-w- c:\windows\SysWow64\vbscript.dll
2015-11-13 13:11 . 2015-10-20 13:53 603136 ----a-w- c:\windows\system32\msfeeds.dll
2015-11-13 13:11 . 2015-10-20 13:53 3960832 ----a-w- c:\windows\system32\jscript9.dll
2015-11-13 13:11 . 2015-10-20 13:54 603648 ----a-w- c:\windows\system32\vbscript.dll
2015-11-13 13:09 . 2015-10-11 06:45 1160192 ----a-w- c:\windows\system32\IKEEXT.DLL
2015-11-13 13:09 . 2015-10-11 06:45 723968 ----a-w- c:\windows\system32\BFE.DLL
2015-11-13 13:09 . 2015-10-27 13:55 416256 ----a-w- c:\windows\system32\schannel.dll
2015-11-13 13:09 . 2015-10-27 14:46 320000 ----a-w- c:\windows\SysWow64\schannel.dll
2015-11-13 13:09 . 2015-10-27 14:46 73728 ----a-w- c:\windows\SysWow64\ncryptsslp.dll
2015-11-13 13:09 . 2015-10-27 13:54 89088 ----a-w- c:\windows\system32\ncryptsslp.dll
2015-11-13 13:09 . 2015-10-27 13:54 130560 ----a-w- c:\windows\system32\ncrypt.dll
2015-11-13 13:09 . 2015-09-23 13:10 377552 ----a-w- c:\windows\system32\bcryptprimitives.dll
2015-11-13 13:09 . 2015-09-23 13:10 332576 ----a-w- c:\windows\SysWow64\bcryptprimitives.dll
2015-11-13 13:09 . 2015-10-27 14:46 89088 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-11-13 13:06 . 2015-10-17 13:28 4063744 ----a-w- c:\windows\system32\win32k.sys
2015-11-13 13:06 . 2015-10-13 13:16 576512 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-13 13:06 . 2015-10-13 13:16 129024 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-11-13 03:33 . 2015-10-28 16:46 6970704 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-11-13 03:33 . 2015-10-28 14:37 830464 ----a-w- c:\windows\system32\kerberos.dll
2015-11-13 03:33 . 2015-10-28 14:59 668160 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-11-13 03:33 . 2015-10-28 14:59 171864 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-11-13 03:33 . 2015-09-23 13:10 570256 ----a-w- c:\windows\system32\drivers\cng.sys
2015-11-13 03:16 . 2015-11-13 03:16 -------- d-----w- c:\windows\SysWow64\Power2Go8
2015-11-02 14:03 . 2015-11-12 23:14 -------- d-----w- c:\users\J\AppData\Roaming\ShieldSoft
2015-10-20 23:03 . 2014-04-16 18:20 29888 ----a-w- c:\windows\system32\aspnet_counters.dll
2015-10-20 23:02 . 2014-04-16 18:20 28352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-13 15:31 . 2012-12-26 16:10 145617392 ----a-w- c:\windows\system32\MRT.exe
2015-10-27 14:45 . 2015-11-13 14:40 2362368 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-27 13:53 . 2015-11-13 14:40 276992 ----a-w- c:\windows\apppatch\apppatch64\AcGenral.dll
2015-10-01 23:55 . 2015-10-14 17:18 1043968 ----a-w- c:\windows\system32\usercpl.dll
2015-10-01 23:55 . 2015-10-14 17:18 588800 ----a-w- c:\windows\system32\SHCore.dll
2015-09-29 02:02 . 2015-10-14 17:18 961536 ----a-w- c:\windows\SysWow64\usercpl.dll
2015-09-29 02:02 . 2015-10-14 17:18 452608 ----a-w- c:\windows\SysWow64\SHCore.dll
2015-09-28 18:04 . 2014-10-02 11:21 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-09-22 17:53 . 2015-10-14 17:19 1405408 ----a-w- c:\windows\system32\winload.efi
2015-09-22 17:53 . 2015-10-14 17:19 1273184 ----a-w- c:\windows\system32\winload.exe
2015-09-18 15:09 . 2015-10-15 12:40 32432 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-09-18 13:30 . 2015-10-14 17:19 97280 ----a-w- c:\windows\system32\mshtmled.dll
2015-09-18 13:30 . 2015-10-15 12:40 699904 ----a-w- c:\windows\system32\invagent.dll
2015-09-18 13:30 . 2015-10-15 12:40 766464 ----a-w- c:\windows\system32\generaltel.dll
2015-09-18 13:30 . 2015-10-15 12:40 503296 ----a-w- c:\windows\system32\devinv.dll
2015-09-18 13:30 . 2015-10-15 12:40 1290752 ----a-w- c:\windows\system32\appraiser.dll
2015-09-18 13:30 . 2015-10-15 12:40 73216 ----a-w- c:\windows\system32\acmigration.dll
2015-09-18 13:10 . 2015-10-15 12:40 1163776 ----a-w- c:\windows\system32\aeinv.dll
2015-09-12 13:29 . 2015-09-22 19:57 148480 ----a-w- c:\windows\system32\poqexec.exe
2015-09-12 13:29 . 2015-09-22 19:57 122880 ----a-w- c:\windows\system32\VmHostAI.dll
2015-09-12 13:29 . 2015-09-22 19:57 144896 ----a-w- c:\windows\system32\tssdisai.dll
2015-09-12 13:29 . 2015-09-22 19:57 126976 ----a-w- c:\windows\system32\RDWebAI.dll
2015-09-12 13:29 . 2015-09-22 19:57 135680 ----a-w- c:\windows\system32\appserverai.dll
2015-09-02 13:49 . 2015-09-09 15:59 2341376 ----a-w- c:\windows\system32\msxml6.dll
2015-09-02 13:49 . 2015-09-09 15:59 1850880 ----a-w- c:\windows\system32\msxml3.dll
2015-09-02 13:48 . 2015-09-09 14:44 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 13:38 . 2015-09-09 15:59 1744384 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-09-02 13:38 . 2015-09-09 15:59 1422336 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-09-02 13:38 . 2015-09-09 14:44 35328 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-08-28 21:59 . 2015-09-09 14:44 304128 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-08-27 18:41 . 2015-09-09 14:44 366592 ----a-w- c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress8"="NA" [X]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-10-12 22568216]
"pcreg"="c:\program files\pcreg\service.exe" [2014-04-25 89816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-08 642216]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-09 580512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"pcreg"="c:\program files\pcreg\service.exe" [2014-04-25 89816]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-09-10 491632]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2014-06-26 3775800]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2013-09-03 659456]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2015-07-25 286272]
"RealDownloader"="c:\program files (x86)\RealNetworks\RealDownloader\downloader2.exe" [2015-06-17 608320]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-06-08 334896]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
.
c:\users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2015-10-13 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
CineForm Status.lnk - c:\program files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe [2013-9-5 144384]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2011-4-29 276328]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2014-6-26 6306104]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2014-12-10 1129288]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2014\QBW32.EXE -silent [2014-12-10 1215816]
RealTimes.lnk - c:\program files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe [2015-7-24 1132120]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe View=show_in_tray [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 klelam;klelam;c:\windows\system32\DRIVERS\klelam.sys;c:\windows\SYSNATIVE\DRIVERS\klelam.sys [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\System32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam64.sys;c:\windows\SYSNATIVE\drivers\wdcsam64.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\System32\drivers\WUDFRd.sys;c:\windows\SYSNATIVE\drivers\WUDFRd.sys [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
R4 pcregservice;pcregservice Service;c:\program files\pcreg\pcreg.exe;c:\program files\pcreg\pcreg.exe [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 klwfp;klwfp;c:\windows\system32\DRIVERS\klwfp.sys;c:\windows\SYSNATIVE\DRIVERS\klwfp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x]
S2 RealTimes Desktop Service;RealTimes Desktop Service;c:\program files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [x]
S2 ShieldSoft;ShieldSoft Protection;c:\users\J\AppData\Roaming\ShieldSoft\UI\bin\ShieldsoftService.exe;c:\users\J\AppData\Roaming\ShieldSoft\UI\bin\ShieldsoftService.exe [x]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ   apphostsvc
iissvcs REG_MULTI_SZ   w3svc was
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-11-13 12:50 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1962473557-1781975835-3520380482-1002Core.job
- c:\users\J\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-01 05:11]
.
2015-11-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1962473557-1781975835-3520380482-1002UA.job
- c:\users\J\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-01 05:11]
.
2015-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-17 23:38]
.
2015-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-17 23:38]
.
2015-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1962473557-1781975835-3520380482-1002Core.job
- c:\users\J\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-06 22:57]
.
2015-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1962473557-1781975835-3520380482-1002UA.job
- c:\users\J\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-06 22:57]
.
2015-11-17 c:\windows\Tasks\HPCeeScheduleForJ.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-10-12 16:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-10-12 16:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-10-12 16:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 415680]
"pcreg"="c:\program files\pcreg\service.exe" [2014-04-25 89816]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2014-06-13 1664000]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: bankofamerica.com
Trusted Zone: bankofamerica.com\cashproonline
Trusted Zone: bankofamerica.com\cporms
TCP: DhcpNameServer = 192.168.1.1
DPF: {B25AB9F1-B8A2-4072-8964-00C7EDF99750} - hxxps://transfer.dmv.gov/COM/MOVEitUploadWizard7.0.0.ocx
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\J\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk - c:\users\J\AppData\Local\Temp\{84B6B5C1-1EDF-4F5D-B080-CAF5AC955169}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe /remind /language=ENU /PRNM="RollerCoaster Tycoon 3"/PRMP="RCT3"/SKUN="PCXX"/GTYP="STRY"
AddRemove-PlusWinks - c:\program files (x86)\Smiley Bar for Facebook\uninst.exe
AddRemove-Speed Analysis 2 - c:\program files (x86)\Speed Analysis 2\uninst.exe
AddRemove-{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App - c:\program files (x86)\WildTangent Games\App\Uninstall.exe
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
AddRemove-HPConnectedMusic - c:\users\J\AppData\Local\HPConnectedMusic\Application\100100025\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\users\J\AppData\Roaming\ShieldSoft\UI\bin\shieldsoft.exe
c:\users\J\AppData\Roaming\ShieldSoft\UI\bin\shieldui.exe
c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2015-11-18  17:52:17 - machine was rebooted
ComboFix-quarantined-files.txt  2015-11-18 22:52
.
Pre-Run: 541,499,559,936 bytes free
Post-Run: 546,875,400,192 bytes free
.
- - End Of File - - F9D133B7086BB5B6B3A79146F9B7441A
5FB38429D5D77768867C76DCBDB35194


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:24 AM

Posted 18 November 2015 - 06:54 PM

Ok, here are the next steps for you:

Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    VideoPerformer
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
Step 3

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif


Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 blondy71

blondy71
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 19 November 2015 - 11:24 AM

# AdwCleaner v5.021 - Logfile created 19/11/2015 at 05:35:11
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.1 [Local]
# Operating system : Windows 8  (x64)
# Username : J - MOMHPLAPTOP
# Running from : C:\Users\J\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : pcregservice
[-] Service Deleted : ShieldSoft
 
***** [ Folders ] *****
 
[#] Folder Deleted : C:\Program Files\pcreg
[-] Folder Deleted : C:\Users\J\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\J\AppData\Local\NativeMessaging
[-] Folder Deleted : C:\Users\J\AppData\Local\WhiteListing
[-] Folder Deleted : C:\Users\J\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\J\AppData\LocalLow\PriceGong
[-] Folder Deleted : C:\Users\J\AppData\Roaming\PerformerSoft
[-] Folder Deleted : C:\Users\J\AppData\Roaming\pluswinks
[-] Folder Deleted : C:\Users\J\AppData\Roaming\SpeedAnalysis2
[-] Folder Deleted : C:\Users\J\AppData\Roaming\download Manager
[-] Folder Deleted : C:\Users\J\AppData\Roaming\ShieldSoft
[-] Folder Deleted : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf
[-] Folder Deleted : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog
[-] Folder Deleted : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi
[!] Folder Not Deleted : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi
[#] Folder Deleted : C:\Windows\SysNative\Tasks\pcreg
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\J\AppData\Roaming\speedanalysis.ico
[-] File Deleted : C:\Windows\SysNative\roboot64.exe
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : pcreg
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [pcreg]
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [pcreg]
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279411
[-] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [pluswinks@PlusWinks]
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [pluswinks@PlusWinks]
[-] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mocblcnaofikinigmceddfghppkkjbog
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi
[!] Key Not Deleted : HKCU\Software\Google\Chrome\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi
[!] Key Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\filescout
[-] Key Deleted : HKCU\Software\performersoft llc
[-] Key Deleted : HKCU\Software\usyndication.com
[-] Key Deleted : HKCU\Software\USyndication
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[-] Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Speed Analysis 2
[-] Key Deleted : HKU\.DEFAULT\Software\IBUpdaterService
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8E48961F-6BA1-4379-9CCC-6E55A1648C8D}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.ask.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4862 bytes] ##########
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/19/2015
Scan Time: 5:55 AM
Logfile: Malwarebytes scan log.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.19.02
Rootkit Database: v2015.11.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: J
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 422100
Time Elapsed: 1 hr, 6 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 3
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT3279411, Quarantined, [2eb0007f1972e2540e3eb8a30ff418e8], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT3279411, Quarantined, [b32b324d2f5cfb3b2824a4b7ad5652ae], 
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\nmhostct3279411, Quarantined, [6b7319661972979f57f0434c8b77669a], 
 
Registry Values: 4
PUP.Optional.SearchSafer, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|pcreg, C:\Program Files\pcreg\service.exe, Quarantined, [6c7256293556b87ec1838a869b69a65a]
PUP.Optional.SearchSafer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|pcreg, C:\Program Files\pcreg\service.exe, Quarantined, [6c7256293556b87ec1838a869b69a65a]
PUP.Optional.SearchSafer, HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|pcreg, C:\Program Files\pcreg\service.exe, Quarantined, [6c7256293556b87ec1838a869b69a65a]
PUM.Optional.LowRiskFileTypes, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.log;, Quarantined, [23bb9fe0c3c881b51b701eb523e02cd4]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 6
PUP.Optional.ConduitTB.Gen, C:\Users\J\AppData\Local\CRE, Quarantined, [efef710e4645ca6c427ddcb37a88e61a], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\mz, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\skin, Quarantined, [efef710eabe02313efa598e729d922de], 
 
Files: 32
PUP.Optional.SearchSafer, C:\Program Files\pcreg\service.exe, Quarantined, [6c7256293556b87ec1838a869b69a65a], 
PUP.Optional.SearchSafer, C:\Temp\a.exe, Quarantined, [a33b7a05dcaff24428076ac2778d7090], 
PUP.Optional.SearchSafer, C:\Temp\protect.exe, Quarantined, [f5e9d7a86625a59140ef60cc659f6c94], 
PUP.Optional.Conduit, C:\Temp\sp-downloader.exe, Quarantined, [be20a9d61a71d165f746b175649df20e], 
PUP.Optional.SearchSafer, C:\Temp\white.exe, Quarantined, [a23c93ec5338280e32fdcc6035cfc739], 
PUP.Optional.PCPerformer, C:\Windows\System32\roboot64.exe, Quarantined, [cf0f2857ccbfdb5b3e9767c69e62966a], 
PUP.Optional.Ilivid, C:\Users\J\Downloads\iLividSetup-r1779-n-bc.exe, Quarantined, [439b136ce4a7300667196d5df30d669a], 
PUP.Optional.ConduitTB.Gen, C:\Users\J\AppData\Local\CRE\ggamifejnddpoocdmadhjdbgaijnphdi.crx, Quarantined, [efef710e4645ca6c427ddcb37a88e61a], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome.manifest, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\install.rdf, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\background.html, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\bg.js, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\button.xml, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\config.js, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\content.js, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\framework.js, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\framework.xul, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon128.png, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon16.png, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon18.ico, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon18.png, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon24.ico, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon24.png, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon32.ico, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon32.png, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon48.png, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\jquery-1.6.2.min.js, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\options.xul, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\settings.json, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\mz\background.js, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\mz\content.js, Quarantined, [efef710eabe02313efa598e729d922de], 
PUP.Optional.SpeedAnalysis, C:\Users\J\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\skin\framework.css, Quarantined, [efef710eabe02313efa598e729d922de], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 11/19/2015 5:54 AM, SYSTEM, MOMHPLAPTOP, Protection, Malware Protection, Starting, 
Protection, 11/19/2015 5:54 AM, SYSTEM, MOMHPLAPTOP, Protection, Malware Protection, Started, 
Protection, 11/19/2015 5:54 AM, SYSTEM, MOMHPLAPTOP, Protection, Malicious Website Protection, Starting, 
Protection, 11/19/2015 5:54 AM, SYSTEM, MOMHPLAPTOP, Protection, Malicious Website Protection, Started, 
Update, 11/19/2015 5:54 AM, SYSTEM, MOMHPLAPTOP, Manual, Rootkit Database, 2015.9.18.1, 2015.11.14.1, 
Update, 11/19/2015 5:54 AM, SYSTEM, MOMHPLAPTOP, Manual, Remediation Database, 2015.9.16.1, 2015.11.18.1, 
Update, 11/19/2015 5:54 AM, SYSTEM, MOMHPLAPTOP, Manual, IP Database, 2015.9.21.2, 2015.11.18.1, 
Update, 11/19/2015 5:54 AM, SYSTEM, MOMHPLAPTOP, Manual, Domain Database, 2015.9.22.3, 2015.11.18.6, 
Update, 11/19/2015 5:54 AM, SYSTEM, MOMHPLAPTOP, Manual, Malware Database, 2015.9.22.5, 2015.11.19.2, 
Protection, 11/19/2015 5:54 AM, SYSTEM, MOMHPLAPTOP, Protection, Refresh, Starting, 
Protection, 11/19/2015 5:54 AM, SYSTEM, MOMHPLAPTOP, Protection, Malicious Website Protection, Stopping, 
Protection, 11/19/2015 5:54 AM, SYSTEM, MOMHPLAPTOP, Protection, Malicious Website Protection, Stopped, 
Protection, 11/19/2015 5:54 AM, SYSTEM, MOMHPLAPTOP, Protection, Refresh, Success, 
Protection, 11/19/2015 5:54 AM, SYSTEM, MOMHPLAPTOP, Protection, Malicious Website Protection, Starting, 
Protection, 11/19/2015 5:54 AM, SYSTEM, MOMHPLAPTOP, Protection, Malicious Website Protection, Started, 
Scan, 11/19/2015 7:18 AM, SYSTEM, MOMHPLAPTOP, Manual, Start:11/19/2015 5:55 AM, Duration:1 hr 6 min 49 sec, Threat Scan, Completed, 0 Malware Detections, 45 Non-Malware Detections, 
Protection, 11/19/2015 8:00 AM, SYSTEM, MOMHPLAPTOP, Protection, Malware Protection, Starting, 
Protection, 11/19/2015 8:00 AM, SYSTEM, MOMHPLAPTOP, Protection, Malware Protection, Started, 
Protection, 11/19/2015 8:00 AM, SYSTEM, MOMHPLAPTOP, Protection, Malicious Website Protection, Starting, 
Protection, 11/19/2015 8:01 AM, SYSTEM, MOMHPLAPTOP, Protection, Malicious Website Protection, Started, 
Update, 11/19/2015 9:04 AM, SYSTEM, MOMHPLAPTOP, Scheduler, Malware Database, 2015.11.19.2, 2015.11.19.3, 
Protection, 11/19/2015 9:04 AM, SYSTEM, MOMHPLAPTOP, Protection, Refresh, Starting, 
Protection, 11/19/2015 9:04 AM, SYSTEM, MOMHPLAPTOP, Protection, Malicious Website Protection, Stopping, 
Protection, 11/19/2015 9:04 AM, SYSTEM, MOMHPLAPTOP, Protection, Malicious Website Protection, Stopped, 
Protection, 11/19/2015 9:04 AM, SYSTEM, MOMHPLAPTOP, Protection, Refresh, Success, 
Protection, 11/19/2015 9:04 AM, SYSTEM, MOMHPLAPTOP, Protection, Malicious Website Protection, Starting, 
Protection, 11/19/2015 9:04 AM, SYSTEM, MOMHPLAPTOP, Protection, Malicious Website Protection, Started, 
 
(end)
 
 
 


#8 blondy71

blondy71
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 19 November 2015 - 12:03 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-11-2015
Ran by J (administrator) on MOMHPLAPTOP (19-11-2015 11:28:57)
Running from C:\Users\J\Desktop
Loaded Profiles: J (Available Profiles: J & Kids)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
( ) C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2014-06-13] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-11-03] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [659456 2013-09-03] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [286272 2015-07-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [608320 2015-06-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2014-01-01]
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-02-11]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-09-10]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-09-10]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-09-10]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-07-24]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2014-01-01]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2014-01-01]
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
Startup: C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-12-22]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 
Tcpip\..\Interfaces\{21B2E6A3-3F52-4D37-AA1F-A4CFC45367B2}: [DhcpNameServer] 
Tcpip\..\Interfaces\{383BED90-6F5D-49B8-B884-4CBECFBD58C4}: [DhcpNameServer] 
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {3EA88E10-3D41-4311-9F65-D4270DB7172B} URL = hxxp://www.amazon.com={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {8E48961F-6BA1-4379-9CCC-6E55A1648C8D} URL = 
SearchScopes: HKLM-x32 -> {3EA88E10-3D41-4311-9F65-D4270DB7172B} URL = hxxp://www.amazon.com={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover={searchTerms}
SearchScopes: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = 
SearchScopes: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002 -> {3EA88E10-3D41-4311-9F65-D4270DB7172B} URL = hxxp://www.amazon.com={searchTerms}
SearchScopes: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = 
SearchScopes: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-06-17] (RealDownloader)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-03-26] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-03-26] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-03-26] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-06-17] (RealDownloader)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-03-26] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-09-28] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-03-26] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-09-28] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-03-26] (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
DPF: HKLM-x32 {B25AB9F1-B8A2-4072-8964-00C7EDF99750} hxxps://transfer.dmv.gov/COM/MOVEitUploadWizard7.0.0.ocx
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2015-11-04] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2012-06-02] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn64.dll [2011-12-01] (Musicnotes, Inc.)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-09-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-09-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files (x86)\Musicnotes\npmusicn.dll [2011-12-01] (Musicnotes, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=18.0.1.9 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-07-24] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.0.1.9 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-07-24] (RealTimes)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [No File]
FF Plugin HKU\S-1-5-21-1962473557-1781975835-3520380482-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\J\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1962473557-1781975835-3520380482-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\J\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1962473557-1781975835-3520380482-1002: @talk.google.com/O1DPlugin -> C:\Users\J\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1962473557-1781975835-3520380482-1002: @tools.google.com/Google Update;version=3 -> C:\Users\J\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1962473557-1781975835-3520380482-1002: @tools.google.com/Google Update;version=9 -> C:\Users\J\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\J\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\J\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-12-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-12-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-12-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-12-17] [not signed]
 
Chrome: 
=======
CHR DefaultSearchURL: Profile 3 -> hxxp://www.swagbucks.com/?f=55&t=w&p=1&q={searchTerms}
CHR DefaultSearchKeyword: Profile 3 -> search.swagbucks.com
CHR Profile: C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-12]
CHR Extension: (Google Drive) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (Kaspersky Protection) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-06-12]
CHR Extension: (YouTube) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (Google Search) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-06-12]
CHR Extension: (Speed Analysis 2) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf [2014-06-12] [UpdateUrl: hxxps://srv.mzcdn.com/addons/speedanalysis02/update.chrome.xml] <==== ATTENTION
CHR Extension: (appbario12) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi [2014-09-15] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3279411&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Google Docs Offline) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (Smiley Bar for Facebook) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mocblcnaofikinigmceddfghppkkjbog [2014-06-12] [UpdateUrl: hxxps://srv.mzcdn.com/addons/pluswinks/update.chrome.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-13]
CHR Extension: (Gmail) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-12]
CHR Extension: (Anti-Banner) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-06-12]
CHR Profile: C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 10
CHR Extension: (Google Slides) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google Docs) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Kaspersky Protection) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-01-21]
CHR Extension: (YouTube) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-01-21]
CHR Extension: (Speed Analysis 2) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf [2015-01-21] [UpdateUrl: hxxps://srv.mzcdn.com/addons/speedanalysis02/update.chrome.xml] <==== ATTENTION
CHR Extension: (Google Sheets) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (appbario12) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi [2015-02-05] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3279411&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Google Docs Offline) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-21]
CHR Extension: (Smiley Bar for Facebook) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\mocblcnaofikinigmceddfghppkkjbog [2015-01-21] [UpdateUrl: hxxps://srv.mzcdn.com/addons/pluswinks/update.chrome.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-04]
CHR Extension: (Gmail) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Anti-Banner) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-01-21]
CHR Profile: C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11
CHR Extension: (Google Slides) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-06]
CHR Extension: (Google Docs) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-06]
CHR Extension: (Google Drive) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-26]
CHR Extension: (Kaspersky Protection) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-07-06]
CHR Extension: (YouTube) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-06]
CHR Extension: (Google Search) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-06]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-07-06]
CHR Extension: (Speed Analysis 2) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf [2015-07-06] [UpdateUrl: hxxps://srv.mzcdn.com/addons/speedanalysis02/update.chrome.xml] <==== ATTENTION
CHR Extension: (Google Sheets) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-06]
CHR Extension: (appbario12) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi [2015-07-16] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3279411&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (SwagButton) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2015-07-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-06]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-07-06]
CHR Extension: (Smiley Bar for Facebook) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\mocblcnaofikinigmceddfghppkkjbog [2015-07-06] [UpdateUrl: hxxps://srv.mzcdn.com/addons/pluswinks/update.chrome.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-06]
CHR Extension: (Anti-Banner) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-07-06]
CHR Profile: C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12
CHR Extension: (Google Slides) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-17]
CHR Extension: (Google Docs) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-17]
CHR Extension: (Google Drive) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-17]
CHR Extension: (Kaspersky Protection) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-09-17]
CHR Extension: (YouTube) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-17]
CHR Extension: (Google Search) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-17]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-09-17]
CHR Extension: (Speed Analysis 2) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf [2015-09-17] [UpdateUrl: hxxps://srv.mzcdn.com/addons/speedanalysis02/update.chrome.xml] <==== ATTENTION
CHR Extension: (Google Sheets) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-17]
CHR Extension: (appbario12) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi [2015-09-17] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3279411&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Google Docs Offline) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-17]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-09-17]
CHR Extension: (Smiley Bar for Facebook) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\mocblcnaofikinigmceddfghppkkjbog [2015-09-17] [UpdateUrl: hxxps://srv.mzcdn.com/addons/pluswinks/update.chrome.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-17]
CHR Extension: (Gmail) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-17]
CHR Extension: (Anti-Banner) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-09-17]
CHR Profile: C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-08]
CHR Extension: (Google Drive) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-08]
CHR Extension: (YouTube) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-08]
CHR Extension: (Google Search) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-08]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-06-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-09]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (Google Wallet) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-09]
CHR Extension: (Gmail) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-08]
CHR Profile: C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Docs) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-06-12]
CHR Extension: (Google Docs Offline) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (SwagButton) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2015-11-19]
CHR Extension: (BeFrugal.com Add-On) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kcdcneeneoifbeenbbnjodcflhdbaggp [2015-07-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2014-09-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Profile: C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Slides) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Kaspersky Protection) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-09-16]
CHR Extension: (YouTube) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-09-16]
CHR Extension: (Speed Analysis 2) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf [2014-09-16] [UpdateUrl: hxxps://srv.mzcdn.com/addons/speedanalysis02/update.chrome.xml] <==== ATTENTION
CHR Extension: (Google Sheets) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (appbario12) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi [2014-09-24] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3279411&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Google Docs Offline) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (Smiley Bar for Facebook) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\mocblcnaofikinigmceddfghppkkjbog [2014-09-16] [UpdateUrl: hxxps://srv.mzcdn.com/addons/pluswinks/update.chrome.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Anti-Banner) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-09-16]
CHR Profile: C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 5
CHR Extension: (Google Slides) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-21]
CHR Extension: (Google Docs) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-21]
CHR Extension: (Google Drive) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-21]
CHR Extension: (Kaspersky Protection) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-09-18]
CHR Extension: (YouTube) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-21]
CHR Extension: (Google Search) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-06]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-09-18]
CHR Extension: (Google Sheets) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-21]
CHR Extension: (appbario12) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi [2014-09-19] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3279411&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2014-09-19]
CHR Extension: (Google Wallet) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-21]
CHR Extension: (Gmail) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
CHR Extension: (Anti-Banner) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-09-18]
CHR Profile: C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 6
CHR Extension: (Google Slides) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-22]
CHR Extension: (Google Docs) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-14]
CHR Extension: (Google Drive) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (Kaspersky Protection) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-09-20]
CHR Extension: (YouTube) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (Google Search) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-09-20]
CHR Extension: (Speed Analysis 2) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf [2014-09-20] [UpdateUrl: hxxps://srv.mzcdn.com/addons/speedanalysis02/update.chrome.xml] <==== ATTENTION
CHR Extension: (Google Sheets) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-14]
CHR Extension: (appbario12) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi [2014-09-23] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3279411&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Google Docs Offline) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (Smiley Bar for Facebook) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\mocblcnaofikinigmceddfghppkkjbog [2014-09-20] [UpdateUrl: hxxps://srv.mzcdn.com/addons/pluswinks/update.chrome.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-13]
CHR Extension: (Gmail) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07]
CHR Extension: (Anti-Banner) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-09-20]
CHR Profile: C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 7
CHR Extension: (Google Slides) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-13]
CHR Extension: (Google Docs) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-13]
CHR Extension: (Google Drive) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (Kaspersky Protection) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-09-30]
CHR Extension: (YouTube) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (Google Search) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-09-30]
CHR Extension: (Speed Analysis 2) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf [2014-09-30] [UpdateUrl: hxxps://srv.mzcdn.com/addons/speedanalysis02/update.chrome.xml] <==== ATTENTION
CHR Extension: (Google Sheets) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-13]
CHR Extension: (appbario12) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi [2014-10-01] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3279411&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Google Docs Offline) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-22]
CHR Extension: (Smiley Bar for Facebook) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\mocblcnaofikinigmceddfghppkkjbog [2014-09-30] [UpdateUrl: hxxps://srv.mzcdn.com/addons/pluswinks/update.chrome.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-16]
CHR Extension: (Gmail) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-23]
CHR Extension: (Anti-Banner) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-09-30]
CHR Profile: C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 8
CHR Extension: (Google Slides) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-16]
CHR Extension: (Kaspersky Protection) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-10-10]
CHR Extension: (YouTube) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (Google Search) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-10-10]
CHR Extension: (Speed Analysis 2) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf [2014-10-10] [UpdateUrl: hxxps://srv.mzcdn.com/addons/speedanalysis02/update.chrome.xml] <==== ATTENTION
CHR Extension: (Google Sheets) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (appbario12) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi [2014-11-07] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3279411&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Google Docs Offline) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (Smiley Bar for Facebook) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\mocblcnaofikinigmceddfghppkkjbog [2014-10-10] [UpdateUrl: hxxps://srv.mzcdn.com/addons/pluswinks/update.chrome.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]
CHR Extension: (Gmail) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
CHR Extension: (Anti-Banner) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-10-10]
CHR Profile: C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 9
CHR Extension: (No Name) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi [2015-01-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-21]
CHR Extension: (Smiley Bar for Facebook) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\mocblcnaofikinigmceddfghppkkjbog [2015-01-21] [UpdateUrl: hxxps://srv.mzcdn.com/addons/pluswinks/update.chrome.xml] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-21]
CHR Extension: (Gmail) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-21]
CHR Extension: (Anti-Banner) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-01-21]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\J\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-21]
CHR HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-03-26]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-03-26]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-03-26] (Kaspersky Lab ZAO)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-10-07] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 mitsijm2013; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-30] ( )
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-11-04] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-06-26] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-06-26] (Intuit Inc.) [File not signed]
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-06-17] ()
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1115224 2015-07-24] (RealNetworks, Inc.)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
S3 Steam Client Service; "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-26] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-03-26] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-26] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-03-26] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-03-26] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-03-26] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-07-30] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 usbbus; C:\Windows\System32\drivers\lgx64bus.sys [17920 2010-04-13] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\system32\DRIVERS\lgx64diag.sys [27648 2010-04-13] (LG Electronics Inc.)
S3 USBModem; C:\Windows\system32\DRIVERS\lgx64modem.sys [33280 2010-04-13] (LG Electronics Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-19 11:28 - 2015-11-19 11:29 - 00063513 _____ C:\Users\J\Desktop\FRST.txt
2015-11-19 05:53 - 2015-11-19 09:04 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-19 05:53 - 2015-11-19 05:53 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-19 05:53 - 2015-11-19 05:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-19 05:53 - 2015-11-19 05:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-19 05:53 - 2015-11-19 05:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-19 05:53 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-19 05:53 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-19 05:53 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-19 05:51 - 2015-11-19 05:51 - 22908888 _____ (Malwarebytes ) C:\Users\J\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-19 05:43 - 2015-11-19 05:43 - 00003508 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_J
2015-11-19 05:42 - 2015-11-19 05:42 - 00003502 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_J
2015-11-19 05:41 - 2015-11-19 05:41 - 00003626 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_J
2015-11-19 05:41 - 2015-11-19 05:41 - 00003222 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_J
2015-11-19 05:30 - 2015-11-19 05:35 - 00000000 ____D C:\AdwCleaner
2015-11-19 05:27 - 2015-11-19 05:27 - 01732096 _____ C:\Users\J\Downloads\AdwCleaner.exe
2015-11-19 05:19 - 2015-11-19 05:19 - 00001268 _____ C:\Users\J\Desktop\Revo Uninstaller.lnk
2015-11-19 05:19 - 2015-11-19 05:19 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-11-19 05:18 - 2015-11-19 05:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\J\Downloads\revosetup.exe
2015-11-18 18:43 - 2015-11-18 18:43 - 00029746 _____ C:\Users\J\Downloads\ComboFix.txt
2015-11-18 17:52 - 2015-11-18 17:52 - 00030235 _____ C:\ComboFix.txt
2015-11-18 15:47 - 2015-11-18 17:52 - 00000000 ____D C:\Qoobox
2015-11-18 15:47 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-18 15:47 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-18 15:47 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-18 15:47 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-18 15:47 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-18 15:47 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-11-18 15:47 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-18 15:47 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-18 15:47 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-11-18 15:46 - 2015-11-18 17:47 - 00000000 ____D C:\Windows\erdnt
2015-11-18 15:43 - 2015-11-18 15:43 - 05639131 ____R (Swearware) C:\Users\J\Desktop\ComboFix.exe
2015-11-18 07:23 - 2015-11-18 07:23 - 00119964 _____ C:\Users\J\Downloads\1 scan.txt
2015-11-18 07:11 - 2015-11-18 07:11 - 04397752 _____ (Kaspersky Lab ZAO) C:\Users\J\Desktop\tdsskiller.exe
2015-11-17 15:23 - 2015-11-17 17:49 - 00090512 _____ C:\Users\J\Downloads\Addition.txt
2015-11-17 15:20 - 2015-11-17 18:35 - 00046230 _____ C:\Users\J\Downloads\FRST.txt
2015-11-17 15:19 - 2015-11-19 11:29 - 00000000 ____D C:\FRST
2015-11-17 15:18 - 2015-11-17 15:18 - 02008576 _____ (Farbar) C:\Users\J\Desktop\FRST64.exe
2015-11-17 11:46 - 2015-11-17 11:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
2015-11-17 11:46 - 2015-11-17 11:46 - 00002014 _____ C:\Users\Public\Desktop\Adobe Reader 8.lnk
2015-11-17 09:03 - 2015-11-02 19:20 - 00809944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-17 09:03 - 2015-11-02 19:20 - 00176088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-16 18:05 - 2015-11-16 18:05 - 00000044 _____ C:\Users\J\Downloads\webscr
2015-11-14 13:16 - 2015-11-14 16:16 - 00000427 ____H C:\Windows\system32\Rebecca.dat
2015-11-13 11:29 - 2015-10-01 08:10 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-11-13 11:29 - 2015-10-01 08:09 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-11-13 08:13 - 2015-10-20 08:53 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-13 08:12 - 2015-10-20 10:01 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-13 08:12 - 2015-10-20 10:00 - 14292992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-13 08:12 - 2015-10-20 10:00 - 13775360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-13 08:12 - 2015-10-20 10:00 - 02866176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-13 08:12 - 2015-10-20 10:00 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-13 08:12 - 2015-10-20 10:00 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-13 08:12 - 2015-10-20 10:00 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-11-13 08:12 - 2015-10-20 10:00 - 00715776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-13 08:12 - 2015-10-20 10:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-13 08:12 - 2015-10-20 08:54 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-13 08:12 - 2015-10-20 08:54 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-13 08:12 - 2015-10-20 08:53 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-13 08:12 - 2015-10-20 08:53 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-13 08:12 - 2015-10-20 08:53 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-11-13 08:12 - 2015-10-20 08:53 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-13 08:11 - 2015-10-20 10:01 - 00525824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-13 08:11 - 2015-10-20 10:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-13 08:11 - 2015-10-20 10:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-13 08:11 - 2015-10-20 08:54 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-13 08:11 - 2015-10-20 08:53 - 03960832 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-13 08:11 - 2015-10-20 08:53 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-13 08:09 - 2015-10-27 09:46 - 00320000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-13 08:09 - 2015-10-27 09:46 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-13 08:09 - 2015-10-27 09:46 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-13 08:09 - 2015-10-27 08:55 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-13 08:09 - 2015-10-27 08:54 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-13 08:09 - 2015-10-27 08:54 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-13 08:09 - 2015-10-11 01:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-13 08:09 - 2015-10-11 01:45 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-13 08:09 - 2015-09-23 08:10 - 00377552 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-13 08:09 - 2015-09-23 08:10 - 00332576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-13 08:06 - 2015-10-17 08:28 - 04063744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-13 08:06 - 2015-10-13 08:16 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-13 08:06 - 2015-10-13 08:16 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-13 08:06 - 2015-09-12 08:09 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-12 22:33 - 2015-10-28 11:46 - 06970704 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-12 22:33 - 2015-10-28 09:59 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-12 22:33 - 2015-10-28 09:59 - 00171864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-12 22:33 - 2015-10-28 09:37 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-12 22:33 - 2015-09-23 08:10 - 00570256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-12 22:16 - 2015-11-12 22:16 - 00000000 ____D C:\Windows\SysWOW64\Power2Go8
2015-11-12 06:29 - 2015-11-12 06:29 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2015-11-04 09:09 - 2015-11-04 09:10 - 00000000 ____D C:\Users\J\AppData\Local\{424528B0-8998-4CF8-B880-AB384A4B859E}
2015-11-01 17:47 - 2015-11-01 17:47 - 00000028 _____ C:\Users\J\Downloads\i
2015-10-20 18:03 - 2014-04-16 13:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-10-20 18:02 - 2014-04-16 13:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-19 11:29 - 2012-12-25 09:33 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6A2AD662-2D47-4087-8302-25A4EA232D37}
2015-11-19 11:08 - 2014-01-06 11:58 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1962473557-1781975835-3520380482-1002UA.job
2015-11-19 11:00 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\sru
2015-11-19 10:50 - 2013-01-17 14:19 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-19 10:23 - 2012-12-25 09:28 - 01871571 _____ C:\Windows\WindowsUpdate.log
2015-11-19 10:16 - 2014-07-01 00:11 - 00000960 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1962473557-1781975835-3520380482-1002UA.job
2015-11-19 09:30 - 2014-06-01 18:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-19 08:05 - 2014-04-04 04:59 - 00000000 ___RD C:\Users\J\Google Drive
2015-11-19 08:03 - 2013-01-17 14:19 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-19 08:00 - 2012-07-26 02:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-19 07:59 - 2012-08-16 23:03 - 00000000 ____D C:\Windows\PCHEALTH
2015-11-19 07:59 - 2012-08-03 17:23 - 00831752 _____ C:\Windows\PFRO.log
2015-11-19 07:18 - 2014-05-05 19:50 - 00000000 ____D C:\Program Files\pcreg
2015-11-19 07:18 - 2013-03-17 22:39 - 00000000 ____D C:\Temp
2015-11-19 05:26 - 2013-11-04 09:51 - 10078208 ___SH C:\Users\J\Downloads\Thumbs.db
2015-11-19 05:20 - 2014-10-13 06:09 - 00000295 _____ C:\Windows\wininit.ini
2015-11-18 19:08 - 2014-01-06 11:58 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1962473557-1781975835-3520380482-1002Core.job
2015-11-18 18:57 - 2014-09-10 17:29 - 00000090 _____ C:\Windows\QBChanUtil_Trigger.ini
2015-11-18 17:52 - 2012-07-26 00:37 - 00000000 __RHD C:\Users\Default
2015-11-18 17:39 - 2012-07-26 00:26 - 00000215 _____ C:\Windows\system.ini
2015-11-17 15:31 - 2012-12-25 09:41 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1962473557-1781975835-3520380482-1002
2015-11-17 12:39 - 2014-06-26 17:28 - 00000000 ____D C:\Users\J\AppData\Local\Adobe
2015-11-17 11:46 - 2013-03-19 07:23 - 00000000 ____D C:\ProgramData\Adobe
2015-11-17 11:45 - 2013-03-19 07:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-17 11:28 - 2014-10-13 06:06 - 00000364 _____ C:\Windows\Tasks\HPCeeScheduleForJ.job
2015-11-17 11:28 - 2012-07-26 00:26 - 17039360 _____ C:\Windows\system32\config\SYSTEM.bak
2015-11-17 11:28 - 2012-07-26 00:26 - 115867648 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-11-17 11:28 - 2012-07-26 00:26 - 00786432 _____ C:\Windows\system32\config\DEFAULT.bak
2015-11-17 11:28 - 2012-07-26 00:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-11-17 11:28 - 2012-07-26 00:26 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-11-17 11:28 - 2012-07-26 00:26 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-11-17 09:35 - 2014-10-13 06:06 - 00003182 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJ
2015-11-17 09:35 - 2012-12-25 09:27 - 00000000 ____D C:\Users\J
2015-11-17 09:00 - 2015-03-17 07:24 - 00497448 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-16 17:34 - 2015-07-24 19:42 - 00000000 ____D C:\Users\J\AppData\Roaming\Real
2015-11-16 14:28 - 2013-01-17 15:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-16 14:28 - 2012-07-26 02:59 - 00000000 ____D C:\Windows\CbsTemp
2015-11-16 11:23 - 2012-12-27 20:56 - 00000000 ____D C:\Users\J\AppData\Local\CrashDumps
2015-11-15 14:33 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\rescache
2015-11-15 13:34 - 2013-10-24 10:51 - 00556032 ___SH C:\Users\J\Documents\Thumbs.db
2015-11-14 11:53 - 2012-07-26 02:28 - 00941114 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-14 01:16 - 2014-07-01 00:11 - 00000938 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1962473557-1781975835-3520380482-1002Core.job
2015-11-13 18:08 - 2013-08-19 18:31 - 00002288 ____H C:\Users\J\Documents\Default.rdp
2015-11-13 18:00 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-11-13 15:04 - 2013-03-25 10:59 - 04613632 ___SH C:\Users\J\Desktop\Thumbs.db
2015-11-13 11:21 - 2013-08-24 12:31 - 00000000 ____D C:\Windows\system32\MRT
2015-11-13 10:31 - 2012-12-26 11:10 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-13 09:40 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-11-13 08:10 - 2013-01-17 20:17 - 00000000 ____D C:\Windows\Minidump
2015-11-12 06:29 - 2015-07-31 04:21 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-09 22:27 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
 
==================== Files in the root of some directories =======
 
2014-07-08 07:37 - 2014-10-28 20:52 - 0008704 _____ () C:\Users\J\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-06 06:00 - 2013-03-06 06:00 - 0007602 _____ () C:\Users\J\AppData\Local\Resmon.ResmonCfg
2014-06-08 07:59 - 2014-06-08 07:59 - 0000000 _____ () C:\Users\J\AppData\Local\{02C62D85-60EE-411D-95E8-E84572E029A0}
2015-02-11 06:45 - 2015-06-25 11:40 - 0009690 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\J\AppData\Local\Temp\sqlite3.dll
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\vp6vfw.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. 
 
 
LastRegBack: 2015-11-12 08:43
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-11-2015
Ran by J (2015-11-19 11:31:17)
Running from C:\Users\J\Desktop
Windows 8 (X64) (2012-12-25 14:28:18)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1962473557-1781975835-3520380482-500 - Administrator - Disabled)
Guest (S-1-5-21-1962473557-1781975835-3520380482-501 - Limited - Disabled)
J (S-1-5-21-1962473557-1781975835-3520380482-1002 - Administrator - Enabled) => C:\Users\J
Kids (S-1-5-21-1962473557-1781975835-3520380482-1007 - Limited - Enabled) => C:\Users\Kids
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AST Android SMS Transfer 1.5 (HKLM-x32\...\AST Android SMS Transfer_is1) (Version:  - AST)
Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk Inventor 2013 Quick Uninstaller (HKLM\...\{D25FF5C1-1764-469A-9794-69309387C193}) (Version: 17.0.13800.0000 - Autodesk)
Autodesk Inventor Content Center Libraries 2013 (Desktop Content) (HKLM\...\{B46DECD1-1764-4EF1-0000-22D71E81877C}) (Version: 17.0.13800.0000 - Autodesk)
Autodesk Inventor Fusion 2013 (HKLM\...\Autodesk Inventor Fusion 2013) (Version: 2.0.0.206 - Autodesk, Inc.)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.) Hidden
Autodesk Inventor Professional 2013 (Version: 17.0.13800.0000 - Autodesk) Hidden
Autodesk Inventor Professional 2013 English (HKLM\...\Autodesk Inventor Professional 2013) (Version: 17.0.13800.0000 - Autodesk)
Autodesk Inventor Professional 2013 English Language Pack (Version: 17.0.13800.0000 - Autodesk) Hidden
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2013 (HKLM-x32\...\{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}) (Version: 3.0.13 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
Autodesk Vault Basic 2013 (Client) (HKLM-x32\...\Autodesk Vault Basic 2013 (Client)) (Version: 17.0.61.0 - Autodesk)
Autodesk Vault Basic 2013 (Client) (Version: 17.0.61.0 - Autodesk) Hidden
Autodesk Vault Basic 2013 (Client) English Language Pack (Version: 17.0.61.0 - Autodesk) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Blender (HKLM\...\Blender) (Version: 2.70a - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
C309g-m (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
DWG TrueView 2013 (HKLM\...\DWG TrueView 2013) (Version: 19.0.55.0 - Autodesk)
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk) Hidden
Eco Materials Adviser for Autodesk Inventor 2013 (HKLM\...\{792A9A32-718A-40D1-9867-A903F76AE2F8}) (Version: 3.9.12.0 - Granta Design Limited)
EEMSQB-TSImports (HKLM-x32\...\{A743BABC-D96E-40DE-BCDF-E4F3BCFF7258}) (Version: 1.0.0 - GHG)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GoPro Studio 2.0.0 (HKLM-x32\...\GoPro Studio) (Version: 2.0.0 - WoodmanLabs Inc. d.b.a. GoPro)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{5A1FBC15-2DE2-4B71-809F-33E746908CE4}) (Version: 14.0 - HP)
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.5.0.001 - HTC Corporation)
HTC Sync (HKLM-x32\...\{CBDAE89D-8ABD-4DC5-9309-C2C58696B371}) (Version: 3.3.63 - HTC Corporation)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
join.me (HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\JoinMe) (Version: 1.18.0.189 - LogMeIn, Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
LG USB Modem Drivers (HKLM-x32\...\{16EE2E7E-221B-40DD-8A9A-4311498EC930}) (Version: 4.9.7 - LG Electronics)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Memory Manager 4.0 (HKLM-x32\...\{C3E83D6F-E8C3-407D-8366-EF00153B6E81}) (Version: 4.1.4584 - Creative Memories)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version:  - Virtual Heroes)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Musicnotes Player V1.32.2 and Viewer V1.19.0 (HKLM-x32\...\Musicnotes Player_is1) (Version: 1.32.2 - Musicnotes Inc.)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
PS_AIO_06_C309g-m_SW_Min (x32 Version: 140.0.863.000 - Hewlett-Packard) Hidden
QBFC 10.0 (HKLM-x32\...\{F42646EA-9B88-45D3-8426-21029D751562}) (Version: 10.0.0.29 - Intuit Developer Network)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickBooks (x32 Version: 24.0.4010.2403 - Intuit Inc.) Hidden
QuickBooks Premier: Accountant Edition 2014 (HKLM-x32\...\{48DCE40F-BD78-4EEA-B810-6F371716A5DD}) (Version: 24.0.4010.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
QuickBooks to eEMS Data Sync (HKLM-x32\...\{6B8B8BA1-EFC4-4E53-BB75-0E20830B6E5E}) (Version: 1.0.0 - GHG)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
RealDownloader (x32 Version: 18.0.1.10 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.0.1.9 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.1 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SQLite ODBC Driver (remove only) (HKLM-x32\...\SQLite ODBC Driver) (Version:  - )
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
StoryBook Creator 4.0 (HKLM\...\{EC445D66-B081-474E-948C-52E1EC48A414}) (Version: 4.0.5045 - Panstoria, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
The Sims™ 2 Double Deluxe (HKLM-x32\...\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}) (Version:  - Electronic Arts)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.8 - Western Digital)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{00F064D8-FEC3-48ac-B07D-39C314D1727B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\TestServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{1029ABC3-2457-11D5-8E9D-0010B541CD80}\localserver32 -> C:\Program Files\Autodesk\Inventor 2013\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{13009989-EFB5-48C9-8BD2-943E0392BD71}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\RxAppCtrl.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{18A21864-E37B-42b9-9612-2C1E8C450A29}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{21DB88B0-BFBF-11D4-8DE6-0010B541CAA8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\iDrop.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{244298EC-E661-11d4-BC13-0010B5891E89}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\TI.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{2F8377FC-50C1-44EF-AB7A-8FF1BB8EA277}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{3897B445-D5B8-410d-899A-9789B8ADB643}\localserver32 -> C:\Program Files\Autodesk\Inventor 2013\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{3C3F63EA-C7BA-11d4-8E60-0010B541CD80}\localserver32 -> C:\Program Files\Autodesk\Inventor 2013\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2013\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{3FC94EB5-AEBD-4f3f-A2A4-B6CE57113C01}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\RxAppDocView.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{45122C53-8483-4b62-B15A-EAA9FE5FC3D5}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{4C80573A-9150-11d2-B772-0060B0F159EF}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\RxAppDocView.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{4D29B490-49B2-11D0-93C3-7E0706000000}\localserver32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{62FBB030-24C7-11D3-B78D-0060B0F159EF}\localserver32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{644190AE-BD8F-493F-B63D-C79404AC5E07}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2013\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{6FDE7A70-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{6FDE7A71-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{6FDE7A72-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{6FDE7A73-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{6FDE7A74-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{6FDE7A77-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\DtCp.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{72EC5CC5-88F3-45B1-A865-0A327DF58CC8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{76283A80-50DD-11D3-A7E3-00C04F79D7BC}\localserver32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{81D07C3D-0350-11D3-B7C2-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\RxAppCtrl.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{8421A29C-54B8-11D1-9837-0060B03C43C8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\SolidObject.Dll ()
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{846217D0-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\UCxTextBtn.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{846217D1-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\UCxTextBtn.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{8B0E6BD9-610C-11D1-9842-0060B03C43C8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\SolidObject.Dll ()
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\TestServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{97E17F04-17DF-11d5-BC38-0010B5891E89}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\BodyReceiver.dll ()
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{B6B5DC40-96E3-11d2-B774-0060B0F159EF}\localserver32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{B8E7214B-25CA-4116-84CB-E86FB9625B36}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{BBF9FDF1-52DC-11D0-8C04-0800090BE8EC}\localserver32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{BE54741D-E02B-4572-93D6-105AF4EDE777}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{C343ED84-A129-11d3-B799-0060B0F159EF}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\RxApprenticeServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{C92F8F8C-8B2C-11d4-B872-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{CFEE2BAF-14F9-4D23-853D-B6E2BCC14263}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{D7A1987D-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\ColorButton.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{D7A1987E-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\ColorButton.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{DA1F437C-9BD9-11d4-B87C-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{DB5D476B-3FF4-4E9D-A606-1E2B473BE571}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\AcInetUI.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{DCA7356C-FF94-4b20-AE04-7AA6A8E14117}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{DDA9A20F-5B56-49F5-9465-CE82FC199352}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{DE6B563C-B074-4BF1-A8A0-B3FED8703E99}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{E1C85E9F-60B2-4007-80C3-2C5E09474C3B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\RxInventorUtilities.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\TestServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{E60F81E1-49B3-11D0-93C3-7E0706000000}\localserver32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{F13E75B9-6AF6-49CB-80B3-6D2FF6E09932}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{F61064CC-DBFB-47ee-9BC8-CA5A1CBDF0DA}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\InvResc.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{FA62F626-EBD5-4dc5-B970-D9E81E0E20E0}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{FB469644-3F14-4403-ACCA-6B13486FF7BD}\localserver32 -> C:\Program Files\Autodesk\Inventor 2013\Bin\InvTXTStack.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll => No File
 
==================== Restore Points =========================
 
27-10-2015 19:41:37 Scheduled Checkpoint
04-11-2015 13:50:29 Scheduled Checkpoint
13-11-2015 10:27:01 Windows Update
16-11-2015 14:19:20 Windows Update
18-11-2015 15:47:57 ComboFix created restore point
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 00:26 - 2015-11-18 17:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05C09416-8B07-48A4-A49D-A3C4D80EEC05} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1962473557-1781975835-3520380482-1002Core => C:\Users\J\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-01] (Facebook Inc.)
Task: {1D15AC1F-E4D2-4552-8604-0E32827F4480} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {205BAFDF-E432-46EC-8B22-6EEC0C568C6B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1962473557-1781975835-3520380482-1002UA => C:\Users\J\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {2225C0DA-FD2D-4963-A9B3-C13515FE33B2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {246C0294-408F-4151-B971-4F6CFD616BFD} - System32\Tasks\{798B7218-7818-4032-92B4-897CD4CE94A4} => pcalua.exe -a C:\Users\J\AppData\Local\Roblox\Versions\version-54257e546c7e4443\RobloxPlayerLauncher.exe -c -uninstall
Task: {2B404EEC-6790-4E38-AF8E-6FBE4933AC36} - System32\Tasks\ReclaimerUpdateFiles_J => C:\Users\J\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.01\agent\rnupgagent.exe [2015-11-19] (RealNetworks, Inc.)
Task: {3A9AC9E8-0C80-4BA9-8953-EFD0D2E9EED1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-13] (Microsoft Corporation)
Task: {4AE53B1E-6BB1-4D6F-B652-987842F301CC} - System32\Tasks\RNUpgradeHelperLogonPrompt_J => C:\Users\J\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.01\agent\rnupgagent.exe [2015-11-19] (RealNetworks, Inc.)
Task: {5D8414A0-B268-4E7B-AD5A-468C3351CB81} - System32\Tasks\ReclaimerUpdateXML_J => C:\Users\J\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.01\agent\rnupgagent.exe [2015-11-19] (RealNetworks, Inc.)
Task: {645E3885-BB9A-4A68-85AB-41F4632D7F6A} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-06-16] ()
Task: {667C09BD-7443-4CEC-AD11-06FB6A59E4DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {68EBAF14-1475-4181-AE62-9C660B6EC1BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1962473557-1781975835-3520380482-1002Core => C:\Users\J\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {725A2AA0-AAF8-4521-A302-AB3EE9BA960B} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-12] (AO Kaspersky Lab)
Task: {79BE9378-7600-4772-9945-73FB083B55DE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {7CE860DE-0B7A-42A5-A37F-8B31AB7129B6} - System32\Tasks\HPCeeScheduleForJ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {855AB2A5-76D2-4394-AA32-ABEFF92F0B5C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1962473557-1781975835-3520380482-1002UA => C:\Users\J\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-01] (Facebook Inc.)
Task: {88A0252A-6C5A-4F01-8C81-DBD4E38AF75F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {8EB5C9CB-7C8D-4A98-A417-62AE03060E20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {98BB2F73-0AC9-4452-BBF5-2EEBE070D94A} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2013-09-03] ()
Task: {A5471C67-0834-417F-845E-940C79D18212} - System32\Tasks\{0D6103C9-E7F5-47C9-B0DF-F98A276B0CDF} => pcalua.exe -a E:\AutoRun.exe -d E:\
Task: {A949C63A-5253-4A01-8DF3-9580F72AAEF7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-06-13] (Synaptics Incorporated)
Task: {A993B7A9-7833-4480-9D0D-AD3D267428B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {B19122E7-3706-4C7E-9834-A3291F93DF6D} - System32\Tasks\{95FB9D13-145D-414A-B22C-D67C549FDC2C} => pcalua.exe -a "C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\EAUninstall.exe"
Task: {B2B3471B-E463-41D5-AD18-628379255CE3} - System32\Tasks\RNUpgradeHelperResumePrompt_J => C:\Users\J\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.01\agent\rnupgagent.exe [2015-11-19] (RealNetworks, Inc.)
Task: {B6A76541-382B-4433-9B11-6F0144243D53} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {C5D5F05D-C98E-4C3B-B4B5-6B6EB8CF195C} - System32\Tasks\{4E1159F5-ED3D-4768-9F27-E74CC4DFBEFA} => pcalua.exe -a "C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\Uninstaller.exe"
Task: {CBC2EFCC-B293-467C-A495-2E48C86B9BF2} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {D8AB3154-BDD5-47DA-89C7-81C489864CA0} - System32\Tasks\{3A7D70DA-EC65-47D2-82C0-D98C3A9252CC} => pcalua.exe -a E:\Autorun.exe -d E:\
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1962473557-1781975835-3520380482-1002Core.job => C:\Users\J\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1962473557-1781975835-3520380482-1002UA.job => C:\Users\J\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1962473557-1781975835-3520380482-1002Core.job => C:\Users\J\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1962473557-1781975835-3520380482-1002UA.job => C:\Users\J\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJ.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-08-08 13:36 - 2012-08-08 13:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-09-29 07:18 - 2012-12-07 16:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-06-17 02:25 - 2015-06-17 02:25 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2009-08-19 15:49 - 2009-08-19 15:49 - 00049152 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
2009-02-25 14:18 - 2009-02-25 14:18 - 01196032 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL
2015-06-16 23:06 - 2015-06-16 23:06 - 00608320 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2012-08-08 13:36 - 2012-08-08 13:36 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-08 13:22 - 2012-08-08 13:22 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:054203E4
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\bankofamerica.com -> cashproonline.bankofamerica.com
IE trusted site: HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\bankofamerica.com -> hxxps://cashproonline.bankofamerica.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\J\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\1.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "CineForm Status.lnk"
HKLM\...\StartupApproved\Run: => "Autodesk Sync"
HKLM\...\StartupApproved\Run: => "pcreg"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "pcreg"
HKLM\...\StartupApproved\Run32: => "HTC Sync Loader"
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\StartupApproved\StartupFolder: => "RollerCoaster Tycoon 3 Registration.lnk"
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\StartupApproved\StartupFolder: => "DesktopWeatherAlerts.lnk"
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\StartupApproved\StartupFolder: => "Weather Alerts.lnk"
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\StartupApproved\Run: => "pcreg"
HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\...\StartupApproved\Run: => "Power2GoExpress8"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E30FE1C6-4F1B-4F7A-A4D4-089F96A80D3C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AC0D6EE0-6FC2-46CF-BEAF-A191E1A2E3F0}] => (Allow) LPort=2869
FirewallRules: [{207D0475-6BF3-40EA-9862-8E32654D230F}] => (Allow) LPort=1900
FirewallRules: [{49197515-7E08-41F9-A467-188B3E30CA1A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{070A6C01-FF24-4472-8786-15B2E3795CC0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6C1EBE51-16C1-4A78-BD29-7A2773A873B0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0CF370C3-CE59-4E21-BA83-6F55D265EBC4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A5043A8A-1550-44B9-99FD-0D52F24FF500}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{328A749D-B078-481C-83F9-F6AC323F7878}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [TCP Query User{6BBA8FD8-645E-4982-9DD7-6B22BA626D2D}C:\users\J\appdata\local\hpconnectedmusic\application\hpconnectedmusic.exe] => (Block) C:\users\J\appdata\local\hpconnectedmusic\application\hpconnectedmusic.exe
FirewallRules: [UDP Query User{8817D318-5FC3-4944-A8B8-AB33DAA9CA53}C:\users\J\appdata\local\hpconnectedmusic\application\hpconnectedmusic.exe] => (Block) C:\users\J\appdata\local\hpconnectedmusic\application\hpconnectedmusic.exe
FirewallRules: [TCP Query User{A3F16D56-A7F5-4176-805F-618B138BA059}C:\users\J\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\J\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{9D443CF9-6B73-415C-B4ED-C8B3694CF756}C:\users\J\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\J\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{759344A6-E99A-4A0A-8033-96E1F90661D5}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe] => (Block) C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe
FirewallRules: [UDP Query User{2AB8E232-0D7E-4A46-AFED-E04240FF5551}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe] => (Block) C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe
FirewallRules: [TCP Query User{1D3605F7-8398-4AB1-BF38-91AB76785C10}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe] => (Block) C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe
FirewallRules: [UDP Query User{C2173145-F68B-4C80-A9BE-3F80A0762C7A}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe] => (Block) C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe
FirewallRules: [{9620C632-233C-49E3-A492-1C2C1A33C2BD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{5E2022F4-6C1A-4046-8320-FD8584AEE8BE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5A453FCF-4324-4567-B40C-FD09250EAB8F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9B76D68C-B12E-47AF-ABB7-FD37AC18CF54}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Moon Base Alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [{7C24B03F-769F-4F6E-8F70-E2A457F3FA90}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Moon Base Alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [{AE438B1C-F8A7-4C71-8C08-98CC4EC24B48}] => (Allow) C:\Users\J\AppData\Local\Temp\Phx92BA\verti.exe
FirewallRules: [{267AB2D2-C40F-44D6-930C-B1DA31B2D68F}] => (Allow) C:\Users\J\AppData\Local\Temp\file_3750381747.exe
FirewallRules: [{51994180-15D0-4432-8ED7-ECAD9D21D123}] => (Allow) C:\Users\J\AppData\Local\Temp\file_149719.exe
FirewallRules: [{9DA52899-96E0-4CE4-B65C-EBADCE6C0B68}] => (Allow) c:\program files\pcreg\pcreg.exe
FirewallRules: [{103240C7-1D8A-4022-8F67-284C8F3F4364}] => (Allow) c:\program files\pcreg\pcreg.exe
FirewallRules: [{3D4D52F8-D72E-409F-9EA0-9A34979CE600}] => (Allow) c:\program files\pcreg\service.exe
FirewallRules: [{634615C6-84B6-4D0B-98C2-63DCD77FD98C}] => (Allow) c:\program files\pcreg\service.exe
FirewallRules: [{F7461EF3-234F-4735-BA0A-0F5CC0557419}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55545.exe
FirewallRules: [{423CE9F8-63C3-4578-A6D7-2BDBA2CA31B8}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55545.exe
FirewallRules: [{D94DC608-B30E-43A4-96A6-C250697D02AD}] => (Allow) C:\Windows\TEMP\file_to_run55731.exe
FirewallRules: [{946D93C0-288B-4199-9C3E-EA8987BB7695}] => (Allow) C:\Windows\TEMP\file_to_run55731.exe
FirewallRules: [{C623D7E5-1548-4EF8-8921-1201142B28CE}] => (Allow) C:\Windows\TEMP\file_to_run55558.exe
FirewallRules: [{CAFA6BDD-87CE-40EB-BAB0-CD80537E65F6}] => (Allow) C:\Windows\TEMP\file_to_run55558.exe
FirewallRules: [TCP Query User{8799B291-949C-4774-A5C9-35E13E38A93D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{6C7B16F6-A403-422A-BB85-DE86C7FCDE20}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{12312FE0-7BFE-4A92-B92B-E6BAE50B9999}] => (Allow) C:\Users\J\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{E64821EB-9FFA-478E-82CE-B0C39E593A6D}] => (Allow) C:\Users\J\AppData\Local\Temp\7zS7F27\setup\hpznui40.exe
FirewallRules: [{3E092E1E-239F-4C27-8E5C-B6C980AAABA4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{1C477ADB-C651-434C-B4BD-DDCAAF87BEB7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{8713DA59-FC34-4FA7-A56B-E32065F68590}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{AF884E65-9874-45DC-9402-1AFBBE2DCD91}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{48CC6505-AD44-444C-A270-A73F006AF7BD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EDCB6B3C-8A05-45C3-A097-4DD5BEA32F13}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{707958E5-4614-4449-B1F4-B4DD111EE158}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{4B42A621-3AB7-4E76-BCF7-B0D5B804278E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{4FFE13F0-56A3-4598-9E00-7AC0B0CC71F4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{2F9DBD4B-1CF7-47C3-B80C-E8AB4612F3F2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{B3F76AAF-F58E-4360-86C8-522A66F1EAC9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{19CFBD1D-87EC-43D2-8BC7-79239C0A2B84}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{AD8EDAB2-FB2F-4896-A83E-DEBB91459132}] => (Allow) C:\Users\J\AppData\Local\Temp\7zS23A4\hppiw.exe
FirewallRules: [{3F873F8B-70AB-4314-9BDB-233E816F7D7F}] => (Allow) C:\Users\J\AppData\Local\Temp\7zS23A4\hppiw.exe
FirewallRules: [{40AF726C-139E-4001-BB9A-A21B8ACD33BD}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{CCE6655B-2E2F-45B5-924E-8BEF8AD2EAA9}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55517.exe
FirewallRules: [{F7634C1F-4E27-4578-BC43-F9FEA86BF74E}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55517.exe
FirewallRules: [{0E5C0601-4349-4296-A191-9E4D7886456C}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551469.exe
FirewallRules: [{1F60C260-4BAC-43F5-974C-6C2E9A3BF896}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551469.exe
FirewallRules: [{893D9A21-E099-434C-BD9A-955A9D831EEC}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551571.exe
FirewallRules: [{5D8589FC-E3C7-4638-8C60-8F572F96D82E}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551571.exe
FirewallRules: [{9ECF645C-FB31-4431-A245-D1BA818B41A2}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55839.exe
FirewallRules: [{2F320A02-26E8-41E2-8EFA-C7C66C0254C3}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55839.exe
FirewallRules: [{6E3BC82C-08D5-4380-A2E4-3A71291DE246}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run5519.exe
FirewallRules: [{A5C927E1-B68C-4D9A-93D7-E0334877F18A}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run5519.exe
FirewallRules: [{DE32384E-6C50-4F22-B995-642E0B1F1C07}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55718.exe
FirewallRules: [{64FAEAB5-F612-4A0C-9ABA-9CE6DF1AC66B}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55718.exe
FirewallRules: [{B850E5D5-3785-44C6-A42F-6E07C49D95E5}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551778.exe
FirewallRules: [{75E4604A-BF17-44DD-A4BD-7976229CFB84}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551778.exe
FirewallRules: [{776D20F9-C797-4707-A4A2-ADA50402C16E}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55382.exe
FirewallRules: [{15268E98-9E46-44AC-A3D7-24CADEAF2CBB}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55382.exe
FirewallRules: [{772CA1A6-F46B-4307-9335-9B1BDF416DC8}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551771.exe
FirewallRules: [{E6D0EBA4-0575-40F9-876D-5954BE15CE6D}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551771.exe
FirewallRules: [{05DA18C0-AAD9-4327-B567-0D15FEBAF09F}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551480.exe
FirewallRules: [{09ABD219-9FDA-4DED-AF05-A75D45AD5F7F}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551480.exe
FirewallRules: [{55A3E84A-408B-40C3-A2FF-4F8FB80DAFEE}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551885.exe
FirewallRules: [{C1D5B7EB-4B6F-48F3-B556-BC12827D23D3}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551885.exe
FirewallRules: [{1634B6A5-C83A-4B31-9DB8-2D2BAFFF721E}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55199.exe
FirewallRules: [{7008A012-F3E9-4D30-A8AA-91FEBB73E7A2}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55199.exe
FirewallRules: [{F6EFA3D9-18E2-4945-8DCC-9C4A2BD5BF67}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55657.exe
FirewallRules: [{B11B2A7B-5C0C-494F-9406-4EDB3597A776}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55657.exe
FirewallRules: [{D42CE98B-5957-408C-92BE-57CEDC1426D7}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55531.exe
FirewallRules: [{917BC0AC-BCA6-41A8-A65E-4BA59A7212FE}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55531.exe
FirewallRules: [{BDB8D196-C0BC-4CD6-B90D-965C3EFDA4B6}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run5520.exe
FirewallRules: [{278954B7-9267-45A9-A87E-79DF3B9BD3BF}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run5520.exe
FirewallRules: [{786F9F3D-8908-4D40-8905-647F82006681}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551493.exe
FirewallRules: [{6E86BE02-1466-4489-BBA8-3FDC9A0CCE60}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551493.exe
FirewallRules: [{6ADC63B5-0237-450E-A3FA-527392BA1F4E}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55300.exe
FirewallRules: [{92C6DC3C-463B-4EE3-ABF5-502016677EA7}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55300.exe
FirewallRules: [{914F3871-B569-41E5-AB67-A8B97DD52042}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551136.exe
FirewallRules: [{7E343203-C8DB-4166-9643-8B5C710DD13C}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551136.exe
FirewallRules: [{26E9A71A-A264-41F2-A0DE-2F13B10FF5F9}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551982.exe
FirewallRules: [{6DB9AB59-B086-4FA0-B079-42E0E7B5F3E4}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551982.exe
FirewallRules: [{B45A2B0A-858E-43A8-9DAE-D1B27B1383F8}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551026.exe
FirewallRules: [{E5009566-14FF-49EB-9A9D-3B373637899A}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551026.exe
FirewallRules: [{D45EFF85-EB3D-4A86-9774-A6045844FAC6}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551637.exe
FirewallRules: [{A79D2D52-2279-4E27-82EF-0F815C1B686B}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551637.exe
FirewallRules: [{CEEA3731-03F9-4C4D-933B-D52584BB6ABC}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551121.exe
FirewallRules: [{041391F4-8FAD-4B04-8DA5-545171D9FBF5}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551121.exe
FirewallRules: [{7DC363BC-9C9F-47E3-A98A-B2EED3E502AF}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run5550.exe
FirewallRules: [{4596A103-E0AD-424B-BCFF-0B1E43BBB41C}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run5550.exe
FirewallRules: [{23B5BFBD-C0F5-4DF4-94CD-9745DD993501}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55624.exe
FirewallRules: [{61D4BFC3-1F8F-4A39-AAA3-DA52D546A804}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55624.exe
FirewallRules: [{513A4ABE-9DBE-4A05-A7E0-30A78B5362D2}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551619.exe
FirewallRules: [{73BABB21-2A88-494B-AEB0-BBE33B67F00F}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551619.exe
FirewallRules: [{5EBBB496-BFEB-4304-A3A2-D4E7436C5A90}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0A450DDC-473A-4F01-9D65-309A0549B7A5}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55538.exe
FirewallRules: [{5C5F9788-F3B7-454D-927C-05C9C905F145}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55538.exe
FirewallRules: [{E443F473-F307-4442-B3DF-BEB8B8F84391}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551812.exe
FirewallRules: [{5EDDCB6C-FD72-4170-AB5C-5C74F90BA2BA}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551812.exe
FirewallRules: [{1B92437C-CF61-4209-88BC-C80CBBD22E11}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55810.exe
FirewallRules: [{DAF66AB3-5A84-4BF1-9A8D-17F6A4C8298B}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55810.exe
FirewallRules: [{43326AC9-9236-4233-B429-4D2D27E12EFF}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551614.exe
FirewallRules: [{8C1C8A49-C1C3-4A95-913E-924878C3BAFC}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551614.exe
FirewallRules: [{E15BAB2E-D23E-4A27-BBA9-D06533CDD04C}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551766.exe
FirewallRules: [{90C92342-41DE-4777-8F26-D8EC932AE780}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551766.exe
FirewallRules: [{44B2D211-081E-4BCC-8E60-6F2798A88243}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551468.exe
FirewallRules: [{E2A0330E-A817-460D-A11E-4821C7F2DD77}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551468.exe
FirewallRules: [{A8795489-CBCD-456B-9F82-EADB92392A20}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55335.exe
FirewallRules: [{B01E9444-7745-4504-874B-F10D2A250336}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55335.exe
FirewallRules: [{2BF8DB00-CA0D-4835-9671-CDD6C968BDCF}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551165.exe
FirewallRules: [{FC0FFBBA-B286-4736-9526-E8B4EFE22D38}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551165.exe
FirewallRules: [{D296B464-CE04-48E1-8ACB-8FC333268CD1}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run5579.exe
FirewallRules: [{050DF2F7-1B21-4848-ABF8-1F2B3C514559}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run5579.exe
FirewallRules: [{F32786B8-4415-4B1F-95BF-0B3BEB1EE695}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551193.exe
FirewallRules: [{A4D12CB6-99AE-41B0-A3CB-C522E52653B0}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551193.exe
FirewallRules: [{0B87098B-79B8-4910-B7D3-FC31707A3657}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551927.exe
FirewallRules: [{61E9156C-8819-4150-9A6E-5BD95FEE0772}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run551927.exe
FirewallRules: [{C564DE3A-A016-47BB-9DA3-0BCF0C614459}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55869.exe
FirewallRules: [{F02D68AE-1C4C-4613-B73E-0C89F248FA05}] => (Allow) C:\Users\J\AppData\Local\Temp\file_to_run55869.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart Premium C309g-m
Description: Photosmart Premium C309g-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/18/2015 06:55:22 PM) (Source: MsiInstaller) (EventID: 11704) (User: MOMHPLAPTOP)
Description: Product: QuickBooks -- Error 1704.An installation for Microsoft Office Office 64-bit Components 2010 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?
 
Error: (11/18/2015 04:16:06 PM) (Source: Google Update) (EventID: 20) (User: MOMHPLAPTOP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (11/18/2015 06:11:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 38531841
 
 
System errors:
=============
Error: (11/19/2015 08:07:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: 
%%1070
 
Error: (11/19/2015 08:07:24 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.
 
Error: (11/19/2015 08:06:04 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.
 
Error: (11/19/2015 08:00:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error: 
%%1275
 
Error: (11/19/2015 08:00:03 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:37:51 AM on ‎11/‎19/‎2015 was unexpected.
 
Error: (11/19/2015 05:37:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error: 
%%1275
 
Error: (11/19/2015 05:36:50 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {A677570A-2BA2-4E9A-B2E2-8A02CD8B4FD3}
 
Error: (11/19/2015 05:35:38 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (11/19/2015 05:35:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/19/2015 05:35:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2015-11-18 16:16:06.821
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-13 11:50:37.550
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-13 11:47:38.529
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-13 11:45:57.290
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-13 11:33:37.615
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-13 11:29:55.047
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-13 11:27:10.770
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-13 11:26:42.259
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-13 11:19:56.794
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-13 11:18:38.296
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-4400M APU with Radeon™ HD Graphics 
Percentage of memory in use: 35%
Total physical RAM: 7650.26 MB
Available physical RAM: 4967.86 MB
Total Virtual: 22498.26 MB
Available Virtual: 19103.77 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:905.44 GB) (Free:508.77 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.31 GB) (Free:3.01 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================
 
 


#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:24 AM

Posted 19 November 2015 - 12:21 PM

Hi,

Step 1

Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.

  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.

hitman.gif

Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


Edited by deeprybka, 19 November 2015 - 12:21 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 blondy71

blondy71
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 19 November 2015 - 08:21 PM

Well here is the first part.  The other is still running after several hours so I'll send it when it's finished.
 
HitmanPro 3.7.10.251
www.hitmanpro.com
 
   Computer name . . . . : MOMHPLAPTOP
   Windows . . . . . . . : 6.2.0.9200.X64/2
   User name . . . . . . : MOMHPLAPTOP\J
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2015-11-19 16:02:18
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 16m 37s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 102
 
   Objects scanned . . . : 2,499,485
   Files scanned . . . . : 112,968
   Remnants scanned  . . : 752,268 files / 1,634,249 keys
 
Malware _____________________________________________________________________
 
   C:\Users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HUR2ZKLA\RealTimes-RealPlayer[1].exe
      Size . . . . . . . : 1,306,704 bytes
      Age  . . . . . . . : 0.4 days (2015-11-19 05:42:54)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 887C3CADB8E826D468D632B5ECC650FFDFB8679122E3870F0E4577256DCD7E66
      Product  . . . . . : RealNetworks Installer (32-bit) 
      Publisher  . . . . : RealNetworks, Inc.
      Description  . . . : RealNetworks Installer
      Version  . . . . . : 6.9.0.18
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : Trojan-Dropper.Win32.Injector.nrhq
      Fuzzy  . . . . . . : 95.0
      Forensic Cluster
         -6.3s C:\Windows\System32\LogFiles\Scm\5d8414a0-b268-4e7b-ad5a-468c3351cb81
         -5.3s C:\Users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWOMLJEH\stubinst_pkg_en-us[1].cab
         -5.3s C:\Users\J\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.01\agent\stub_data\stubinst_pkg_en-us.cab
         -1.8s C:\Users\J\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.01\agent\stub_exe\
          0.0s C:\Users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HUR2ZKLA\RealTimes-RealPlayer[1].exe
          0.0s C:\Users\J\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.01\agent\stub_exe\RealTimes-RealPlayer.exe
          1.4s C:\Users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWOMLJEH\askrt_en[1].cab
          1.4s C:\Users\J\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.01\agent\stub_data\askrt_en.cab
          1.6s C:\Users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWOMLJEH\log[1].txt
          3.9s C:\Users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7ZK83HM\log[1].txt
          8.8s C:\Users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O7J4OXC0\log[1].txt
 
 
Potential Unwanted Programs _________________________________________________
 
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\ (PlusWinks)
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\chrome.manifest (PlusWinks)
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\chrome\content\ (PlusWinks)
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\chrome\content\background.html (PlusWinks)
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\chrome\content\button.xml (PlusWinks)
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\chrome\content\config.js (PlusWinks)
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\chrome\content\content.js (PlusWinks)
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\chrome\content\framework.js (PlusWinks)
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\chrome\content\framework.xul (PlusWinks)
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\chrome\content\icon128.png (PlusWinks)
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\chrome\content\icon16.png (PlusWinks)
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\chrome\content\icon48.png (PlusWinks)
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\chrome\content\jquery-1.6.2.min.js (PlusWinks)
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\chrome\content\mz\ (PlusWinks)
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\chrome\content\mz\background.js (PlusWinks)
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\chrome\content\mz\content.js (PlusWinks)
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\chrome\content\options.xul (PlusWinks)
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\chrome\content\settings.json (PlusWinks)
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\chrome\skin\ (PlusWinks)
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\chrome\skin\framework.css (PlusWinks)
   C:\Users\J\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks\install.rdf (PlusWinks)
   HKLM\SOFTWARE\Classes\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\ (CouponBar)
   HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}\ (CouponBar)
   HKLM\SOFTWARE\Classes\coupons.couponprinter_x64.1\ (CouponBar)
   HKLM\SOFTWARE\Classes\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Interface\{B3E37FAA-3669-4212-A35D-157BF70ADC04}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Interface\{E755701B-A61B-4194-8902-17A61C4C1672}\ (CouponBar)
   HKLM\SOFTWARE\Classes\TypeLib\{CBED5D4B-6859-452B-80EA-3E66910984D7}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ (Rocketfuel)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B3E37FAA-3669-4212-A35D-157BF70ADC04}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E755701B-A61B-4194-8902-17A61C4C1672}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{CBED5D4B-6859-452B-80EA-3E66910984D7}\ (CouponBar)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\ (CouponBar)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Tracing\WAUpdater_RASAPI32\ (WeatherAlerts)
   HKLM\SOFTWARE\Microsoft\Tracing\WAUpdater_RASMANCS\ (WeatherAlerts)
   HKLM\SOFTWARE\Microsoft\Tracing\WeatherAlerts_RASAPI32\ (WeatherAlerts)
   HKLM\SOFTWARE\Microsoft\Tracing\WeatherAlerts_RASMANCS\ (WeatherAlerts)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PlusWinks\ (PlusWinks)
   HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\Software\AppDataLow\Software\SmartBar\ (Conduit)
   HKU\S-1-5-21-1962473557-1781975835-3520380482-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\ (CouponBar)
   HKU\S-1-5-21-1962473557-1781975835-3520380482-1007\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ (AskBar)
 
Cookies _____________________________________________________________________
 
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\13GIY2UE.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\1RXGOCG6.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\2S07WJA4.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\32K7R9KT.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\358I7LLU.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\5WFU5OLX.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\CW1JTFG3.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\D7MS37BV.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\D98T36WP.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\EWB1YTUI.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\GJ46W9WJ.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\HQIDLKD1.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\JEUEIY8O.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\K2TGCV1I.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\KXO1WSZ2.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\L7V024NO.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\Low\01LRFURX.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\Low\69JR6N54.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\Low\CIBNVQJO.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\Low\D9XQNADA.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\Low\DKCPUO6S.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\Low\QUBK33RX.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\M7HD3XAO.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\NIRZX201.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\V66GQGV7.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\W6YCJFLA.txt
   C:\Users\J\AppData\Roaming\Microsoft\Windows\Cookies\W87YWVOI.txt
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:a.scorecardresearch.com
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:acxiom-online.com
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:adadvisor.net
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtry.com
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:laws.112.2o7.net
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:leeenterprises.112.2o7.net
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap.rubiconproject.com
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com
   C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
 
 


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:24 AM

Posted 20 November 2015 - 03:17 AM

Well here is the first part.  The other is still running after several hours so I'll send it when it's finished.

:thumbup2:


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 blondy71

blondy71
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 20 November 2015 - 05:06 AM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=59241eea60bac9409c1cc4519df4c128
# end=init
# utc_time=2015-11-19 09:28:39
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 26806
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=59241eea60bac9409c1cc4519df4c128
# end=updated
# utc_time=2015-11-19 09:31:20
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=59241eea60bac9409c1cc4519df4c128
# engine=26806
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-11-20 04:12:37
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 0 78527579 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7674197 49017153 0 0
# scanned=406144
# found=47
# cleaned=0
# scan_time=24076
sh=1B40367DE78EC1FD11808FE9EE5880722FAF07BC ft=1 fh=dade5429811eae1e vn="Win32/Conduit.SearchProtect.M potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\pcreg\a.exe.vir"
sh=0C17E80C6CD14FEC37238344E13BEE99D48A67BA ft=1 fh=6f1833bfc1fe9fb6 vn="a variant of Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\pcreg\pcreg.exe.vir"
sh=41F23E459EFF023AB1B26586463360E45528ABC7 ft=1 fh=5a93daf7e0cc20e5 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\J\AppData\Local\NativeMessaging\CT3279411\1_0_0_10\TBMessagingHost.exe.vir"
sh=C2C35F77505CB8FF70FC312C44E070DBD5834942 ft=1 fh=bf83ea32284cf26c vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\J\AppData\Local\NativeMessaging\CT3279411\1_0_0_2\TBMessagingHost.exe.vir"
sh=B0B26548D636CFADD954E4B3DFD30E8F2D61D487 ft=1 fh=5129ed505060d1fb vn="Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\J\AppData\Local\NativeMessaging\CT3279411\1_0_0_4\TBMessagingHost.exe.vir"
sh=BB1A5AE5206E9995C35E517ECBA291C30CE4F7B7 ft=1 fh=34cca54ca63a6441 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\J\AppData\Local\NativeMessaging\CT3279411\1_0_0_6\TBMessagingHost.exe.vir"
sh=D4D640E4A04D91DEF41DAD844D1EC046FA1D5F3E ft=1 fh=f32a1de57c3d142e vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\J\AppData\Local\NativeMessaging\CT3279411\1_0_0_7\TBMessagingHost.exe.vir"
sh=47684BC9F96872C4134DD46689D013BD8E51A14A ft=1 fh=47ffb6bc73749a57 vn="Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\J\AppData\Local\NativeMessaging\CT3279411\1_0_0_9\TBMessagingHost.exe.vir"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\APISupport\APISupport.dll.vir"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1962473557-1781975835-3520380482-1002\Chrome\Profile 3\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\APISupport\APISupport.dll"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1962473557-1781975835-3520380482-1002\Chrome\Profile 3\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1962473557-1781975835-3520380482-1002\Chrome\Profile 3\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\plugins\ChromeApiPlugin.dll"
sh=60A882DFB633B1179EC55F395F1862192BABE03A ft=1 fh=feb8b77c43644f53 vn="a variant of Win32/Toolbar.Conduit.AA potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\J\AppData\Local\TBHostSupport\TBHostSupport.dll.vir"
sh=B1C5D9DC9A6493C66CD50B3767157CCFC4B4985E ft=1 fh=da713123607f778d vn="a variant of Win32/Toolbar.Conduit.AA potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\J\AppData\Local\TBHostSupport\TBHostSupport_0.dll.vir"
sh=970A76CFB61B7FD30ED1DF81E3287BC60253E391 ft=1 fh=eee9e63f3276efa2 vn="Win32/Conduit.SearchProtect.M potentially unwanted application" ac=I fn="C:\Temp\launcher.exe"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\Users\All Users\Kaspersky Lab\SafeBrowser\S-1-5-21-1962473557-1781975835-3520380482-1002\Chrome\Profile 3\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\APISupport\APISupport.dll"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Users\All Users\Kaspersky Lab\SafeBrowser\S-1-5-21-1962473557-1781975835-3520380482-1002\Chrome\Profile 3\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\All Users\Kaspersky Lab\SafeBrowser\S-1-5-21-1962473557-1781975835-3520380482-1002\Chrome\Profile 3\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\plugins\ChromeApiPlugin.dll"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\APISupport\APISupport.dll"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\plugins\ChromeApiPlugin.dll"
sh=B3C00D1CB4093E9B0F0B6BEF11C5A75D36835654 ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Pegel.BH trojan" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 10\Cache\f_00004f"
sh=037CAD5BA0BB0140787E6A222AE6A71C2668C8CB ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Pegel.BH trojan" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 10\Cache\f_000186"
sh=8CDF91D3B8DA4A42ED63EB5B134A2E572CC2DFCE ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Pegel.BH trojan" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 10\Cache\f_000218"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\APISupport\APISupport.dll"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\plugins\ChromeApiPlugin.dll"
sh=5E2483E90156237A5412A0561F0CF528DE73D8F3 ft=1 fh=8db433fbbf5523cb vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.16.4.12_0\plugins\ConduitChromeApiPlugin.dll"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\APISupport\APISupport.dll"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\plugins\ChromeApiPlugin.dll"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\APISupport\APISupport.dll"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\plugins\ChromeApiPlugin.dll"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\APISupport\APISupport.dll"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\plugins\ChromeApiPlugin.dll"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\APISupport\APISupport.dll"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi\10.31.4.510_0\plugins\ChromeApiPlugin.dll"
sh=9E4138C80F3E4C6EF19D4E1B6E3ED4263640F333 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWOMLJEH\askrt_en[1].cab"
sh=9E4138C80F3E4C6EF19D4E1B6E3ED4263640F333 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\J\AppData\Local\Temporary Internet Files\Content.IE5\LWOMLJEH\askrt_en[1].cab"
sh=9E4138C80F3E4C6EF19D4E1B6E3ED4263640F333 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\J\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.01\agent\stub_data\askrt_en.cab"
sh=E2C525B11575EB5C34D196C58987258732D6BD4F ft=1 fh=8cfe6594828e82d4 vn="Win32/Conduit.SearchProtect.M potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ProtectUS110[1].exe"


#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:24 AM

Posted 20 November 2015 - 02:44 PM

lesestoff.png

Can you please tell me which problems still persist now?

Are you running multiple profiles on chrome on purpose?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 blondy71

blondy71
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 21 November 2015 - 08:05 AM

Let me use it for a couple days and see if anything else happens.  So far Kaspersky hasn't notified me of anything.  My computer is running a lot slower and takes a long time to start up.  Are there programs that we installed that I can delete?  Or should I wait for a little bit?  

 

And yes I have multiple profiles on purpose.

 

Thanks!



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:24 AM

Posted 21 November 2015 - 10:14 AM

Or should I wait for a little bit?


Please wait until our removal process has been finished. :)

Next step for you:

Step 1

frst.pngfrstfix.png
Please download the attached fixlist and save it in the same directory as FRST64.exe(=C:\Users\J\Downloads).
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   18.18KB   4 downloads
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users