Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojans, Adware, Browser Hijack, "Television Fanatic" "Waj


  • This topic is locked This topic is locked

#1
kepayne228

kepayne228

    Member

  • Member
  • PipPip
  • 79 posts

Hello. I am trying to fix my aunt's computer. Her young graddaughter downloaded games. Also my aunt is the type to click on anything so not sure where the problems came from. I tried to follow the steps in the Malware Removal guide. I could not get OTL to run so I attempted rkill and the others. I had to use VPIRE. The 3 hour VIPRE scan told me there were Trojans, Adware, etc. About 219 files of about 200,000. It only removed 23. Some of the file names were Search Protect, Television Fanatic, Fast Browser, Wild Tangent Games, PC Health Boost, Search Armor, video mediaplay-air, and more. After the VIPRE Scan, I still could not run MBAM so I put SAS Portable Scanner on a USB stick drive and downloaded it to the computer. I was then able to do OTL. I did the OTL and tried to post to the forum from that computer but it would not let me, the browser shut down. I am scared to copy the OTL from that computer onto a USB drive and send it from my laptop. I do not want to infect my own laptop with anything. Please help I have been working on this for 7 hours today!


  • 0

Advertisements


#2
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hello kepayne228, welcome to Geeks To Go Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 5 days. Please inform me if you will require additional time to complete my instructions.
     

======================================================
 
Please run the following diagnostic scans so I can ascertain the state of your computer.
Let me know if you have any difficulties downloading or running the programmes below. 
 
STEP 1

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Windows XP: Double-Click FRST.exe to run the programme. 
    Windows Vista/7/8: Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
YARWD1t.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Windows XP: Double-Click TDSSKiller.exe to run the programme.
    Windows Vista/7/8: Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • TDSSKiller log

  • 0

#3
kepayne228

kepayne228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Hello my name is Keisha. I am working on this for my Aunt Pat :-)

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Pat (administrator) on PAT-PC on 16-09-2014 13:23:32
Running from C:\Users\Pat\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\NewPlayer\NewVideoPlayerUpdaterService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcServiceHost.exe
(COMPANYVERS_NAME) C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(HQPure) C:\Program Files\HQPureV1.8\f88dbc96-bf64-43e5-be39-d138a0499c46.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Visual Networks) C:\Program Files\earthlink totalaccess\FastLane2\ipmon32.exe
(Visual Networks) C:\Program Files\earthlink totalaccess\FastLane2\IPClient.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Alcatel-Lucent) C:\Program Files\ATT-SST\McciTrayApp.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ShopAtHome.com) C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
(ShopAtHome.com) C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
( ) C:\Program Files\TelevisionFanatic\bar\1.bin\APPINTEGRATOR.EXE
(Mindspark) C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe
(VER_COMPANY_NAME) C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Akamai Technologies, Inc.) C:\Users\Pat\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Electronic Arts) C:\Program Files\Origin\Origin.exe
(Fast Browser) C:\Program Files\Fast Browser\Application\chrome.exe
(Home) C:\Users\Pat\AppData\Local\Search Protect\spro.exe
(Alcatel-Lucent) C:\Program Files\ATT-SST\McciBrowser.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Dropbox, Inc.) C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Akamai Technologies, Inc.) C:\Users\Pat\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Fast Browser) C:\Program Files\Fast Browser\Application\chrome.exe
(Fast Browser) C:\Program Files\Fast Browser\Application\chrome.exe
(Fast Browser) C:\Program Files\Fast Browser\Application\chrome.exe
(Fast Browser) C:\Program Files\Fast Browser\Application\chrome.exe
(Pay By Ads LTD) C:\Users\Pat\AppData\Local\searcharmor\searcharmor\1.3.10.3\searcharmor.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
() C:\Program Files\PC HealthBoost\PCHealthBoost.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [132760 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [IPInSightMonitor 01] => C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe [122880 2005-08-10] (Visual Networks)
HKLM\...\Run: [IPInSightLAN 01] => C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe [380928 2005-08-10] (Visual Networks)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\McciTrayApp.exe [1573888 2010-07-27] (Alcatel-Lucent)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [ShopAtHomeWatcher] => C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [140944 2013-08-20] (ShopAtHome.com)
HKLM\...\Run: [ShopAtHomeUpdater] => C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [179856 2013-08-20] (ShopAtHome.com)
HKLM\...\Run: [TelevisionFanatic EPM Support] => C:\Program Files\TelevisionFanatic\bar\1.bin\64medint.exe [12872 2014-06-06] (Mindspark Interactive Network, Inc.)
HKLM\...\Run: [TelevisionFanatic Home Page Guard 32 bit] => C:\Program Files\TelevisionFanatic\bar\1.bin\AppIntegrator.exe [421448 2014-06-06] ( )
HKLM\...\Run: [TelevisionFanatic Search Scope Monitor] => C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe [55368 2014-06-06] (Mindspark)
HKLM\...\Run: [TelevisionFanatic Browser Plugin Loader] => C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe [61512 2014-06-06] (VER_COMPANY_NAME)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] => C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [1090952 2010-04-29] (Malwarebytes Corporation)
HKLM\...\Run: [fst_us_203] => [X]
HKLM\...\Run: [SBRegRebootCleaner] => C:\VIPRERESCUE\SBRC.exe [202128 2013-09-30] (ThreatTrack Security, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [942080 2008-01-18] (Hewlett-Packard)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [Google Update] => "C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Pat\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [EADM] => C:\Program Files\Origin\Origin.exe [3588952 2014-04-04] (Electronic Arts)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-12] (Google Inc.)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [GoogleChromeAutoLaunch_E7E74011083E2C909EDA19AC484563C2] => C:\Program Files\Fast Browser\Application\chrome.exe [713728 2014-03-22] (Fast Browser)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [Search Protect] => C:\Users\Pat\AppData\Local\Search Protect\spro.exe [225792 2014-04-12] (Home)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [ATT-SST] => C:\Program Files\ATT-SST\McciBrowser.exe [1057792 2011-09-09] (Alcatel-Lucent)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6690072 2014-09-09] (SUPERAntiSpyware)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\MountPoints2: {90bd8020-cf60-11e2-a5ed-001fc6056700} - K:\LaunchU3.exe -a
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\MountPoints2: {fcaa07f4-876a-11e3-88b5-001fc6056700} - K:\LaunchU3.exe -a
AppInit_DLLs: c:\progra~1\search~2\search~1\bin\spvc32~1.dll => c:\progra~1\search~2\search~1\bin\spvc32~1.dll File Not Found
AppInit_DLLs:  c:\progra~1\suppor~1\suppor~1.dll => c:\Program Files\Supporter\Supporter.dll [4312064 2014-08-12] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
ShortcutTarget: Snapfish Media Detector.lnk -> C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe ()
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:50179;https=127.0.0.1:50179;
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.tb.ask.c...7E-E133A2A86043
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
URLSearchHook: HKCU - SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll (EarthLink, Inc.)
URLSearchHook: HKCU - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (Mindspark)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.safesear....40408-170-ie-sm
SearchScopes: HKLM - {32BB18DB-8A9B-45FE-8CE7-6BF175535B23} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKLM - {3D35BFB4-CB27-4512-B415-BDE7E22DC23D} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM - {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = http://eimg.net/sw/t...&q={searchTerms}
SearchScopes: HKLM - {94034ECE-2FF0-49BE-AB87-EBCDB06C3DC4} URL = http://www.safesear....&q={searchTerms}
SearchScopes: HKLM - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...archTerms}=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...archTerms}=
SearchScopes: HKCU - {32BB18DB-8A9B-45FE-8CE7-6BF175535B23} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKCU - {3D35BFB4-CB27-4512-B415-BDE7E22DC23D} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {525E2836-095A-45AD-9DBB-835F2D64AF62} URL = http://torcho.com/?q...1&v1=addr&r=827
SearchScopes: HKCU - {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = http://eimg.net/sw/t...&q={searchTerms}
SearchScopes: HKCU - {94034ECE-2FF0-49BE-AB87-EBCDB06C3DC4} URL = http://www.safesear....&q={searchTerms}
SearchScopes: HKCU - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....ms}&fr=chr-atty
BHO: ElnkBhoGuard Class -> {00000000-0000-0000-0000-000000000002} -> C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\EScamBlk.dll (EarthLink, Inc.)
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: HQPureV1.8 -> {11111111-1111-1111-1111-110611171162} -> C:\Program Files\HQPureV1.8\HQPureV1.8-bho.dll No File
BHO: videos MediaPlay-Air -> {11111111-1111-1111-1111-110611171199} -> C:\Program Files\videos MediaPlay-Air\videos MediaPlay-Air-bho.dll No File
BHO: ElnkScamBHO Class -> {15F4D456-5BAA-4076-8486-EECB38CD3E57} -> C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\EScamBlk.dll (EarthLink, Inc.)
BHO: Like.BHO -> {2159cb25-ef9a-54c1-b43c-e30d1a4a8277} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: ElnkPubBHO Class -> {512ACF1B-64D9-4928-B382-A80556F28DB4} -> C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\ElnkPub.dll (EarthLink, Inc.)
BHO: Search Assistant BHO -> {5d79f641-c168-40df-a32f-bacea7509e75} -> C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (Mindspark)
BHO: ShopAtHome.com Cash Back Helper -> {66516A07-F617-488A-90CF-4E690CFB3C5F} -> C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Simple -> {886bf106-6ebf-4ef4-8676-6663caabbda4} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: ElnkProtectionBHO Class -> {9579D574-D4D8-4335-9560-FE8641A013BD} -> C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\ProtctIE.dll (EarthLink, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Toolbar BHO -> {cb41fc95-f1b3-4797-8bb6-1012ff62abba} -> C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (Mindspark)
BHO: ElnkLegacyUninstBHO Class -> {E713904C-DF05-4C79-BBAD-02DB923253BE} -> C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\uninsttb.dll (EarthLink, Inc.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\Toolbar.dll (EarthLink, Inc.)
Toolbar: HKLM - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (Mindspark)
Toolbar: HKCU - EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\Toolbar.dll (EarthLink, Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
Toolbar: HKCU - TelevisionFanatic - {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (Mindspark)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default
FF NewTab: hxxp://torcho.com/?channel=7777-2081&v1=home
FF SearchEngineOrder.1: SafeSearch
FF Homepage: hxxp://home.tb.ask.com/index.jhtml?ptb=987A7A37-2471-45E5-967E-E133A2A86043&n=780c9895&p2=^XP^man000^YYA^
FF Keyword.URL: hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=987A7A37-2471-45E5-967E-E133A2A86043&n=780c9895&ind=2014091413&p2=^XP^man000^YYA^&searchfor=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @ei.TelevisionFanatic.com/Plugin -> C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic)
FF Plugin: @ei.TotalRecipeSearch_14.com/Plugin -> C:\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll (TotalRecipeSearch)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @TelevisionFanatic.com/Plugin -> C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (Mindspark)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pat\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Pat\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF user.js: detected! => C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Pat\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Pat\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\searchplugins\ask-web-search.xml
FF SearchPlugin: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\searchplugins\searcharmor.xml
FF Extension: Plus-HD-V1.9c - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-09-14]
FF Extension: videos MediaPlay-Air - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-08-12]
FF Extension: TelevisionFanatic - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-09-14]
FF Extension: 50CoupoNs - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-09-14]
FF Extension: LLuCkyShOpPer - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-09-14]
FF Extension: DigiSSaaver - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-09-14]
FF Extension: jid0w1UVmoLd6VGudaIERuRJCPQx1dQjetpack - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\jid0-w1UVmoLd6VGudaIERuRJCPQx1dQ@jetpack [2014-08-15]
FF Extension: dieoAl2dealit - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-09-14]
FF Extension: ExstraSavings - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-09-14]
FF Extension: cosstminn - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-09-14]
FF Extension: Yahoo! Toolbar - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-09-14]
FF Extension: c4080853c6994120b8e0618bff8a4474 - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{c4080853-c699-4120-b8e0-618bff8a4474} [2014-08-25]
FF Extension: Like - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-04-08]
FF Extension: Simple - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-04-08]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013-06-01]
FF Extension: Motive Extension - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2014-07-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
FF HKLM\...\Firefox\Extensions: [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF HKLM\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\{jid1-vS7biDmom8YxhA@jetpack}

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3331616&octid=EB_ORIGINAL_CTID&ISID=M78AAE2B4-795A-4AC4-AA3E-65A64B8426C1&SearchSource=55&CUI=&UM=6&UP=&SSPV=
CHR RestoreOnStartup: Default -> "hxxp://torcho.com/?channel=7777-2081&v1=home"
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331616&octid=EB_ORIGINAL_CTID&ISID=M78AAE2B4-795A-4AC4-AA3E-65A64B8426C1&SearchSource=55&CUI=&UM=6&UP=&SSPV="
CHR DefaultSearchURL: Default -> http:\/\/www.trovi.com\/Results.aspx?gd=&ctid=CT3331616&octid=EB_ORIGINAL_CTID&ISID=M78AAE2B4-795A-4AC4-AA3E-65A64B8426C1&SearchSource=58&CUI=&UM=6&UP=&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> http:\/\/suggest.seccint.com\/CSuggestJson.ashx?prefix={searchTerms}
CHR CustomProfile: C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (cosstminn) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cffknnnaomfdiamjbiceejeccfchihhe [2014-08-12]
CHR Extension: (Facebook Messenger Platinum) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimnghcocaaocjcffibpccpldmabjigb [2014-08-31]
CHR Extension: (Google Search) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Facebook Image Zoom and Downloader) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj [2014-08-31]
CHR Extension: (Yahoo! Toolbar for Chrome) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-04-08]
CHR Extension: (QR Code Maker and Decoder) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekkkpjnnhmokcnfdllcgldppopnneooi [2014-09-13]
CHR Extension: (Cloudy for Gmail) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfnjfpcmnoabmbhponbioedjceaddaa [2014-09-13]
CHR Extension: (Dropmark sidebar) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\foiapgoppijipmmgkaibacckkhbngfhp [2014-08-25]
CHR Extension: (Tab) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji [2014-04-08]
CHR Extension: (Menu button) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\goblmaagcgfbjlaahdohiomenekdpnci [2014-08-25]
CHR Extension: (videos MediaPlay-Air) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklgpchfbohgmghgfagediakopecfmbm [2014-08-12]
CHR Extension: (Simple) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefoganpblmedgjeigepgjfikhhdnnj [2014-04-08]
CHR Extension: (Like) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpimdkibicpfbooggieeanoolfdfhhf [2014-04-08]
CHR Extension: (HQPureV1.8) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb [2014-08-12]
CHR Extension: (Google Wallet) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-05]
CHR Extension: (HoofSounds) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pakhjhphleppgakhlffhlfhbekfnobbk [2014-08-25]
CHR Extension: (Gmail) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR Extension: (cosstminn) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cffknnnaomfdiamjbiceejeccfchihhe\2.0 [2014-08-12]
CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2014-07-17]
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.safesear....40408-170-ch-sm
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [551424 2009-03-02] (Microsoft Corporation) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-12] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-12] (globalUpdate) [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed]
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
S2 McciServiceHost; C:\Program Files\Common Files\Motive\McciServiceHost.exe [315392 2011-09-09] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 NewVideoPlayerUpdaterService; C:\Program Files\NewPlayer\NewVideoPlayerUpdaterService.exe [11776 2014-08-12] () [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [361472 2012-03-13] (Alcatel-Lucent) [File not signed]
R2 pcServiceHost; C:\Program Files\Common Files\Motive\pcServiceHost.exe [342528 2013-04-01] (Alcatel-Lucent) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [551424 2009-03-02] (Microsoft Corporation) [File not signed]
R2 TelevisionFanaticService; C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe [88648 2014-06-06] (COMPANYVERS_NAME)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Wajam Internet Enhancer Service; C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-03-13] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-03-13] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U0 IPVNMon; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 13:23 - 2014-09-16 13:24 - 00034746 _____ () C:\Users\Pat\Desktop\FRST.txt
2014-09-16 13:23 - 2014-09-16 13:24 - 00000000 ____D () C:\FRST
2014-09-16 13:23 - 2014-09-15 10:45 - 01097728 _____ (Farbar) C:\Users\Pat\Desktop\FRST.exe
2014-09-16 13:21 - 2014-09-15 10:47 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Pat\Desktop\tdsskiller.exe
2014-09-16 13:21 - 2014-09-15 10:46 - 02105856 _____ (Farbar) C:\Users\Pat\Desktop\FRST64.exe
2014-09-14 21:37 - 2014-09-14 21:37 - 00042262 _____ () C:\Users\Pat\Desktop\otl extra.txt
2014-09-14 21:31 - 2014-09-14 21:31 - 01109072 _____ () C:\Users\Pat\Desktop\OTL.Txt
2014-09-14 19:45 - 2014-09-14 19:45 - 00000000 ____D () C:\SUPERDelete
2014-09-14 19:44 - 2014-09-14 19:54 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e99602dd-52ac-43be-8720-d14e3ce604fe.job
2014-09-14 19:44 - 2014-09-14 19:54 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 77b4f18a-f7f7-4e07-9b1a-542711c3e133.job
2014-09-14 19:44 - 2014-09-14 19:44 - 00001802 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-09-14 19:44 - 2014-09-14 19:44 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\SUPERAntiSpyware.com
2014-09-14 19:44 - 2014-09-14 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-09-14 19:43 - 2014-09-14 20:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-14 19:43 - 2014-09-14 19:43 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-09-14 14:45 - 2013-09-04 14:57 - 00024040 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2014-09-14 14:45 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2014-09-14 14:44 - 2014-09-14 18:25 - 00000000 ____D () C:\VIPRERESCUE
2014-09-14 13:53 - 2014-09-14 14:26 - 168402944 _____ () C:\Users\Pat\Downloads\VIPRERescue33104.exe
2014-09-14 13:41 - 2014-09-14 13:41 - 00000000 _____ () C:\Users\Pat\Downloads\OTL.scr
2014-09-14 13:41 - 2014-09-14 13:41 - 00000000 _____ () C:\Users\Pat\Downloads\OTL.com
2014-09-14 13:39 - 2014-09-14 13:39 - 00000000 ____D () C:\ProgramData\2308189059
2014-09-14 13:17 - 2014-09-14 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
2014-09-14 13:17 - 2014-09-14 13:17 - 00000000 ____D () C:\Program Files\predm
2014-09-14 13:13 - 2014-09-14 13:13 - 00000000 ____D () C:\Program Files\ExsstraSAvInggs
2014-09-14 13:13 - 2014-09-14 13:13 - 00000000 ____D () C:\Program Files\DuigiSaver
2014-09-14 13:13 - 2014-09-14 13:13 - 00000000 ____D () C:\Program Files\dowiNloaditKeep
2014-09-14 13:13 - 2014-09-14 13:13 - 00000000 ____D () C:\Program Files\CLickuForSuale
2014-09-14 13:13 - 2014-09-14 13:13 - 00000000 ____D () C:\Program Files\50oCoupons
2014-09-13 13:50 - 2014-09-14 19:27 - 00000000 ____D () C:\ProgramData\CLickuForSuale
2014-09-13 09:37 - 2014-09-14 19:27 - 00000000 ____D () C:\ProgramData\DuigiSaver
2014-09-13 09:30 - 2014-09-14 13:11 - 00000000 ____D () C:\ProgramData\ShoppingDealFactory
2014-09-13 09:23 - 2014-09-13 09:23 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-08-31 23:10 - 2014-09-14 18:36 - 00000000 ____D () C:\ProgramData\dowiNloaditKeep
2014-08-25 17:29 - 2014-09-14 18:36 - 00000000 ____D () C:\ProgramData\ExsstraSAvInggs
2014-08-25 02:30 - 2014-09-14 19:27 - 00000000 ____D () C:\ProgramData\50oCoupons

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 13:26 - 2013-02-15 15:57 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-16 13:25 - 2008-02-24 13:32 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-16 13:24 - 2014-09-16 13:23 - 00034746 _____ () C:\Users\Pat\Desktop\FRST.txt
2014-09-16 13:24 - 2014-09-16 13:23 - 00000000 ____D () C:\FRST
2014-09-16 13:24 - 2006-11-02 03:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-16 13:23 - 2008-05-28 21:26 - 01790368 _____ () C:\Windows\WindowsUpdate.log
2014-09-16 13:22 - 2014-04-08 18:17 - 00000000 ____D () C:\ProgramData\Npackd
2014-09-16 13:21 - 2008-06-05 22:39 - 00000414 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{2EF81A9E-8FE5-492E-BE2B-AC24305B427B}.job
2014-09-16 13:18 - 2014-08-12 00:09 - 00004146 _____ () C:\Windows\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-11.job
2014-09-16 13:18 - 2014-08-12 00:09 - 00003800 _____ () C:\Windows\Tasks\ecb19fcd-910f-4464-81f4-fe16fdd95e1b.job
2014-09-16 13:18 - 2014-08-12 00:09 - 00002410 _____ () C:\Windows\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-4.job
2014-09-16 13:18 - 2014-08-12 00:09 - 00002080 _____ () C:\Windows\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-7.job
2014-09-16 13:18 - 2014-08-12 00:09 - 00002032 _____ () C:\Windows\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-6.job
2014-09-16 13:18 - 2014-08-12 00:09 - 00001780 _____ () C:\Windows\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-1.job
2014-09-16 13:18 - 2014-08-12 00:09 - 00001556 _____ () C:\Windows\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-5_user.job
2014-09-16 13:18 - 2014-08-12 00:09 - 00001538 _____ () C:\Windows\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-5.job
2014-09-16 13:18 - 2014-08-12 00:09 - 00001450 _____ () C:\Windows\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-5_user.job
2014-09-16 13:18 - 2014-08-12 00:09 - 00001438 _____ () C:\Windows\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-2.job
2014-09-16 13:18 - 2014-08-12 00:09 - 00001432 _____ () C:\Windows\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-5.job
2014-09-16 13:18 - 2014-08-12 00:08 - 00003782 _____ () C:\Windows\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-11.job
2014-09-16 13:18 - 2014-08-12 00:08 - 00003456 _____ () C:\Windows\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-3.job
2014-09-16 13:18 - 2014-08-12 00:08 - 00003436 _____ () C:\Windows\Tasks\54cdde4b-321d-4881-bab8-dce3f3d21e58.job
2014-09-16 13:18 - 2014-08-12 00:08 - 00002280 _____ () C:\Windows\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-4.job
2014-09-16 13:18 - 2014-08-12 00:08 - 00001954 _____ () C:\Windows\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-7.job
2014-09-16 13:18 - 2014-08-12 00:08 - 00001906 _____ () C:\Windows\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-6.job
2014-09-16 13:18 - 2014-08-12 00:08 - 00001634 _____ () C:\Windows\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-1.job
2014-09-16 13:18 - 2014-08-12 00:08 - 00001332 _____ () C:\Windows\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-2.job
2014-09-16 13:18 - 2014-08-12 00:08 - 00001254 _____ () C:\Windows\Tasks\f88dbc96-bf64-43e5-be39-d138a0499c46.job
2014-09-16 13:18 - 2014-08-12 00:08 - 00000588 _____ () C:\Windows\Tasks\674c1331-f060-4d1d-8f38-01bb2b3cd609.job
2014-09-16 13:18 - 2014-08-12 00:07 - 00003100 _____ () C:\Windows\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-3.job
2014-09-16 13:18 - 2014-08-12 00:07 - 00000882 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-09-16 13:18 - 2014-08-12 00:03 - 00000310 _____ () C:\Windows\Tasks\SearchArmor.job
2014-09-16 13:18 - 2010-03-13 20:45 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-16 13:17 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-16 13:17 - 2006-11-02 05:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-16 13:17 - 2006-11-02 05:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 10:47 - 2014-09-16 13:21 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Pat\Desktop\tdsskiller.exe
2014-09-15 10:46 - 2014-09-16 13:21 - 02105856 _____ (Farbar) C:\Users\Pat\Desktop\FRST64.exe
2014-09-15 10:45 - 2014-09-16 13:23 - 01097728 _____ (Farbar) C:\Users\Pat\Desktop\FRST.exe
2014-09-14 21:38 - 2006-11-02 06:01 - 00032550 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-14 21:37 - 2014-09-14 21:37 - 00042262 _____ () C:\Users\Pat\Desktop\otl extra.txt
2014-09-14 21:31 - 2014-09-14 21:31 - 01109072 _____ () C:\Users\Pat\Desktop\OTL.Txt
2014-09-14 21:29 - 2011-07-04 12:52 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3011026113-540398884-3869173323-1000UA.job
2014-09-14 21:09 - 2013-08-24 15:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-14 21:04 - 2010-03-13 20:45 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-14 20:00 - 2014-09-14 19:43 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-14 19:54 - 2014-09-14 19:44 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e99602dd-52ac-43be-8720-d14e3ce604fe.job
2014-09-14 19:54 - 2014-09-14 19:44 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 77b4f18a-f7f7-4e07-9b1a-542711c3e133.job
2014-09-14 19:54 - 2014-08-12 00:07 - 00000000 ____D () C:\Program Files\HQPureV1.8
2014-09-14 19:53 - 2008-01-20 19:47 - 00195492 _____ () C:\Windows\PFRO.log
2014-09-14 19:47 - 2008-02-24 13:38 - 00000000 ____D () C:\Program Files\AWS
2014-09-14 19:45 - 2014-09-14 19:45 - 00000000 ____D () C:\SUPERDelete
2014-09-14 19:44 - 2014-09-14 19:44 - 00001802 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-09-14 19:44 - 2014-09-14 19:44 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\SUPERAntiSpyware.com
2014-09-14 19:44 - 2014-09-14 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-09-14 19:43 - 2014-09-14 19:43 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-09-14 19:40 - 2006-11-02 05:52 - 00045552 _____ () C:\Windows\setupact.log
2014-09-14 19:33 - 2014-05-04 08:46 - 00000000 ____D () C:\Program Files\NpackdDetected
2014-09-14 19:27 - 2014-09-13 13:50 - 00000000 ____D () C:\ProgramData\CLickuForSuale
2014-09-14 19:27 - 2014-09-13 09:37 - 00000000 ____D () C:\ProgramData\DuigiSaver
2014-09-14 19:27 - 2014-08-25 02:30 - 00000000 ____D () C:\ProgramData\50oCoupons
2014-09-14 19:27 - 2013-05-18 13:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-14 19:27 - 2010-04-03 12:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-14 19:26 - 2014-03-31 15:29 - 00000000 ___RD () C:\Users\Pat\Dropbox
2014-09-14 18:36 - 2014-08-31 23:10 - 00000000 ____D () C:\ProgramData\dowiNloaditKeep
2014-09-14 18:36 - 2014-08-25 17:29 - 00000000 ____D () C:\ProgramData\ExsstraSAvInggs
2014-09-14 18:36 - 2014-08-12 00:04 - 00000000 ____D () C:\ProgramData\cosstminn
2014-09-14 18:36 - 2011-10-26 17:23 - 00000000 ____D () C:\Program Files\ATT-SST
2014-09-14 18:35 - 2014-08-12 00:08 - 00000000 ____D () C:\Program Files\videos MediaPlay-Air
2014-09-14 18:35 - 2014-08-12 00:06 - 00000000 ____D () C:\Program Files\Supporter
2014-09-14 18:35 - 2014-08-12 00:03 - 00000000 ____D () C:\Program Files\SearchArmor
2014-09-14 18:25 - 2014-09-14 14:44 - 00000000 ____D () C:\VIPRERESCUE
2014-09-14 18:14 - 2014-08-12 00:08 - 00000886 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-09-14 16:14 - 2011-03-23 17:31 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\HpUpdate
2014-09-14 14:28 - 2014-01-29 10:33 - 00000087 _____ () C:\Windows\system32\osgyyfu.ijm
2014-09-14 14:26 - 2014-09-14 13:53 - 168402944 _____ () C:\Users\Pat\Downloads\VIPRERescue33104.exe
2014-09-14 13:41 - 2014-09-14 13:41 - 00000000 _____ () C:\Users\Pat\Downloads\OTL.scr
2014-09-14 13:41 - 2014-09-14 13:41 - 00000000 _____ () C:\Users\Pat\Downloads\OTL.com
2014-09-14 13:39 - 2014-09-14 13:39 - 00000000 ____D () C:\ProgramData\2308189059
2014-09-14 13:30 - 2013-05-18 13:32 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-14 13:30 - 2010-04-03 12:33 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-14 13:21 - 2014-08-12 00:04 - 00000000 ____D () C:\ProgramData\19e8f4e397351af7
2014-09-14 13:21 - 2014-08-12 00:04 - 00000000 ____D () C:\Program Files\cosstminn
2014-09-14 13:17 - 2014-09-14 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
2014-09-14 13:17 - 2014-09-14 13:17 - 00000000 ____D () C:\Program Files\predm
2014-09-14 13:13 - 2014-09-14 13:13 - 00000000 ____D () C:\Program Files\ExsstraSAvInggs
2014-09-14 13:13 - 2014-09-14 13:13 - 00000000 ____D () C:\Program Files\DuigiSaver
2014-09-14 13:13 - 2014-09-14 13:13 - 00000000 ____D () C:\Program Files\dowiNloaditKeep
2014-09-14 13:13 - 2014-09-14 13:13 - 00000000 ____D () C:\Program Files\CLickuForSuale
2014-09-14 13:13 - 2014-09-14 13:13 - 00000000 ____D () C:\Program Files\50oCoupons
2014-09-14 13:11 - 2014-09-13 09:30 - 00000000 ____D () C:\ProgramData\ShoppingDealFactory
2014-09-14 13:11 - 2014-03-31 15:26 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Dropbox
2014-09-14 04:29 - 2011-07-04 12:52 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3011026113-540398884-3869173323-1000Core.job
2014-09-14 03:31 - 2014-08-12 00:08 - 00001723 _____ () C:\Users\Pat\Desktop\NewPlayer.lnk
2014-09-14 03:30 - 2014-08-12 00:08 - 00000000 ____D () C:\Program Files\NewPlayer
2014-09-14 03:11 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-14 03:02 - 2006-11-02 03:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-14 03:01 - 2013-05-18 13:54 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-09-14 03:01 - 2013-05-18 13:53 - 00001828 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-14 03:01 - 2013-05-18 13:53 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-13 23:43 - 2014-04-08 18:14 - 00000436 ____H () C:\Windows\Tasks\Norton Security Scan for Pat.job
2014-09-13 10:11 - 2013-08-24 15:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-13 10:11 - 2012-03-24 09:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-13 09:45 - 2010-03-12 19:00 - 00000000 ____D () C:\Users\Pat\AppData\Local\Google
2014-09-13 09:23 - 2014-09-13 09:23 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-09-01 11:55 - 2014-08-08 08:50 - 00039936 _____ () C:\Windows\system32\btlcp.cpo
2014-09-01 11:55 - 2014-01-27 08:52 - 00000291 _____ () C:\Windows\system32\hirh.dnc
2014-08-25 01:00 - 2014-03-31 15:27 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-25 00:48 - 2012-07-13 21:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-25 00:48 - 2010-03-12 19:00 - 00000000 ____D () C:\Program Files\Google

Files to move or delete:
====================
C:\Users\Pat\RecipeHub.exe

Some content of TEMP:
====================
C:\Users\Pat\AppData\Local\Temp\BackupSetup.exe
C:\Users\Pat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqzgcyp.dll
C:\Users\Pat\AppData\Local\Temp\swt-win32-3333.dll
C:\Users\Pat\AppData\Local\Temp\vcredist_x86.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll
[2009-04-17 19:35] - [2009-03-02 21:39] - 0551424 ____A (Microsoft Corporation) 9E3E9631FB576086DE8B17C923EB0B50

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-16 13:22

==================== End Of Log ============================


  • 0

#4
kepayne228

kepayne228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

ADDITION

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Pat at 2014-09-16 13:27:45
Running from C:\Users\Pat\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AT&T Portal (HKLM\...\ATT-SST-UversePortal) (Version:  - )
AT&T Troubleshoot & Resolve Tool (HKLM\...\ATT-SST) (Version:  - )
att.net Internet Mail (HKLM\...\Yahoo! Mail) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM\...\MP Navigator EX 3.1) (Version:  - )
Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version:  - )
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
Canon MX340 series User Registration (HKLM\...\Canon MX340 series User Registration) (Version:  - )
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1126 - CyberLink Corp.)
Deal Info (Version: 2008.1.22.0 - EarthLink, Inc) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
EarthLink Common Authentication (Version: 1.0.87.0 - ) Hidden
EarthLink FastLane (HKLM\...\{BD33CD92-3A42-4CE1-ADDE-A9B64CFFF24D}) (Version: 5.8.0.13 - EarthLink, Inc)
EarthLink Software (HKLM\...\EarthLink TotalAccess 2004) (Version: 2008.1.22.0 - )
EarthLink Toolbar (HKLM\...\{B8C2A83F-20B0-49D9-BA2B-6495DD8639ED}) (Version:  - EarthLink, Inc.)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
Fast Browser (HKLM\...\Chromium) (Version: 34.0.1848.0 - Fast Browser)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4708.19 - PC-Doctor, Inc.)
Hewlett-Packard Active Check (Version: 1.1.11.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5 - HP) Hidden
HP Customer Experience Enhancements (HKLM\...\{C8D47273-7A1A-4614-A3D8-263632D8A5ED}) (Version: 5.6.0.2499 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Demo (HKLM\...\{9A379E7A-22ED-44FF-9293-E393D704505D}) (Version: 4.1.0 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}) (Version: 5.6.0.2542 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Total Care Advisor (HKLM\...\{fef8097e-662d-49b3-aa77-2919db3746d7}) (Version: 1.6.12.2542 - Hewlett-Packard)
HP Update (HKLM\...\{612F4E20-3661-4D44-AD79-823F1B613FB3}) (Version: 5.002.008.001 - Hewlett-Packard)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HQPureV1.8 (HKLM\...\HQPureV1.8) (Version: 1.34.7.29 - HQPure) <==== ATTENTION
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Java™ SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2329 - CyberLink Corp.)
LightScribe System Software  1.10.23.1 (HKLM\...\{0E19A83E-F53B-40CF-8C91-96F32D955E6A}) (Version: 1.10.23.1 - http://www.lightscribe.com)
LightScribeTemplateLabeler (HKLM\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)
Like 1.2 (HKLM\...\Like) (Version: 1.2 - Like)
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{5115C036-C0D5-4E1B-81C9-542CA967478A}) (Version: 6.10.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1902 - WildTangent)
NewPlayer (HKLM\...\NewPlayer) (Version: v2.1.2.7 - ) <==== ATTENTION
Norton Security Scan (HKLM\...\NSS) (Version: 4.0.3.27 - Symantec Corporation)
NpackdCL (HKLM\...\{C32CA36A-DA63-4D55-9B17-87C61033137D}) (Version: 1.18.7 - Npackd)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
Origin (HKLM\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
PCHealthBoost 3.0.5 (HKLM\...\PCHealthBoost) (Version: 3.0.5 - Boost Software Inc.)
Pet Show Craze (Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3610 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2420 - CyberLink Corp.)
PowerDirector (Version: 6.5.2420 - CyberLink Corp.) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Redistributed Files (Version: 2.0.46.0 - EarthLink, Inc.) Hidden
ScanSoft OmniPage SE 4 (HKLM\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Search Armor (HKLM\...\SearchFort) (Version: 1 - )
Search Protect 1.0 (HKLM\...\Search Protect) (Version: 1.0 - Search Protect) <==== ATTENTION
ShopAtHome.com Helper (HKLM\...\ShopAtHome.com Helper) (Version: 7.0.3.15 - ShopAtHome.com) <==== ATTENTION
ShopAtHome.com Toolbar (HKLM\...\ShopAtHome.com Toolbar) (Version: 7.0.3.15 - ShopAtHome.com) <==== ATTENTION
ShoppingDealFactory (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - ShoppingDealFactory) <==== ATTENTION
Simple 1.0 (HKLM\...\Simple) (Version: 1.0 - Simple)
Snapfish Picture Mover (HKLM\...\{029B5901-1F27-4347-9923-E8ACC8F54E15}) (Version: 1.9.0.16 - HP Snapfish)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
TelevisionFanatic Internet Explorer Toolbar  (HKLM\...\TelevisionFanaticbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
The Sims™ 3 Generations (HKLM\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 Seasons (HKLM\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
TotalAccess Core Applications (Version: 2008.1.22.0 - EarthLink, Inc.) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
videos MediaPlay-Air (HKLM\...\videos MediaPlay-Air) (Version: 1.34.7.29 - enter) <==== ATTENTION
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
WildTangent Games (HKLM\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (Version: 4.0.11.2 - WildTangent) Hidden
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276}\InprocServer32 -> C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (Mindspark)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Chrome\Application\36.0.1985.125\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

25-07-2014 05:15:20 Windows Update
26-07-2014 05:15:24 Windows Update
27-07-2014 05:15:20 Windows Update
28-07-2014 05:15:29 Windows Update
29-07-2014 05:14:59 Windows Update
30-07-2014 05:14:53 Windows Update
31-07-2014 05:15:03 Windows Update
01-08-2014 05:14:44 Windows Update
02-08-2014 05:14:55 Windows Update
03-08-2014 05:15:52 Windows Update
04-08-2014 05:15:38 Windows Update
05-08-2014 05:15:43 Windows Update
06-08-2014 05:15:25 Windows Update
07-08-2014 05:18:23 Windows Update
08-08-2014 05:15:14 Windows Update
09-08-2014 05:16:24 Windows Update
10-08-2014 05:17:06 Windows Update
11-08-2014 05:16:36 Windows Update
12-08-2014 05:16:04 Windows Update
13-08-2014 05:15:48 Windows Update
14-08-2014 05:16:51 Windows Update
15-08-2014 05:16:48 Windows Update
15-08-2014 10:00:14 Windows Update
16-08-2014 05:16:18 Windows Update
26-08-2014 07:59:54 Windows Update
27-08-2014 07:59:53 Windows Update
28-08-2014 07:59:57 Windows Update
29-08-2014 08:00:09 Windows Update
30-08-2014 07:59:39 Windows Update
31-08-2014 07:59:35 Windows Update
13-09-2014 16:23:23 Windows Update
14-09-2014 10:00:14 Windows Update
15-09-2014 02:47:49 Windows Update
15-09-2014 03:43:49 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 03:23 - 2006-09-18 14:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {076252C9-B751-4A3E-A842-FA28B3B5EBD2} - System32\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-7 => C:\Program Files\HQPureV1.8\1380fb42-002c-44dc-94cd-79af714a08f5-7.exe <==== ATTENTION
Task: {0A760F47-6309-4166-9FB7-34482A8D8121} - System32\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-1 => C:\Program Files\videos MediaPlay-Air\videos MediaPlay-Air-codedownloader.exe <==== ATTENTION
Task: {0DB27761-4194-45EC-866D-A6F4C7C0F3FF} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-08-12] (globalUpdate) <==== ATTENTION
Task: {18E19882-333D-4D17-A34B-B886208C31E6} - System32\Tasks\674c1331-f060-4d1d-8f38-01bb2b3cd609 => C:\Program Files\HQPureV1.8\674c1331-f060-4d1d-8f38-01bb2b3cd609.exe [2014-08-12] () <==== ATTENTION
Task: {1BF7E6A4-E613-4734-A0ED-75BEFEE18A8A} - System32\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-3 => C:\Program Files\videos MediaPlay-Air\eed7ed3c-fcdb-4878-be46-8595e5f25082-3.exe <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {20990D4E-73BD-49B1-B8A3-A1F1E31C3AD9} - System32\Tasks\PCHB_Pat_PCHealthBoost_RS_DailyTask => C:\Program Files\PC HealthBoost\PCHealthBoost.exe [2014-03-13] ()
Task: {214C54A7-F799-49F7-B2CC-F79611A8D57B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {2469D6D6-0B2F-4132-A2ED-4A049E51C469} - System32\Tasks\NSManager => C:\Users\Pat\AppData\Local\NSManager\manager.exe [2014-04-04] ()
Task: {277682CC-4CD4-4C54-A059-E63632228BEF} - System32\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-5 => C:\Program Files\HQPureV1.8\1380fb42-002c-44dc-94cd-79af714a08f5-5.exe <==== ATTENTION
Task: {296EC35C-1E03-4539-918D-8CD3C3E84FDB} - System32\Tasks\Search Armor => C:\Users\Pat\AppData\Local\searcharmor\searcharmor\1.3.10.3\searcharmor.exe [2014-08-12] (Pay By Ads LTD)
Task: {2EA02AF9-2282-45B2-9CEC-3FDE67D5FD31} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-13] (Adobe Systems Incorporated)
Task: {31D20166-B27B-4856-A394-8DBC9CA461AC} - System32\Tasks\SUPERAntiSpyware Scheduled Task e99602dd-52ac-43be-8720-d14e3ce604fe => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3277B212-99A0-4423-BC67-2B7A53EDC328} - System32\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-2 => C:\Program Files\videos MediaPlay-Air\eed7ed3c-fcdb-4878-be46-8595e5f25082-2.exe <==== ATTENTION
Task: {33989DBE-0622-4640-AA42-3183DB2A5B28} - System32\Tasks\PCHB_Pat_PCHealthBoost_RS_WeeklyTask => C:\Program Files\PC HealthBoost\PCHealthBoost.exe [2014-03-13] ()
Task: {36382158-8402-4A00-B6EE-89D35216A3B9} - System32\Tasks\ecb19fcd-910f-4464-81f4-fe16fdd95e1b => C:\Program Files\videos MediaPlay-Air\eed7ed3c-fcdb-4878-be46-8595e5f25082-4.exe <==== ATTENTION
Task: {3956436B-9119-4604-B499-3946E3DDCCF5} - System32\Tasks\SearchArmor => C:\Program Files\SearchArmor\SearchArmorUpd.exe [2014-08-05] ()
Task: {39B1E7E3-6DB4-4B48-B340-C7A8D9C9C3EB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3011026113-540398884-3869173323-1000Core => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {3B008E9C-6989-445F-9994-8E19DD157FE3} - System32\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-4 => C:\Program Files\videos MediaPlay-Air\eed7ed3c-fcdb-4878-be46-8595e5f25082-4.exe <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3D3F02E8-9901-4F30-BBC0-61C3BB5939A9} - System32\Tasks\SUPERAntiSpyware Scheduled Task 77b4f18a-f7f7-4e07-9b1a-542711c3e133 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {3E5A1D32-45FB-4014-A732-FDACE2E4372D} - System32\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-2 => C:\Program Files\HQPureV1.8\1380fb42-002c-44dc-94cd-79af714a08f5-2.exe <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {487DAB6B-02BE-4561-8D84-29FD04DD295B} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor 5 for Windows\task_swap.bat [2008-02-24] ()
Task: {589C2A20-EB51-4E9A-91F8-67EE1299D042} - System32\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-6 => C:\Program Files\videos MediaPlay-Air\eed7ed3c-fcdb-4878-be46-8595e5f25082-6.exe <==== ATTENTION
Task: {5DEA96CA-2243-4E64-80CD-48AAE7AC7470} - System32\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-5_user => C:\Program Files\videos MediaPlay-Air\eed7ed3c-fcdb-4878-be46-8595e5f25082-5.exe <==== ATTENTION
Task: {607C97C0-E78A-4E77-9F7F-C4224F9C7D28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {6CC3A957-FCDA-472B-AE0C-3990B4B2B283} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {74B5AED7-322F-4963-B064-4A6B4DACB653} - System32\Tasks\Norton Security Scan for Pat => C:\Program Files\Norton Security Scan\Engine\4.0.3.27\Nss.exe [2013-10-11] (Symantec Corporation)
Task: {8C1DC633-C32A-4D11-9728-155E5F686C5D} - System32\Tasks\PCHB_Pat_PCHealthBoost_LogonTask => C:\Program Files\PC HealthBoost\PCHealthBoost.exe [2014-03-13] ()
Task: {8DDA4FB7-5433-44D4-878B-D243867777D6} - System32\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-3 => C:\Program Files\HQPureV1.8\1380fb42-002c-44dc-94cd-79af714a08f5-3.exe <==== ATTENTION
Task: {98D8F43C-7E85-4323-8F47-7431294D5E9F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3011026113-540398884-3869173323-1000UA => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {A51FC96D-2B39-4C43-BB1C-7843919C57A6} - System32\Tasks\PCHB_Pat_PCHealthBoost_LG_DailyTask => C:\Program Files\PC HealthBoost\PCHealthBoost.exe [2014-03-13] ()
Task: {AB4B445D-2183-4FBC-A0FD-287518E9C83E} - System32\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-1 => C:\Program Files\HQPureV1.8\HQPureV1.8-codedownloader.exe <==== ATTENTION
Task: {B1774EB2-CD88-4FE2-AF11-4F2E5D035C75} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2007-10-04] (PC-Doctor, Inc.)
Task: {B639BD46-3B93-4E97-BDC3-1E95EF93FD9C} - System32\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-4 => C:\Program Files\HQPureV1.8\1380fb42-002c-44dc-94cd-79af714a08f5-4.exe <==== ATTENTION
Task: {BE5C4F8C-D345-4CD6-81B1-E5D9D69EC8B1} - System32\Tasks\f88dbc96-bf64-43e5-be39-d138a0499c46 => C:\Program Files\HQPureV1.8\f88dbc96-bf64-43e5-be39-d138a0499c46.exe [2014-08-12] (HQPure) <==== ATTENTION
Task: {C33DA6A3-7563-4428-8421-7D685B162729} - System32\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-11 => C:\Program Files\HQPureV1.8\1380fb42-002c-44dc-94cd-79af714a08f5-11.exe <==== ATTENTION
Task: {D364AAAA-B11B-4F98-8D0F-96DD54A78689} - System32\Tasks\54cdde4b-321d-4881-bab8-dce3f3d21e58 => C:\Program Files\HQPureV1.8\1380fb42-002c-44dc-94cd-79af714a08f5-4.exe <==== ATTENTION
Task: {D3E2C2AB-64B3-41B7-B947-FCB3C93DBB26} - System32\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-7 => C:\Program Files\videos MediaPlay-Air\eed7ed3c-fcdb-4878-be46-8595e5f25082-7.exe <==== ATTENTION
Task: {D7DED061-B9B5-4281-9367-7F44844639D1} - System32\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-5 => C:\Program Files\videos MediaPlay-Air\eed7ed3c-fcdb-4878-be46-8595e5f25082-5.exe <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {E5951132-A42C-4B4E-BBF8-49F002ABA224} - System32\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-5_user => C:\Program Files\HQPureV1.8\1380fb42-002c-44dc-94cd-79af714a08f5-5.exe <==== ATTENTION
Task: {E686E5B3-ECE5-446C-B733-D5EB5F84E384} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-12-17] ()
Task: {ED0F96C4-CA74-4410-BEA2-BB1261C1D7B5} - System32\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-6 => C:\Program Files\HQPureV1.8\1380fb42-002c-44dc-94cd-79af714a08f5-6.exe <==== ATTENTION
Task: {F07ECEFA-A366-451C-8099-35723FD1F20D} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-08-12] (globalUpdate) <==== ATTENTION
Task: {FD50734C-AC24-4702-9B12-672861774DA1} - System32\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-11 => C:\Program Files\videos MediaPlay-Air\eed7ed3c-fcdb-4878-be46-8595e5f25082-11.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-1.job => C:\Program Files\HQPureV1.8\HQPureV1.8-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-11.job => C:\Program Files\HQPureV1.8\1380fb42-002c-44dc-94cd-79af714a08f5-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-2.job => C:\Program Files\HQPureV1.8\1380fb42-002c-44dc-94cd-79af714a08f5-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-3.job => C:\Program Files\HQPureV1.8\1380fb42-002c-44dc-94cd-79af714a08f5-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-4.job => C:\Program Files\HQPureV1.8\1380fb42-002c-44dc-94cd-79af714a08f5-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-5.job => C:\Program Files\HQPureV1.8\1380fb42-002c-44dc-94cd-79af714a08f5-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-5_user.job => C:\Program Files\HQPureV1.8\1380fb42-002c-44dc-94cd-79af714a08f5-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-6.job => C:\Program Files\HQPureV1.8\1380fb42-002c-44dc-94cd-79af714a08f5-6.exe/kHplXJ='HQPureV1.8' /yzUOclN=61762 /fadEWYlt='001904' /pViAsbbNy='0' /Owiunbf='0' /JVcPQMd=0521D854A860440DBE56A99DF8569495IE /wTvnZ=7688269c220377fcbb238111ac8f7cc7 /HahSbxT=1_34_07_29 /IliWcc=1.34.7.29 /bGIaTh=1407827260 /rpFIGeu=http://stats.inputdatacloud.com /trlCowKRZ=http://errors.inputdatacloud.com /jyXZQXYG=http://js.inputdatacloud.com /VdTfy=ie /TfRkNy /ERjbLX=HQPureV1.8 /IXafNef04a767-e57e-41fd-aa87-0e8206249f7b.dll /erooSQoLFf11a0b80-3005-4421-9312-ebe11bd38d0a.dll /nCOjKCYqO1380fb42-002c-44dc-94cd-79af714a08f5-64.exe <==== ATTENTION
Task: C:\Windows\Tasks\1380fb42-002c-44dc-94cd-79af714a08f5-7.job => C:\Program Files\HQPureV1.8\1380fb42-002c-44dc-94cd-79af714a08f5-7.exe'/mnMAi /kHplXJ='HQPureV1.8' /yzUOclN=61762 /fadEWYlt='001904' /pViAsbbNy='0' /Owiunbf='0' /JVcPQMd=0521D854A860440DBE56A99DF8569495IE /wTvnZ=7688269c220377fcbb238111ac8f7cc7 /HahSbxT=1_34_07_29 /IliWcc=1.34.7.29 /bGIaTh=1407827260 /rpFIGeu=http://stats.inputdatacloud.com /trlCowKRZ=http://errors.inputdatacloud.com /jyXZQXYG=http://js.inputdatacloud.com /VdTfy=ie /TfRkNy /ERjbLX=HQPureV1.8 /IXafNef04a767-e57e-41fd-aa87-0e8206249f7b.dll /erooSQoLFf11a0b80-3005-4421-9312-ebe11bd38d0a.dll /nCOjKCYqO1380fb42-002c-44dc-94cd-79af714a08f5-64.exe <==== ATTENTION
Task: C:\Windows\Tasks\54cdde4b-321d-4881-bab8-dce3f3d21e58.job => C:\Program Files\HQPureV1.8\1380fb42-002c-44dc-94cd-79af714a08f5-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\674c1331-f060-4d1d-8f38-01bb2b3cd609.job => C:\Program Files\HQPureV1.8\674c1331-f060-4d1d-8f38-01bb2b3cd609.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ecb19fcd-910f-4464-81f4-fe16fdd95e1b.job => C:\Program Files\videos MediaPlay-Air\eed7ed3c-fcdb-4878-be46-8595e5f25082-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-1.job => C:\Program Files\videos MediaPlay-Air\videos MediaPlay-Air-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-11.job => C:\Program Files\videos MediaPlay-Air\eed7ed3c-fcdb-4878-be46-8595e5f25082-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-2.job => C:\Program Files\videos MediaPlay-Air\eed7ed3c-fcdb-4878-be46-8595e5f25082-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-3.job => C:\Program Files\videos MediaPlay-Air\eed7ed3c-fcdb-4878-be46-8595e5f25082-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-4.job => C:\Program Files\videos MediaPlay-Air\eed7ed3c-fcdb-4878-be46-8595e5f25082-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-5.job => C:\Program Files\videos MediaPlay-Air\eed7ed3c-fcdb-4878-be46-8595e5f25082-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-5_user.job => C:\Program Files\videos MediaPlay-Air\eed7ed3c-fcdb-4878-be46-8595e5f25082-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-6.job => C:\Program Files\videos MediaPlay-Air\eed7ed3c-fcdb-4878-be46-8595e5f25082-6.exeD/kHplXJ='videos MediaPlay-Air' /yzUOclN=61799 /fadEWYlt='001673' /pViAsbbNy='verticals-ads,intext,pops,shopping' /Owiunbf='0' /JVcPQMd=39B26F781544469DA5C3F0D6D2593F0EIE /wTvnZ=1deae8b29eba6b3e4b704f92067a541c /HahSbxT=1_34_07_29 /IliWcc=1.34.7.29 /bGIaTh=1407827323 /rpFIGeu=http://stats.inputdatacloud.com /trlCowKRZ=http://errors.inputdatacloud.com /jyXZQXYG=http://js.inputdatacloud.com /VdTfy=ie /TfRkNy /ERjbLX=videos MediaPlay-Air /IXafNba803cdb-91ec-46aa-9fc7-72952669b1ed.dll /erooSQoLF3c719273-3f7b-4604-ad5b-2482fe162234.dll /nCOjKCYqOeed7ed3c-fcdb-4878-be46-8595e5f25082-64.exe <==== ATTENTION
Task: C:\Windows\Tasks\eed7ed3c-fcdb-4878-be46-8595e5f25082-7.job => C:\Program Files\videos MediaPlay-Air\eed7ed3c-fcdb-4878-be46-8595e5f25082-7.exe\/mnMAi /kHplXJ='videos MediaPlay-Air' /yzUOclN=61799 /fadEWYlt='001673' /pViAsbbNy='verticals-ads,intext,pops,shopping' /Owiunbf='0' /JVcPQMd=39B26F781544469DA5C3F0D6D2593F0EIE /wTvnZ=1deae8b29eba6b3e4b704f92067a541c /HahSbxT=1_34_07_29 /IliWcc=1.34.7.29 /bGIaTh=1407827323 /rpFIGeu=http://stats.inputdatacloud.com /trlCowKRZ=http://errors.inputdatacloud.com /jyXZQXYG=http://js.inputdatacloud.com /VdTfy=ie /TfRkNy /ERjbLX=videos MediaPlay-Air /IXafNba803cdb-91ec-46aa-9fc7-72952669b1ed.dll /erooSQoLF3c719273-3f7b-4604-ad5b-2482fe162234.dll /nCOjKCYqOeed7ed3c-fcdb-4878-be46-8595e5f25082-64.exe <==== ATTENTION
Task: C:\Windows\Tasks\f88dbc96-bf64-43e5-be39-d138a0499c46.job => C:\Program Files\HQPureV1.8\f88dbc96-bf64-43e5-be39-d138a0499c46.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3011026113-540398884-3869173323-1000Core.job => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3011026113-540398884-3869173323-1000UA.job => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Pat.job => C:\PROGRA~1\NORTON~2\Engine\403~1.27\Nss.exe
Task: C:\Windows\Tasks\SearchArmor.job => C:\Program Files\SearchArmor\SearchArmorUpd.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 77b4f18a-f7f7-4e07-9b1a-542711c3e133.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e99602dd-52ac-43be-8720-d14e3ce604fe.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{2EF81A9E-8FE5-492E-BE2B-AC24305B427B}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2014-08-12 02:32 - 2014-08-12 02:32 - 00011776 _____ () C:\Program Files\NewPlayer\NewVideoPlayerUpdaterService.exe
2008-01-18 19:21 - 2008-01-18 19:21 - 00057344 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2008-01-18 19:20 - 2008-01-18 19:20 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2008-01-18 19:20 - 2008-01-18 19:20 - 00006144 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2008-01-18 19:20 - 2008-01-18 19:20 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2008-01-20 19:24 - 2008-01-20 19:24 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2008-01-18 19:21 - 2008-01-18 19:21 - 00036864 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2008-01-18 19:21 - 2008-01-18 19:21 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2014-04-04 15:50 - 2014-04-04 15:50 - 00962560 _____ () C:\Program Files\Origin\platforms\qwindows.dll
2014-04-04 15:50 - 2014-04-04 15:50 - 00024064 _____ () C:\Program Files\Origin\imageformats\qgif.dll
2014-04-04 15:50 - 2014-04-04 15:50 - 00025088 _____ () C:\Program Files\Origin\imageformats\qico.dll
2014-04-04 15:50 - 2014-04-04 15:50 - 00217088 _____ () C:\Program Files\Origin\imageformats\qjpeg.dll
2014-04-04 15:50 - 2014-04-04 15:50 - 00261632 _____ () C:\Program Files\Origin\imageformats\qmng.dll
2014-04-04 15:50 - 2014-04-04 15:50 - 00019968 _____ () C:\Program Files\Origin\imageformats\qtga.dll
2014-04-04 15:50 - 2014-04-04 15:50 - 00302592 _____ () C:\Program Files\Origin\imageformats\qtiff.dll
2014-04-04 15:50 - 2014-04-04 15:50 - 00018944 _____ () C:\Program Files\Origin\imageformats\qwbmp.dll
2014-04-08 18:13 - 2014-03-22 19:30 - 00061952 _____ () C:\Program Files\Fast Browser\Application\34.0.1848.0\chrome_elf.dll
2014-08-12 00:06 - 2014-08-12 00:06 - 04312064 ____N () c:\Program Files\Supporter\Supporter.dll
2014-09-16 13:20 - 2014-09-16 13:20 - 00043008 _____ () c:\users\pat\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqzgcyp.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-08 18:13 - 2014-03-22 19:30 - 00454144 _____ () C:\Program Files\Fast Browser\Application\34.0.1848.0\ppGoogleNaClPluginChrome.dll
2014-04-08 18:13 - 2014-03-22 19:30 - 00888832 _____ () C:\Program Files\Fast Browser\Application\34.0.1848.0\ffmpegsumo.dll
2014-03-13 07:16 - 2014-03-13 07:16 - 08476528 _____ () C:\Program Files\PC HealthBoost\PCHealthBoost.exe
2014-01-22 01:34 - 2014-01-22 01:34 - 00732160 _____ () C:\Program Files\PC HealthBoost\libGLESv2.dll
2013-12-18 05:15 - 2013-12-18 05:15 - 00854016 _____ () C:\Program Files\PC HealthBoost\platforms\qwindows.dll
2014-01-22 01:35 - 2014-01-22 01:35 - 00047104 _____ () C:\Program Files\PC HealthBoost\libEGL.dll
2013-06-15 09:34 - 2013-06-15 09:34 - 00022016 _____ () C:\Program Files\PC HealthBoost\imageformats\qgif.dll
2013-06-15 09:34 - 2013-06-15 09:34 - 00021504 _____ () C:\Program Files\PC HealthBoost\imageformats\qico.dll
2014-03-07 05:08 - 2014-03-07 05:08 - 00205312 _____ () C:\Program Files\PC HealthBoost\imageformats\qjpeg.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Pat\Desktop\Pat July 2009 458.AVI:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2014 01:23:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/16/2014 01:23:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/16/2014 01:22:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/16/2014 01:22:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/16/2014 01:19:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 08:15:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/14/2014 08:15:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/14/2014 08:15:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/14/2014 07:55:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 07:44:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

System errors:
=============
Error: (09/16/2014 01:25:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053

Error: (09/16/2014 01:25:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search

Error: (09/16/2014 01:25:18 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/16/2014 01:20:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update Service (gupdate)%%3

Error: (09/16/2014 01:19:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Wajam Internet Enhancer Service%%2

Error: (09/16/2014 01:19:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (09/16/2014 01:18:45 PM) (Source: WMPNetworkSvc) (EventID: 14333) (User: )
Description: WMPNetworkSvc0x80070422

Error: (09/16/2014 01:17:45 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (09/14/2014 07:57:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update Service (gupdate)%%3

Error: (09/14/2014 07:57:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000ShellHWDetection

Microsoft Office Sessions:
=========================
Error: (09/16/2014 01:23:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/16/2014 01:23:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/16/2014 01:22:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/16/2014 01:22:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/16/2014 01:19:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 08:15:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/14/2014 08:15:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/14/2014 08:15:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/14/2014 07:55:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 07:44:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

CodeIntegrity Errors:
===================================
  Date: 2014-09-16 13:25:24.258
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-16 13:25:23.943
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-16 13:25:23.601
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-16 13:25:23.034
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-16 13:25:22.441
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-16 13:25:22.163
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-16 13:25:21.788
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-16 13:25:21.420
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-16 13:21:50.149
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-16 13:21:49.702
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 46%
Total physical RAM: 3061.77 MB
Available physical RAM: 1624.54 MB
Total Pagefile: 6355.83 MB
Available Pagefile: 4861.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.54 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:326.11 GB) (Free:194.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.24 GB) (Free:1.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (USB DISK) (Removable) (Total:7.45 GB) (Free:6.79 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 335.4 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=326.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9.2 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0C)

==================== End Of Log ============================


  • 0

#5
kepayne228

kepayne228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

TDSS

 

13:34:18.0471 0x1348  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
13:34:23.0384 0x1348  ============================================================
13:34:23.0384 0x1348  Current date / time: 2014/09/16 13:34:23.0384
13:34:23.0384 0x1348  SystemInfo:
13:34:23.0385 0x1348 
13:34:23.0385 0x1348  OS Version: 6.0.6001 ServicePack: 1.0
13:34:23.0385 0x1348  Product type: Workstation
13:34:23.0385 0x1348  ComputerName: PAT-PC
13:34:23.0385 0x1348  UserName: Pat
13:34:23.0385 0x1348  Windows directory: C:\Windows
13:34:23.0385 0x1348  System windows directory: C:\Windows
13:34:23.0385 0x1348  Processor architecture: Intel x86
13:34:23.0385 0x1348  Number of processors: 2
13:34:23.0385 0x1348  Page size: 0x1000
13:34:23.0385 0x1348  Boot type: Normal boot
13:34:23.0385 0x1348  ============================================================
13:34:30.0049 0x1348  KLMD registered as C:\Windows\system32\drivers\58321815.sys
13:34:46.0777 0x1348  System UUID: {A3FC3C64-99D1-3605-589B-EEE06ACDF61A}
13:34:47.0755 0x1348  Drive \Device\Harddisk0\DR0 - Size: 0x53D67B6000 ( 335.35 Gb ), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:34:47.0789 0x1348  Drive \Device\Harddisk5\DR5 - Size: 0x1DD800000 ( 7.46 Gb ), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:34:47.0791 0x1348  ============================================================
13:34:47.0791 0x1348  \Device\Harddisk0\DR0:
13:34:47.0791 0x1348  MBR partitions:
13:34:47.0791 0x1348  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x28C3884C
13:34:47.0791 0x1348  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x28C3888B, BlocksNum 0x127A136
13:34:47.0791 0x1348  \Device\Harddisk5\DR5:
13:34:47.0792 0x1348  MBR partitions:
13:34:47.0792 0x1348  \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEEA080
13:34:47.0792 0x1348  ============================================================
13:34:47.0828 0x1348  C: <-> \Device\Harddisk0\DR0\Partition1
13:34:47.0866 0x1348  D: <-> \Device\Harddisk0\DR0\Partition2
13:34:47.0867 0x1348  ============================================================
13:34:47.0867 0x1348  Initialize success
13:34:47.0867 0x1348  ============================================================
13:35:48.0370 0x12e0  ============================================================
13:35:48.0371 0x12e0  Scan started
13:35:48.0371 0x12e0  Mode: Manual; TDLFS;
13:35:48.0371 0x12e0  ============================================================
13:35:48.0371 0x12e0  KSN ping started
13:35:51.0944 0x12e0  KSN ping finished: false
13:36:32.0287 0x12e0  ================ Scan system memory ========================
13:36:32.0287 0x12e0  System memory - ok
13:36:32.0288 0x12e0  ================ Scan services =============================
13:36:32.0443 0x12e0  [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:36:32.0446 0x12e0  !SASCORE - ok
13:36:32.0753 0x12e0  [ FCB8C7210F0135E24C6580F7F649C73C, 7E5E3D0B4F4BD418E6CC551850C672E1AF347CBB2E665B6F72638786CE5079C5 ] ACPI            C:\Windows\system32\drivers\acpi.sys
13:36:32.0760 0x12e0  ACPI - ok
13:36:33.0016 0x12e0  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:36:33.0032 0x12e0  AdobeARMservice - ok
13:36:33.0292 0x12e0  [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:36:33.0298 0x12e0  AdobeFlashPlayerUpdateSvc - ok
13:36:33.0440 0x12e0  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:36:33.0616 0x12e0  adp94xx - ok
13:36:33.0693 0x12e0  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:36:33.0700 0x12e0  adpahci - ok
13:36:33.0761 0x12e0  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
13:36:33.0778 0x12e0  adpu160m - ok
13:36:33.0849 0x12e0  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:36:33.0853 0x12e0  adpu320 - ok
13:36:33.0923 0x12e0  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:36:33.0924 0x12e0  AeLookupSvc - ok
13:36:34.0082 0x12e0  [ 48EB99503533C27AC6135648E5474457, 344A83008F41AAC3CDFC52EFC4F2EFF441971C58182597D2FBED315B3FC62137 ] AFD             C:\Windows\system32\drivers\afd.sys
13:36:34.0199 0x12e0  AFD - ok
13:36:34.0308 0x12e0  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:36:34.0310 0x12e0  agp440 - ok
13:36:34.0367 0x12e0  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
13:36:34.0376 0x12e0  aic78xx - ok
13:36:34.0399 0x12e0  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
13:36:34.0401 0x12e0  ALG - ok
13:36:34.0434 0x12e0  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
13:36:34.0435 0x12e0  aliide - ok
13:36:34.0450 0x12e0  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
13:36:34.0452 0x12e0  amdagp - ok
13:36:34.0472 0x12e0  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
13:36:34.0473 0x12e0  amdide - ok
13:36:34.0505 0x12e0  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
13:36:34.0507 0x12e0  AmdK7 - ok
13:36:34.0515 0x12e0  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:36:34.0517 0x12e0  AmdK8 - ok
13:36:34.0617 0x12e0  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
13:36:34.0619 0x12e0  Appinfo - ok
13:36:34.0639 0x12e0  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
13:36:34.0641 0x12e0  arc - ok
13:36:34.0665 0x12e0  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:36:34.0667 0x12e0  arcsas - ok
13:36:34.0689 0x12e0  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:36:34.0690 0x12e0  AsyncMac - ok
13:36:34.0713 0x12e0  [ 2D9C903DC76A66813D350A562DE40ED9, 82609F01A08C6842E4C17C077BB641C1429C0E6657964B7F2D114035E1BDCBF3 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:36:34.0714 0x12e0  atapi - ok
13:36:34.0789 0x12e0  [ 42076E29AAFA0830A2C5D4E310F58DD1, 13BB794C09BB602AECF53DB8147677159DC154E994FFEAE89C0298BD65FA9C7B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:36:34.0797 0x12e0  AudioEndpointBuilder - ok
13:36:34.0848 0x12e0  [ 42076E29AAFA0830A2C5D4E310F58DD1, 13BB794C09BB602AECF53DB8147677159DC154E994FFEAE89C0298BD65FA9C7B ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:36:34.0856 0x12e0  Audiosrv - ok
13:36:34.0915 0x12e0  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:36:34.0916 0x12e0  Beep - ok
13:36:35.0001 0x12e0  [ D3E6D78285529962349A7F1617035938, B23C3AC2644FA6A8BDC17E034FB5B5657C3A5DB128A66E5EE21DE05BF879390D ] BFE             C:\Windows\System32\bfe.dll
13:36:35.0009 0x12e0  BFE - ok
13:36:35.0257 0x12e0  [ 02ED7B4DBC2A3232A389106DA7515C3D, 0DFCD03CB967D1A980D56124603F353DC1D800E3A5E436EEE95C65FDE17398CF ] BITS            C:\Windows\System32\qmgr.dll
13:36:35.0279 0x12e0  BITS - ok
13:36:35.0309 0x12e0  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
13:36:35.0317 0x12e0  blbdrive - ok
13:36:35.0379 0x12e0  [ 8153396D5551276227FA146900F734E6, 0AE06774162D542D9E95246B7112A40D7C463EF331B4F56C9CF8AD99A0341E38 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:36:35.0381 0x12e0  bowser - ok
13:36:35.0464 0x12e0  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
13:36:35.0465 0x12e0  BrFiltLo - ok
13:36:35.0498 0x12e0  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
13:36:35.0498 0x12e0  BrFiltUp - ok
13:36:35.0536 0x12e0  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
13:36:35.0539 0x12e0  Browser - ok
13:36:35.0572 0x12e0  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
13:36:35.0574 0x12e0  Brserid - ok
13:36:35.0608 0x12e0  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
13:36:35.0610 0x12e0  BrSerWdm - ok
13:36:35.0644 0x12e0  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
13:36:35.0645 0x12e0  BrUsbMdm - ok
13:36:35.0686 0x12e0  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
13:36:35.0687 0x12e0  BrUsbSer - ok
13:36:35.0767 0x12e0  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:36:35.0793 0x12e0  BTHMODEM - ok
13:36:35.0858 0x12e0  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:36:35.0860 0x12e0  cdfs - ok
13:36:35.0888 0x12e0  [ 1EC25CEA0DE6AC4718BF89F9E1778B57, 019E12C30E7A395259F3906EC55AFF86949CFDBB443060208C8B91B9EB7F9FB7 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:36:35.0890 0x12e0  cdrom - ok
13:36:35.0992 0x12e0  [ 87C2D0377B23E2D8A41093C2F5FB1A5B, 94725CD764318461A1163FCD1B507B92490C5F52CB5089E6C7245FD91F2D1D05 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:36:35.0994 0x12e0  CertPropSvc - ok
13:36:36.0024 0x12e0  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
13:36:36.0025 0x12e0  circlass - ok
13:36:36.0107 0x12e0  [ 465745561C832B29F7C48B488AAB3842, B631C61FBF6E2641FED7C4CFC1B179D19143B04CF76DCF48A9C7582E756FFD8C ] CLFS            C:\Windows\system32\CLFS.sys
13:36:36.0113 0x12e0  CLFS - ok
13:36:36.0398 0x12e0  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:36:36.0404 0x12e0  clr_optimization_v2.0.50727_32 - ok
13:36:36.0674 0x12e0  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:36:36.0678 0x12e0  clr_optimization_v4.0.30319_32 - ok
13:36:36.0727 0x12e0  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:36:36.0728 0x12e0  cmdide - ok
13:36:36.0751 0x12e0  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
13:36:36.0752 0x12e0  Compbatt - ok
13:36:36.0759 0x12e0  COMSysApp - ok
13:36:36.0813 0x12e0  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:36:36.0827 0x12e0  crcdisk - ok
13:36:36.0853 0x12e0  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
13:36:36.0855 0x12e0  Crusoe - ok
13:36:36.0904 0x12e0  [ 6DE363F9F99334514C46AEC02D3E3678, FF403B8A4D7D6B3D2F23E2711D1353CFB0C748AD7D7927CF5DFBD99CD169D826 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:36:36.0908 0x12e0  CryptSvc - ok
13:36:36.0982 0x12e0  [ 9E3E9631FB576086DE8B17C923EB0B50, 40E57E05C525770021D3B466CEC53848BA160A91AC6E956BB53698C61AE7106F ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:36:36.0999 0x12e0  DcomLaunch - detected Trojan.Win32.Patched.pj ( 0 )
13:36:43.0514 0x12e0  DcomLaunch ( Trojan.Win32.Patched.pj ) - infected
13:36:43.0514 0x12e0  Force sending object to P2P due to detect: DcomLaunch
13:36:43.0556 0x12e0  Object send P2P result: false
13:36:43.0594 0x12e0  [ A3E9FA213F443AC77C7746119D13FEEC, 479B349BFC811D20572C09C4A2228C3880F8F3B4B4BA5F4E56600C7EF583DE7B ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:36:43.0597 0x12e0  DfsC - ok
13:36:43.0783 0x12e0  [ FA3463F25F9CC9C3BCF1E7912FEFF099, 8CFA0F1DFD975ED877B303EB55BE52B0B1EC2B20FEC36820121A0F5E046E0032 ] DFSR            C:\Windows\system32\DFSR.exe
13:36:43.0834 0x12e0  DFSR - ok
13:36:43.0907 0x12e0  [ 43A988A9C10333476CB5FB667CBD629D, 7E0DD57E75A50E3671673876631A1E66A4AC16810418BEC1AC2143DFD331F389 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
13:36:43.0912 0x12e0  Dhcp - ok
13:36:43.0965 0x12e0  [ 64109E623ABD6955C8FB110B592E68B7, 964F456EF44F9AE836B8CAB438FEB18303B2548A2B7D85FEBD72F4F80127B0EE ] disk            C:\Windows\system32\drivers\disk.sys
13:36:43.0966 0x12e0  disk - ok
13:36:44.0042 0x12e0  [ 4805D9A6D281C7A7DEFD9094DEC6AF7D, 473A5F1C4E795BD6B6DDB32ECB04BA8BF238AA5FBC67FC5D8D8F749464ED0AE9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:36:44.0045 0x12e0  Dnscache - ok
13:36:44.0079 0x12e0  [ 5AF620A08C614E24206B79E8153CF1A8, 5BB32FF3C9A5C51C2773F0ECF9647749667F4678EF3C75FEB4420EC6C805913E ] dot3svc         C:\Windows\System32\dot3svc.dll
13:36:44.0086 0x12e0  dot3svc - ok
13:36:44.0129 0x12e0  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
13:36:44.0134 0x12e0  DPS - ok
13:36:44.0184 0x12e0  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:36:44.0185 0x12e0  drmkaud - ok
13:36:44.0290 0x12e0  [ 85F33880B8CFB554BD3D9CCDB486845A, 2D120F94800AEB886D4BA2A45FE2454EBB1FAC3E57BDE552737EBDE7EF8899CF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:36:44.0341 0x12e0  DXGKrnl - ok
13:36:44.0387 0x12e0  [ D00EEAE1CACD77A1A8396BBC19140BBA, DCEE11EA982CC37F4FDEEC160AEC2FCF6417849DC3A09DBE574265E0098B26CF ] E100B           C:\Windows\system32\DRIVERS\e100b325.sys
13:36:44.0392 0x12e0  E100B - ok
13:36:44.0466 0x12e0  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
13:36:44.0470 0x12e0  E1G60 - ok
13:36:44.0502 0x12e0  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
13:36:44.0505 0x12e0  EapHost - ok
13:36:44.0539 0x12e0  [ DD2CD259D83D8B72C02C5F2331FF9D68, 07E758A414442FEAFE55FB28842D960971553DB16C31D5791FDD0843CBF5E2B4 ] Ecache          C:\Windows\system32\drivers\ecache.sys
13:36:44.0544 0x12e0  Ecache - ok
13:36:44.0681 0x12e0  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:36:44.0690 0x12e0  ehRecvr - ok
13:36:44.0744 0x12e0  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
13:36:44.0748 0x12e0  ehSched - ok
13:36:44.0815 0x12e0  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
13:36:44.0828 0x12e0  ehstart - ok
13:36:44.0868 0x12e0  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:36:44.0883 0x12e0  elxstor - ok
13:36:44.0975 0x12e0  [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C, 80385AC32CE8388F06341AA4A880F68E0EB5815CCCA5CF8E799846F472DCE360 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
13:36:44.0997 0x12e0  EMDMgmt - ok
13:36:45.0030 0x12e0  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:36:45.0031 0x12e0  ErrDev - ok
13:36:45.0125 0x12e0  [ 3CB3343D720168B575133A0A20DC2465, B356938AC3D9CE833A2C0EBFAA548CDB6B68BEDDB2CCA80222E508BD978FB26B ] EventSystem     C:\Windows\system32\es.dll
13:36:45.0137 0x12e0  EventSystem - ok
13:36:45.0209 0x12e0  [ 0D858EB20589A34EFB25695ACAA6AA2D, E5C891D8971173D78194176CB38C0D62C1245C71E04DD94EC742A69C2925F843 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:36:45.0214 0x12e0  exfat - ok
13:36:45.0268 0x12e0  [ 3C489390C2E2064563727752AF8EAB9E, BF528F6D4718AC160C103FD89496C6B7BABED7A17A6BD4222D684AF22FE21A49 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:36:45.0275 0x12e0  fastfat - ok
13:36:45.0328 0x12e0  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:36:45.0329 0x12e0  fdc - ok
13:36:45.0384 0x12e0  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
13:36:45.0387 0x12e0  fdPHost - ok
13:36:45.0403 0x12e0  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:36:45.0406 0x12e0  FDResPub - ok
13:36:45.0429 0x12e0  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:36:45.0432 0x12e0  FileInfo - ok
13:36:45.0481 0x12e0  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:36:45.0483 0x12e0  Filetrace - ok
13:36:45.0514 0x12e0  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:36:45.0516 0x12e0  flpydisk - ok
13:36:45.0533 0x12e0  [ 05EA53AFE985443011E36DAB07343B46, E033C1C218E9B0D22B63E1B927D7BBE331B59814F26952B68BEDC914EF881E55 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:36:45.0541 0x12e0  FltMgr - ok
13:36:45.0624 0x12e0  [ C9BE08664611DDAF98E2331E9288B00B, C645DDAB5FD588486553DF2DD5750AF5A967FEE988F4EB29E05362E3362DF4A2 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:36:45.0626 0x12e0  FontCache3.0.0.0 - ok
13:36:45.0668 0x12e0  [ 65EA8B77B5851854F0C55C43FA51A198, 150BE6C195094DBEAC4FD73CC1C31FF59B77A73944574E244D280EE2DE69DC2F ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:36:45.0670 0x12e0  Fs_Rec - ok
13:36:45.0759 0x12e0  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:36:45.0762 0x12e0  gagp30kx - ok
13:36:45.0975 0x12e0  [ E6CE7A89183D1840F0FF63694292FFA2, 8907ADCF9967026CD1A9D545E2274569F840F1DFF0E407CC77B6A662267AAC4B ] GamesAppIntegrationService C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe
13:36:45.0996 0x12e0  GamesAppIntegrationService - ok
13:36:46.0034 0x12e0  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
13:36:46.0042 0x12e0  GamesAppService - ok
13:36:46.0095 0x12e0  [ FE4D369172AC1CC19C876BDB5BDC31A3, B02D58846C11D63DED9D211A271B1A01788FA162E8CD34645DBEFF136173FB92 ] gfiark          C:\Windows\system32\drivers\gfiark.sys
13:36:46.0097 0x12e0  gfiark - ok
13:36:46.0121 0x12e0  [ 3EAEB9143A5DBC1082785BBBE8D8CFEA, B84AD6FB6E5A433B3CC243CC98CDA3906A466DBF55759C8101438643D2C93803 ] gfiutil         C:\Windows\system32\drivers\gfiutil.sys
13:36:46.0123 0x12e0  gfiutil - ok
13:36:46.0183 0x12e0  globalUpdate - ok
13:36:46.0203 0x12e0  globalUpdatem - ok
13:36:46.0264 0x12e0  [ D9F1113D9401185245573350712F92FC, 7D8E96B61D7FC1FCC7D70A19DB725BCEA78FE94F3D7AFBB1202771D530A628B7 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:36:46.0288 0x12e0  gpsvc - ok
13:36:46.0318 0x12e0  gupdate - ok
13:36:46.0338 0x12e0  gupdatem - ok
13:36:46.0438 0x12e0  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:36:46.0443 0x12e0  gusvc - ok
13:36:46.0515 0x12e0  [ C87B1EE051C0464491C1A7B03FA0BC99, 0EF498A7D37A454E8B6DB1BE3C0EADA648B51B34A2BB553171E766463E54EE90 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:36:46.0517 0x12e0  HDAudBus - ok
13:36:46.0556 0x12e0  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:36:46.0557 0x12e0  HidBth - ok
13:36:46.0577 0x12e0  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:36:46.0578 0x12e0  HidIr - ok
13:36:46.0637 0x12e0  [ 8FA640195279ACE21BEA91396A0054FC, 20541E5FA29B3FBD8824F3DF93C7D63AFEE56948F82FFDE20E9E87F5C0A3A789 ] hidserv         C:\Windows\system32\hidserv.dll
13:36:46.0642 0x12e0  hidserv - ok
13:36:46.0683 0x12e0  [ 3C64042B95E583B366BA4E5D2450235E, B431F9692D66188AFEE372F312581178B14F49D763F8D1100D264623A239002A ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
13:36:46.0684 0x12e0  HidUsb - ok
13:36:46.0764 0x12e0  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:36:46.0768 0x12e0  hkmsvc - ok
13:36:46.0836 0x12e0  [ 0D26C438E2938A3E6BDD91173BC96FF0, 69FAB9328BC9B49F0A1A3758FDEC31E71C5ED0948D3F5D76992A2E15C2B96511 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
13:36:46.0847 0x12e0  HP Health Check Service - ok
13:36:46.0903 0x12e0  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
13:36:46.0905 0x12e0  HpCISSs - ok
13:36:47.0005 0x12e0  [ 88749FBF8BEB18C90E7D6626C8C1910B, 8CCCCF75EE8D7C8F052DE48DCE7099BFA9D29E9D94E9EEB8C84F0EEE73CC2EDD ] HSF_DP          C:\Windows\system32\DRIVERS\HSX_DP.sys
13:36:47.0029 0x12e0  HSF_DP - ok
13:36:47.0155 0x12e0  [ FE440536BD98AF772130DC3A6FE1915F, F890A4336E6BC11A5D0A7D49CFD0626FFC2131E81260AE3E2501BCD29434C131 ] HSXHWBS2        C:\Windows\system32\DRIVERS\HSXHWBS2.sys
13:36:47.0161 0x12e0  HSXHWBS2 - ok
13:36:47.0219 0x12e0  [ 96E241624C71211A79C84F50A8E71CAB, EB6E679218B781F67FBFF4EB12DDE44769ACA7EA3F83A4404A073EA89C902C25 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:36:47.0230 0x12e0  HTTP - ok
13:36:47.0282 0x12e0  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
13:36:47.0284 0x12e0  i2omp - ok
13:36:47.0316 0x12e0  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:36:47.0317 0x12e0  i8042prt - ok
13:36:47.0373 0x12e0  [ 204A73A56751C68C6031E9D5D611EC98, 02710099E3B1FE62FD207CB8952184C99FA5A69FF23734D0236E8F6B39BC596A ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
13:36:47.0382 0x12e0  IAANTMON - ok
13:36:47.0463 0x12e0  [ 2358C53F30CB9DCD1D3843C4E2F299B2, C3E5F2D60133B10DEA52AF11E192DFDC4160611F5F0A86ED66138DB91532CA4A ] iaStor          C:\Windows\system32\drivers\iastor.sys
13:36:47.0471 0x12e0  iaStor - ok
13:36:47.0540 0x12e0  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
13:36:47.0568 0x12e0  iaStorV - ok
13:36:47.0639 0x12e0  [ 7B630ACAED64FEF0C3E1CF255CB56686, 9DCC6953BC6EF77C3916F8AA226CEC0662513A23AB60E9F714D53746E82FB372 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:36:47.0689 0x12e0  idsvc - ok
13:36:47.0889 0x12e0  [ 62F534791AE488A475A3E508D92AF4CC, 63F0BCA271EAB73A73ED9908B49332957343CAB00AB39BBBBB8F983C1086DDA9 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
13:36:48.0025 0x12e0  igfx - ok
13:36:48.0039 0x12e0  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:36:48.0041 0x12e0  iirsp - ok
13:36:48.0146 0x12e0  [ C5B04409186A27409BD069580208A6D3, CAD4B07EB498BBDF730A8362BFDF02CF3A40B28001097CB8DBB5BE20D79581BA ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
13:36:48.0154 0x12e0  IJPLMSVC - ok
13:36:48.0230 0x12e0  [ 68E8C415E102E5D79FD7E4A765B8CBA4, A5EA0DC9EEEED79D5D08D66D0E7B66F07889774F8AB667AD6839EE23A44E6D16 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:36:48.0248 0x12e0  IKEEXT - ok
13:36:48.0567 0x12e0  [ EDC37B918E583A5A813C53D4F5588255, 169DF53DB9B06914A84B3706662DBFCDCC58FCCF64A6DA5ED2BBE9C2DAE37C5B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:36:48.0614 0x12e0  IntcAzAudAddService - ok
13:36:48.0667 0x12e0  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
13:36:48.0668 0x12e0  intelide - ok
13:36:48.0688 0x12e0  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:36:48.0689 0x12e0  intelppm - ok
13:36:48.0713 0x12e0  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:36:48.0717 0x12e0  IPBusEnum - ok
13:36:48.0737 0x12e0  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:36:48.0739 0x12e0  IpFilterDriver - ok
13:36:48.0841 0x12e0  [ 6A35D233693EDC29A12742049BC5E37F, 77275407105492A11CDC232E72C8183F0DFD28F8B9AD2A24AAABDB246F14D38F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:36:48.0848 0x12e0  iphlpsvc - ok
13:36:48.0855 0x12e0  IpInIp - ok
13:36:48.0891 0x12e0  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
13:36:48.0895 0x12e0  IPMIDRV - ok
13:36:49.0341 0x12e0  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
13:36:49.0345 0x12e0  IPNAT - ok
13:36:49.0395 0x12e0  IPVNMon - ok
13:36:49.0430 0x12e0  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:36:49.0431 0x12e0  IRENUM - ok
13:36:49.0463 0x12e0  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:36:49.0465 0x12e0  isapnp - ok
13:36:49.0508 0x12e0  [ F247EEC28317F6C739C16DE420097301, 0F4BE16BB0630DFE2256F70C94D4363B7B71F02F7F6597E7CAE28A3EFEA7BCAD ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
13:36:49.0516 0x12e0  iScsiPrt - ok
13:36:49.0535 0x12e0  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
13:36:49.0543 0x12e0  iteatapi - ok
13:36:49.0561 0x12e0  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
13:36:49.0563 0x12e0  iteraid - ok
13:36:49.0593 0x12e0  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:36:49.0615 0x12e0  kbdclass - ok
13:36:49.0641 0x12e0  [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
13:36:49.0642 0x12e0  kbdhid - ok
13:36:49.0698 0x12e0  [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] KeyIso          C:\Windows\system32\lsass.exe
13:36:49.0701 0x12e0  KeyIso - ok
13:36:49.0747 0x12e0  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA, 903CF1169D984BBDAE114827D82D5CCC88C2BC7CAEE6BB3A299E2572B0751BB6 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:36:49.0757 0x12e0  KSecDD - ok
13:36:49.0823 0x12e0  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:36:49.0832 0x12e0  KtmRm - ok
13:36:49.0889 0x12e0  [ 1925E63C91CF1610AE41BFD539062079, C25438D19D51B76A8E4C5F3A5D41C76197321166CB37E224217993A4466EBEF9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:36:49.0895 0x12e0  LanmanServer - ok
13:36:49.0996 0x12e0  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15, 7B1FAC42B9EA73A8C4E812F8F729EB882BDFD04D2E68FE354CFD6B8379A46D14 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:36:50.0004 0x12e0  LanmanWorkstation - ok
13:36:50.0118 0x12e0  [ 9039717A906DA0AE38420918801D9AB3, 5CB3954061393821E062EFF454B5992E570FE8970A8C1C6C84B7B0B0D7D83EC4 ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:36:50.0120 0x12e0  LightScribeService - ok
13:36:50.0200 0x12e0  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:36:50.0203 0x12e0  lltdio - ok
13:36:50.0318 0x12e0  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:36:50.0342 0x12e0  lltdsvc - ok
13:36:50.0371 0x12e0  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:36:50.0374 0x12e0  lmhosts - ok
13:36:50.0407 0x12e0  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:36:50.0410 0x12e0  LSI_FC - ok
13:36:50.0448 0x12e0  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:36:50.0458 0x12e0  LSI_SAS - ok
13:36:50.0501 0x12e0  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:36:50.0505 0x12e0  LSI_SCSI - ok
13:36:50.0550 0x12e0  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
13:36:50.0561 0x12e0  luafv - ok
13:36:50.0664 0x12e0  [ EEE1EA23C4777ADB268A36196A631200, 3F53008134D1C56257CE6F7B79B4BA4A810002E91B7ABAF2E717799C41E2CA37 ] McciServiceHost C:\Program Files\Common Files\Motive\McciServiceHost.exe
13:36:50.0672 0x12e0  McciServiceHost - ok
13:36:50.0725 0x12e0  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:36:50.0728 0x12e0  Mcx2Svc - ok
13:36:50.0776 0x12e0  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:36:50.0776 0x12e0  mdmxsdk - ok
13:36:50.0828 0x12e0  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
13:36:50.0829 0x12e0  megasas - ok
13:36:50.0881 0x12e0  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
13:36:50.0892 0x12e0  MegaSR - ok
13:36:50.0933 0x12e0  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
13:36:50.0936 0x12e0  MMCSS - ok
13:36:50.0972 0x12e0  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
13:36:50.0974 0x12e0  Modem - ok
13:36:51.0057 0x12e0  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:36:51.0059 0x12e0  monitor - ok
13:36:51.0106 0x12e0  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:36:51.0113 0x12e0  mouclass - ok
13:36:51.0132 0x12e0  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
13:36:51.0133 0x12e0  mouhid - ok
13:36:51.0164 0x12e0  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
13:36:51.0166 0x12e0  MountMgr - ok
13:36:51.0202 0x12e0  [ 817EFA0406E506784AB734CFB7DBD28E, 301C14DFCFE9AA27E93A5161E3BA74A8139EA8778FC9C4AA16623B673B6DD58F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:36:51.0207 0x12e0  MozillaMaintenance - ok
13:36:51.0257 0x12e0  [ 6460D4A5C981567E74A7AC1349DE10F5, 9C16035B9A9BE3D7077851621E9BDED223B4C6A156562076957B49B9FCAB3A05 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
13:36:51.0275 0x12e0  MpFilter - ok
13:36:51.0343 0x12e0  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:36:51.0346 0x12e0  mpio - ok
13:36:51.0478 0x12e0  [ 65C34426C83EFA32D48380A97717997B, CD7EB6BFBB0BE382BA21055460D9A72323F09AF3194A22D8EDB28D5DB3BAE8E7 ] MpKsl9cf45dc1   c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AFA55B20-C517-42AF-A323-B9E263E56679}\MpKsl9cf45dc1.sys
13:36:51.0479 0x12e0  MpKsl9cf45dc1 - ok
13:36:51.0495 0x12e0  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:36:51.0498 0x12e0  mpsdrv - ok
13:36:51.0537 0x12e0  [ D1639BA315B0D79DEC49A4B0E1FB929B, 96420572029217FDD78CD286A022EB5F8BAB76EE30F75E48CD69AEE1A4846B53 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:36:51.0548 0x12e0  MpsSvc - ok
13:36:51.0608 0x12e0  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
13:36:51.0639 0x12e0  Mraid35x - ok
13:36:51.0675 0x12e0  [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
13:36:51.0676 0x12e0  MREMP50 - ok
13:36:51.0681 0x12e0  MREMPR5 - ok
13:36:51.0689 0x12e0  MRENDIS5 - ok
13:36:51.0738 0x12e0  [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
13:36:51.0739 0x12e0  MRESP50 - ok
13:36:51.0775 0x12e0  [ AE3DE84536B6799D2267443CEC8EDBB9, 787AF9D5BC6D1A1E4A55A66D62F0DF93F45C2FB7EA5BE0BF63F1270604600B40 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:36:51.0779 0x12e0  MRxDAV - ok
13:36:51.0833 0x12e0  [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1, 2C5F0554D5A763D6B3F1402C9BF36C6091CBBDFFD5139AEE85D69D5B210D2047 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:36:51.0837 0x12e0  mrxsmb - ok
13:36:51.0944 0x12e0  [ 6B5FA5ADFACAC9DBBE0991F4566D7D55, 9BAD029A6AAF4C2292C682B9F07C57051C84F7FA4F3EBEA52C25CAEF1A41121F ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:36:51.0950 0x12e0  mrxsmb10 - ok
13:36:52.0012 0x12e0  [ 5C80D8159181C7ABF1B14BA703B01E0B, 414085AD3C36B8E95D1D49E2958671332DECE38739544CCB70FAB30C408E89A2 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:36:52.0015 0x12e0  mrxsmb20 - ok
13:36:52.0069 0x12e0  [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:36:52.0070 0x12e0  msahci - ok
13:36:52.0091 0x12e0  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:36:52.0095 0x12e0  msdsm - ok
13:36:52.0146 0x12e0  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
13:36:52.0150 0x12e0  MSDTC - ok
13:36:52.0190 0x12e0  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:36:52.0191 0x12e0  Msfs - ok
13:36:52.0232 0x12e0  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:36:52.0233 0x12e0  msisadrv - ok
13:36:52.0281 0x12e0  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:36:52.0286 0x12e0  MSiSCSI - ok
13:36:52.0292 0x12e0  msiserver - ok
13:36:52.0310 0x12e0  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:36:52.0311 0x12e0  MSKSSRV - ok
13:36:52.0376 0x12e0  [ A4B109D057E15A438CE74E5B71187417, C91568C1AE2863218988D4D7A2B64041AB2C1EE2E9DF3720407FCE513ADA056F ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:36:52.0377 0x12e0  MsMpSvc - ok
13:36:52.0410 0x12e0  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:36:52.0411 0x12e0  MSPCLOCK - ok
13:36:52.0419 0x12e0  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:36:52.0421 0x12e0  MSPQM - ok
13:36:52.0466 0x12e0  [ B5614AECB05A9340AA0FB55BF561CC63, 8D1B5E958A0F721F5A81AD649CC5759B4DECB771FC4654F4EDEB29AC7DF1BD40 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:36:52.0473 0x12e0  MsRPC - ok
13:36:52.0525 0x12e0  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:36:52.0527 0x12e0  mssmbios - ok
13:36:52.0538 0x12e0  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:36:52.0539 0x12e0  MSTEE - ok
13:36:52.0592 0x12e0  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C, 95149C41CC9F269C299541A97A9E2E2CCAEE34FE2362EEECD1F813EBC6D4CDC5 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:36:52.0595 0x12e0  Mup - ok
13:36:52.0688 0x12e0  [ C43B25863FBD65B6D2A142AF3AE320CA, 88E147751CBECFF31CD65954BC978B86CEA74485EB60DBB25AABAB4601797A4E ] napagent        C:\Windows\system32\qagentRT.dll
13:36:52.0702 0x12e0  napagent - ok
13:36:52.0891 0x12e0  [ 3C21CE48FF529BB73DADB98770B54025, B8541E3D2B120B97947AE51B28A99E2623ACAD3790BC282B1251ACBEC7684F8D ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:36:52.0897 0x12e0  NativeWifiP - ok
13:36:52.0962 0x12e0  [ 9BDC71790FA08F0A0B5F10462B1BD0B1, 67605C7A0CB4D9F2C4D0A876651DEB92270B54D0231C35A994F9A739C6075BC0 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:36:52.0997 0x12e0  NDIS - ok
13:36:53.0037 0x12e0  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:36:53.0038 0x12e0  NdisTapi - ok
13:36:53.0050 0x12e0  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:36:53.0051 0x12e0  Ndisuio - ok
13:36:53.0067 0x12e0  [ 3D14C3B3496F88890D431E8AA022A411, 9B31451756A35314586F93996172E1039B2CD21132CCBE772B3E61A8D9454A30 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:36:53.0070 0x12e0  NdisWan - ok
13:36:53.0113 0x12e0  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:36:53.0114 0x12e0  NDProxy - ok
13:36:53.0159 0x12e0  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:36:53.0160 0x12e0  NetBIOS - ok
13:36:53.0240 0x12e0  [ 7C5FEE5B1C5728507CD96FB4A13E7A02, EDBA08442AD6AF20463A0610FF24D5929574E5EC012495A2C219F6BA84C97F57 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
13:36:53.0259 0x12e0  netbt - ok
13:36:53.0288 0x12e0  [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] Netlogon        C:\Windows\system32\lsass.exe
13:36:53.0290 0x12e0  Netlogon - ok
13:36:53.0330 0x12e0  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
13:36:53.0338 0x12e0  Netman - ok
13:36:53.0392 0x12e0  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
13:36:53.0404 0x12e0  netprofm - ok
13:36:53.0448 0x12e0  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386, 2F23B0979CF2E8DB013D8E58501ACC9265A860FD759E8B741F8FA64F7C2F7756 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:36:53.0452 0x12e0  NetTcpPortSharing - ok
13:36:53.0554 0x12e0  [ 6B0C23F06C83626B7593E27501DF065E, E822168C3B9A829B37874CB426D4E5EBD3EE79007B0BBDF7D9DB2EDDC4824F4E ] NewVideoPlayerUpdaterService C:\Program Files\NewPlayer\NewVideoPlayerUpdaterService.exe
13:36:53.0555 0x12e0  NewVideoPlayerUpdaterService - ok
13:36:53.0599 0x12e0  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:36:53.0601 0x12e0  nfrd960 - ok
13:36:53.0720 0x12e0  [ 6A83B8AF342E61DEE353BAA81F67B7DA, F883A69DC57A203CEF4A264ADA3669EFA11149FE479A32FF38A37C86D24D7DE7 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:36:53.0723 0x12e0  NisDrv - ok
13:36:53.0893 0x12e0  [ 877C975D6FED8B12C445312D1286771E, 2FD5F2FE0414D00B8E4EF389E1AD11356C14F700A906770B0AB88B464D963948 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
13:36:53.0901 0x12e0  NisSrv - ok
13:36:53.0946 0x12e0  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:36:53.0955 0x12e0  NlaSvc - ok
13:36:54.0017 0x12e0  [ ECB5003F484F9ED6C608D6D6C7886CBB, 45496B84B2FD156499E9F07FC82BC6F032B8F4D9DC194098CF9F5474D5642F9E ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:36:54.0040 0x12e0  Npfs - ok
13:36:54.0081 0x12e0  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
13:36:54.0084 0x12e0  nsi - ok
13:36:54.0137 0x12e0  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:36:54.0147 0x12e0  nsiproxy - ok
13:36:54.0285 0x12e0  [ B4EFFE29EB4F15538FD8A9681108492D, 12AF3C19DD2DE7D92EE4C03AD07BAFD77EB8BFF2333E6FBD9CAAA0F654A35F46 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:36:54.0361 0x12e0  Ntfs - ok
13:36:54.0438 0x12e0  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
13:36:54.0440 0x12e0  ntrigdigi - ok
13:36:54.0479 0x12e0  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
13:36:54.0480 0x12e0  Null - ok
13:36:54.0552 0x12e0  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:36:54.0585 0x12e0  nvraid - ok
13:36:54.0629 0x12e0  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:36:54.0631 0x12e0  nvstor - ok
13:36:54.0651 0x12e0  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:36:54.0655 0x12e0  nv_agp - ok
13:36:54.0663 0x12e0  NwlnkFlt - ok
13:36:54.0674 0x12e0  NwlnkFwd - ok
13:36:54.0723 0x12e0  [ 790E27C3DB53410B40FF9EF2FD10A1D9, FD06F2702B8F7E04ECF1B6E88602F14301E7AE7FC44AD114282E580FAD530A9C ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
13:36:54.0726 0x12e0  ohci1394 - ok
13:36:54.0882 0x12e0  [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
13:36:54.0903 0x12e0  p2pimsvc - ok
13:36:54.0952 0x12e0  [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:36:54.0969 0x12e0  p2psvc - ok
13:36:55.0022 0x12e0  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
13:36:55.0024 0x12e0  Parport - ok
13:36:55.0052 0x12e0  [ 3B38467E7C3DAED009DFE359E17F139F, 419BD726E511B3FEFBD8204C9E2BF6131EC05C71D15406070F834688EAFB694F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:36:55.0054 0x12e0  partmgr - ok
13:36:55.0095 0x12e0  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
13:36:55.0096 0x12e0  Parvdm - ok
13:36:55.0130 0x12e0  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:36:55.0133 0x12e0  PcaSvc - ok
13:36:55.0174 0x12e0  [ BAE04007A679893E975A2B75E9E001E9, 53E425F714BB8196B59E7250F87E0D3FAE6650262EDF02F37BC4F9563F673B82 ] pcCMService     C:\Program Files\Common Files\Motive\pcCMService.exe
13:36:55.0183 0x12e0  pcCMService - ok
13:36:55.0274 0x12e0  [ 77A76C2DA7C9431024B299EF7700DD4F, 23588EA433FA7A4E4EE10F8B274D9DA5B663EA91B4BDFE72C9519409DD9E46A4 ] PCD5SRVC{BD6912E3-AC9D80E8-05040000} C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms
13:36:55.0324 0x12e0  PCD5SRVC{BD6912E3-AC9D80E8-05040000} - ok
13:36:55.0397 0x12e0  [ 01B94418DEB235DFF777CC80076354B4, 091C4D5954C5CA1F783748C4D7287DD160C5F3357F2CC448DC5C2935B79AC1E9 ] pci             C:\Windows\system32\drivers\pci.sys
13:36:55.0402 0x12e0  pci - ok
13:36:55.0463 0x12e0  [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:36:55.0464 0x12e0  pciide - ok
13:36:55.0506 0x12e0  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:36:55.0511 0x12e0  pcmcia - ok
13:36:55.0561 0x12e0  [ 1458F126F56A71673DE7EE968061E7BE, 173E7809A02BA874A99DC5FF4C1278DE70C2F1464E7963C18FCCFA2D452A8A5B ] pcServiceHost   C:\Program Files\Common Files\Motive\pcServiceHost.exe
13:36:55.0571 0x12e0  pcServiceHost - ok
13:36:55.0651 0x12e0  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:36:55.0720 0x12e0  PEAUTH - ok
13:36:55.0892 0x12e0  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
13:36:55.0927 0x12e0  pla - ok
13:36:56.0001 0x12e0  [ 78F975CB6D18265BE6F492EDB2D7BC7B, 112C6FB0A84E605B1EA87F98C8A4C210C9DB84C811029109444AB174011A158C ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:36:56.0008 0x12e0  PlugPlay - ok
13:36:56.0075 0x12e0  [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
13:36:56.0091 0x12e0  PNRPAutoReg - ok
13:36:56.0191 0x12e0  [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
13:36:56.0211 0x12e0  PNRPsvc - ok
13:36:56.0293 0x12e0  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A, FAE64867CE80439735F88A9988243667BDE84486B5A768B650E55E1519C85C03 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:36:56.0303 0x12e0  PolicyAgent - ok
13:36:56.0383 0x12e0  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:36:56.0385 0x12e0  PptpMiniport - ok
13:36:56.0401 0x12e0  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
13:36:56.0402 0x12e0  Processor - ok
13:36:56.0471 0x12e0  [ B627E4FC8585E8843C5905D4D3587A90, 07D7BC1BF8CDD5E34155B260B914D4A9892D3CEAEACDE334D1AF2A608E1FA2D8 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:36:56.0477 0x12e0  ProfSvc - ok
13:36:56.0495 0x12e0  [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:36:56.0497 0x12e0  ProtectedStorage - ok
13:36:56.0520 0x12e0  [ 390C204CED3785609AB24E9C52054A84, D997A9EAAE4A7FED9C2FEBD1AA7D1171431B9C9D56F8BFB587DCAE26203FF4D2 ] Ps2             C:\Windows\system32\DRIVERS\PS2.sys
13:36:56.0521 0x12e0  Ps2 - ok
13:36:56.0546 0x12e0  [ BFEF604508A0ED1EAE2A73E872555FFB, AC817FB5A6126475B4A3CA191AD49651B919FB55429B939D036BC564632E426D ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
13:36:56.0548 0x12e0  PSched - ok
13:36:56.0622 0x12e0  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:36:56.0653 0x12e0  ql2300 - ok
13:36:56.0672 0x12e0  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:36:56.0679 0x12e0  ql40xx - ok
13:36:56.0713 0x12e0  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
13:36:56.0723 0x12e0  QWAVE - ok
13:36:56.0744 0x12e0  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:36:56.0745 0x12e0  QWAVEdrv - ok
13:36:56.0774 0x12e0  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:36:56.0775 0x12e0  RasAcd - ok
13:36:56.0793 0x12e0  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
13:36:56.0798 0x12e0  RasAuto - ok
13:36:56.0870 0x12e0  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:36:56.0873 0x12e0  Rasl2tp - ok
13:36:56.0912 0x12e0  [ 6E7C284FC5C4EC07AD164D93810385A6, FDBF80C8DE53E56A3515353129C6912E8CAEC2B2DA9AB3A4B027CB73BDF1EC60 ] RasMan          C:\Windows\System32\rasmans.dll
13:36:56.0920 0x12e0  RasMan - ok
13:36:56.0947 0x12e0  [ 3E9D9B048107B40D87B97DF2E48E0744, F7B8DAE57B9372CEB21A912379FC7670B099A9642CF2E7EA8D335ADBD4CF86A2 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:36:56.0949 0x12e0  RasPppoe - ok
13:36:56.0958 0x12e0  [ A7D141684E9500AC928A772ED8E6B671, C9329ECA4190EE1F4A6F186D45EA42ACF60C04CDBAFEB19973F3C2DF04A1BCEE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:36:56.0960 0x12e0  RasSstp - ok
13:36:56.0985 0x12e0  [ 6E1C5D0457622F9EE35F683110E93D14, 9C6BE049FDA5E6CBA486EE33F01AADDD6085CC5F1F08409EC439ADE9137D3F5F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:36:56.0992 0x12e0  rdbss - ok
13:36:57.0028 0x12e0  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:36:57.0029 0x12e0  RDPCDD - ok
13:36:57.0093 0x12e0  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
13:36:57.0099 0x12e0  rdpdr - ok
13:36:57.0137 0x12e0  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:36:57.0138 0x12e0  RDPENCDD - ok
13:36:57.0182 0x12e0  [ E1C18F4097A5ABCEC941DC4B2F99DB7E, B38AC355042F18A41F83BF088FE7EB867184C7FE37820365314419BD3810BB68 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:36:57.0187 0x12e0  RDPWD - ok
13:36:57.0254 0x12e0  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:36:57.0257 0x12e0  RemoteAccess - ok
13:36:57.0329 0x12e0  [ CC4E32400F3C7253400CF8F3F3A0B676, D2A874BE3D365260AD7C10C30F2DE22F818CBFC12D65AADE2203B9ED02C9BEB5 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:36:57.0334 0x12e0  RemoteRegistry - ok
13:36:57.0344 0x12e0  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
13:36:57.0346 0x12e0  RpcLocator - ok
13:36:57.0454 0x12e0  [ 9E3E9631FB576086DE8B17C923EB0B50, 40E57E05C525770021D3B466CEC53848BA160A91AC6E956BB53698C61AE7106F ] RpcSs           C:\Windows\system32\rpcss.dll
13:36:57.0470 0x12e0  RpcSs - detected Trojan.Win32.Patched.pj ( 0 )
13:36:57.0470 0x12e0  RpcSs ( Trojan.Win32.Patched.pj ) - infected
13:36:57.0470 0x12e0  Force sending object to P2P due to detect: RpcSs
13:36:57.0490 0x12e0  Object send P2P result: false
13:36:57.0542 0x12e0  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:36:57.0544 0x12e0  rspndr - ok
13:36:57.0561 0x12e0  [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] SamSs           C:\Windows\system32\lsass.exe
13:36:57.0563 0x12e0  SamSs - ok
13:36:57.0630 0x12e0  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:36:57.0630 0x12e0  SASDIFSV - ok
13:36:57.0674 0x12e0  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:36:57.0676 0x12e0  SASKUTIL - ok
13:36:57.0704 0x12e0  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:36:57.0706 0x12e0  sbp2port - ok
13:36:57.0738 0x12e0  [ 11387E32642269C7E62E8B52C060B3C6, 6225FA14CBDC1D30F2E4CDC2059773DA49C67BE2C00A1DE582E8E07717F20425 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:36:57.0743 0x12e0  SCardSvr - ok
13:36:57.0887 0x12e0  [ 7B587B8A6D4A99F79D2902D0385F29BD, C29F2EE25F7B11E1821832CB7F4F8506C2AB20804D6702CC5EAF5BA1F3FCA972 ] Schedule        C:\Windows\system32\schedsvc.dll
13:36:57.0907 0x12e0  Schedule - ok
13:36:57.0939 0x12e0  [ 87C2D0377B23E2D8A41093C2F5FB1A5B, 94725CD764318461A1163FCD1B507B92490C5F52CB5089E6C7245FD91F2D1D05 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:36:57.0941 0x12e0  SCPolicySvc - ok
13:36:57.0965 0x12e0  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:36:57.0970 0x12e0  SDRSVC - ok
13:36:58.0035 0x12e0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:36:58.0036 0x12e0  secdrv - ok
13:36:58.0092 0x12e0  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
13:36:58.0096 0x12e0  seclogon - ok
13:36:58.0157 0x12e0  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
13:36:58.0162 0x12e0  SENS - ok
13:36:58.0196 0x12e0  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:36:58.0220 0x12e0  Serenum - ok
13:36:58.0251 0x12e0  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
13:36:58.0254 0x12e0  Serial - ok
13:36:58.0320 0x12e0  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:36:58.0322 0x12e0  sermouse - ok
13:36:58.0360 0x12e0  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:36:58.0375 0x12e0  SessionEnv - ok
13:36:58.0388 0x12e0  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:36:58.0390 0x12e0  sffdisk - ok
13:36:58.0398 0x12e0  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:36:58.0399 0x12e0  sffp_mmc - ok
13:36:58.0410 0x12e0  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:36:58.0411 0x12e0  sffp_sd - ok
13:36:58.0456 0x12e0  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:36:58.0457 0x12e0  sfloppy - ok
13:36:58.0511 0x12e0  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:36:58.0520 0x12e0  SharedAccess - ok
13:36:58.0588 0x12e0  [ 1E3FDB80E40A3CE645F229DFBDFB7694, C58D04CB86E314FC768F2729AC77A7097AFA9C80A35D8AB72690B7005E83D1D6 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:36:58.0598 0x12e0  ShellHWDetection - ok
13:36:58.0677 0x12e0  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
13:36:58.0679 0x12e0  sisagp - ok
13:36:58.0728 0x12e0  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
13:36:58.0731 0x12e0  SiSRaid2 - ok
13:36:58.0750 0x12e0  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:36:58.0754 0x12e0  SiSRaid4 - ok
13:36:59.0040 0x12e0  [ 0BA91E1358AD25236863039BB2609A2E, ECB3C8E3D9C6FA77C0CF5A898FB90BB9474C6EFBE3698B56C93ECE44535EDACE ] slsvc           C:\Windows\system32\SLsvc.exe
13:36:59.0121 0x12e0  slsvc - ok
13:36:59.0162 0x12e0  [ 7C6DC44CA0BFA6291629AB764200D1D4, 747CDA89C6F94F8314E5E5C425387ABDF9FF8528D82422F8FF66D96307B47B13 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
13:36:59.0166 0x12e0  SLUINotify - ok
13:36:59.0211 0x12e0  [ 031E6BCD53C9B2B9ACE111EAFEC347B6, B934129BD77CA6A1434C59EA82B5E93FD4089608E0E41242B6E68070A0F33FB8 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:36:59.0229 0x12e0  Smb - ok
13:36:59.0263 0x12e0  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:36:59.0266 0x12e0  SNMPTRAP - ok
13:36:59.0294 0x12e0  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:36:59.0295 0x12e0  spldr - ok
13:36:59.0379 0x12e0  [ 3665F79026A3F91FBCA63F2C65A09B19, A9AAE9B4006B5BC6EF4A7AB4CAB131687E4055E7C56900BBD24F78BA155C458A ] Spooler         C:\Windows\System32\spoolsv.exe
13:36:59.0384 0x12e0  Spooler - ok
13:36:59.0430 0x12e0  SPPD - ok
13:36:59.0491 0x12e0  [ 2252AEF839B1093D16761189F45AF885, D7B79E1B9CD73EDEA855DBE120ED470CC0F67D1AA44038E6051A4C5BCE361DE3 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:36:59.0498 0x12e0  srv - ok
13:36:59.0560 0x12e0  [ B7FF59408034119476B00A81BB53D5D1, 365D8E719D729D56082F5A6EEB65B31EB5DB5D15A5346D05E7130F41F2F97D46 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:36:59.0593 0x12e0  srv2 - ok
13:36:59.0617 0x12e0  [ 2ACCC9B12AF02030F531E6CCA6F8B76E, D1BA17C7BFE02347824DEEB1B7362FD251769ECB92B14EB3C600C85AB7E04D1B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:36:59.0628 0x12e0  srvnet - ok
13:36:59.0658 0x12e0  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:36:59.0664 0x12e0  SSDPSRV - ok
13:36:59.0721 0x12e0  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:36:59.0727 0x12e0  SstpSvc - ok
13:36:59.0782 0x12e0  [ 7DD08A597BC56051F320DA0BAF69E389, ACC59CF80765248705FFCE65DC9B5D072DC054F08C02FB4D16BA0E84D8BED0A4 ] stisvc          C:\Windows\System32\wiaservc.dll
13:36:59.0798 0x12e0  stisvc - ok
13:36:59.0835 0x12e0  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:36:59.0836 0x12e0  swenum - ok
13:36:59.0884 0x12e0  [ B36C7CDB86F7F7A8E884479219766950, F3EA381A84CD6950BF71A56E9ABAD5010F226C5254CB936699A38BA4C85F7367 ] swprv           C:\Windows\System32\swprv.dll
13:36:59.0894 0x12e0  swprv - ok
13:36:59.0943 0x12e0  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
13:36:59.0945 0x12e0  Symc8xx - ok
13:36:59.0957 0x12e0  SymIMMP - ok
13:37:00.0008 0x12e0  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
13:37:00.0009 0x12e0  Sym_hi - ok
13:37:00.0029 0x12e0  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
13:37:00.0030 0x12e0  Sym_u3 - ok
13:37:00.0070 0x12e0  [ 8710A92D0024B03B5FB9540DF1F71F1D, B72A968A7966DC16A1D69A8D53012A4307EEBDC4CB8E1D9C93BFB88D996E490F ] SysMain         C:\Windows\system32\sysmain.dll
13:37:00.0086 0x12e0  SysMain - ok
13:37:00.0115 0x12e0  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:37:00.0119 0x12e0  TabletInputService - ok
13:37:00.0204 0x12e0  [ 680916BB09EE0F3A6ACA7C274B0D633F, 008B6EE41FA4D371258F0A656AE96B3E3F487BE5B9E0654B920013B4F1C0DFD8 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:37:00.0212 0x12e0  TapiSrv - ok
13:37:00.0250 0x12e0  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
13:37:00.0254 0x12e0  TBS - ok
13:37:00.0358 0x12e0  [ 6216A954ED7045B62880A92D6C9B9FC7, 23F702BA152499A8A64B97BAB46B6A638B4479A7E5DF69EAE257D923EA742471 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:37:00.0379 0x12e0  Tcpip - ok
13:37:00.0483 0x12e0  [ 6216A954ED7045B62880A92D6C9B9FC7, 23F702BA152499A8A64B97BAB46B6A638B4479A7E5DF69EAE257D923EA742471 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
13:37:00.0504 0x12e0  Tcpip6 - ok
13:37:00.0562 0x12e0  [ D4A2E4A4B011F3A883AF77315A5AE76B, 29E18087236A592638570F76691BC5C64CCA383F43EE22DF122413860E2D882C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:37:00.0564 0x12e0  tcpipreg - ok
13:37:00.0581 0x12e0  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:37:00.0583 0x12e0  TDPIPE - ok
13:37:00.0605 0x12e0  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:37:00.0607 0x12e0  TDTCP - ok
13:37:00.0620 0x12e0  [ D09276B1FAB033CE1D40DCBDF303D10F, 2CB47CB522B4E1C091DE30AF0EB4E21D321C42D2A5BA9647CBD078652680D8FF ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:37:00.0622 0x12e0  tdx - ok
13:37:00.0698 0x12e0  [ 54D6BC524F1FB026D6EB569581E38885, BFFD86AE8C675B96851E8F0CE5D507967EA80ACA753A6CF30C7C0D2E2584D007 ] TelevisionFanaticService C:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exe
13:37:00.0701 0x12e0  TelevisionFanaticService - ok
13:37:00.0751 0x12e0  [ A048056F5E1A96A9BF3071B91741A5AA, CFDE51D106A6CC4A5638BCD458505F5831636D2203F7C949273BDA446AC7C5F3 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:37:00.0753 0x12e0  TermDD - ok
13:37:00.0800 0x12e0  [ D605031E225AACCBCEB5B76A4F1603A6, 27D78644CADBC11C3AB5E0C10F854FD43BCD43B6E91C1ED1F6D35BC501147701 ] TermService     C:\Windows\System32\termsrv.dll
13:37:00.0815 0x12e0  TermService - ok
13:37:00.0854 0x12e0  [ 1E3FDB80E40A3CE645F229DFBDFB7694, C58D04CB86E314FC768F2729AC77A7097AFA9C80A35D8AB72690B7005E83D1D6 ] Themes          C:\Windows\system32\shsvcs.dll
13:37:00.0863 0x12e0  Themes - ok
13:37:00.0919 0x12e0  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
13:37:00.0922 0x12e0  THREADORDER - ok
13:37:00.0970 0x12e0  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
13:37:00.0975 0x12e0  TrkWks - ok
13:37:01.0027 0x12e0  [ 16613A1BAD034D4ECF957AF18B7C2FF5, 75499618187ED4385984F608D134BB298A4CCB339F70B31E4A8B2CF3E3558396 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:37:01.0029 0x12e0  TrustedInstaller - ok
13:37:01.0066 0x12e0  [ DCF0F056A2E4F52287264F5AB29CF206, D9F770BD65AE4320A8C130DEA1D093AA4E37FCA573BBE6A59D6D045452EA711D ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:37:01.0068 0x12e0  tssecsrv - ok
13:37:01.0095 0x12e0  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
13:37:01.0096 0x12e0  tunmp - ok
13:37:01.0154 0x12e0  [ 6042505FF6FA9AC1EF7684D0E03B6940, D09CF14A6C0C760238792DDA4ECB6FBB6CA645BB91BD62585EBD050226BDB5A7 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:37:01.0172 0x12e0  tunnel - ok
13:37:01.0208 0x12e0  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:37:01.0211 0x12e0  uagp35 - ok
13:37:01.0235 0x12e0  [ 8B5088058FA1D1CD897A2113CCFF6C58, 1616EDB66C3E2DA7B09EA4FE46A3FC7087D6201F2195D76118A93B0B065D1623 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:37:01.0245 0x12e0  udfs - ok
13:37:01.0306 0x12e0  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:37:01.0311 0x12e0  UI0Detect - ok
13:37:01.0370 0x12e0  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:37:01.0402 0x12e0  uliagpkx - ok
13:37:01.0468 0x12e0  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
13:37:01.0482 0x12e0  uliahci - ok
13:37:01.0520 0x12e0  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
13:37:01.0525 0x12e0  UlSata - ok
13:37:01.0589 0x12e0  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
13:37:01.0594 0x12e0  ulsata2 - ok
13:37:01.0624 0x12e0  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:37:01.0626 0x12e0  umbus - ok
13:37:01.0665 0x12e0  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
13:37:01.0678 0x12e0  upnphost - ok
13:37:01.0737 0x12e0  [ CAF811AE4C147FFCD5B51750C7F09142, BD670CF88D8F932AD1C6BA91FB68A7204BC473657C6A057C92AFB84D164D393C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:37:01.0740 0x12e0  usbccgp - ok
13:37:01.0824 0x12e0  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:37:01.0827 0x12e0  usbcir - ok
13:37:01.0863 0x12e0  [ CEBE90821810E76320155BEBA722FCF9, AD27B032520BE2A45690DD1AFDDA632B934AB7F815CD313B19CD692790C761D8 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:37:01.0887 0x12e0  usbehci - ok
13:37:01.0963 0x12e0  [ CC6B28E4CE39951357963119CE47B143, 0BC653B51A33709AADD8B5A2B8102DBCB3C1EE14BDDF4C58813FDCA43FF7C1B2 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:37:01.0981 0x12e0  usbhub - ok
13:37:02.0013 0x12e0  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:37:02.0014 0x12e0  usbohci - ok
13:37:02.0040 0x12e0  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:37:02.0057 0x12e0  usbprint - ok
13:37:02.0088 0x12e0  [ A508C9BD8724980512136B039BBA65E9, B39B72471C468AC997AEC528599EDC98A031F5A7EB91C4F9471402D48D2D4E3E ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
13:37:02.0089 0x12e0  usbscan - ok
13:37:02.0107 0x12e0  [ 87BA6B83C5D19B69160968D07D6E2982, 9E039DF4BBE53CA22A0ACE486B9867F99FFFE086CCAF6A83BD78770E4631F3F8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:37:02.0109 0x12e0  USBSTOR - ok
13:37:02.0162 0x12e0  [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:37:02.0163 0x12e0  usbuhci - ok
13:37:02.0185 0x12e0  [ 032A0ACC3909AE7215D524E29D536797, 51E36ED5953C0880BE508837181925A0F677842E8A5BA98099700E6ED691A783 ] UxSms           C:\Windows\System32\uxsms.dll
13:37:02.0189 0x12e0  UxSms - ok
13:37:02.0313 0x12e0  [ B13BC395B9D6116628F5AF47E0802AC4, 36E023A07E56588A8C26EF95E4F99303659E4783E0D9E8AEF193CA77A7AF91BA ] vds             C:\Windows\System32\vds.exe
13:37:02.0323 0x12e0  vds - ok
13:37:02.0364 0x12e0  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:37:02.0366 0x12e0  vga - ok
13:37:02.0377 0x12e0  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:37:02.0378 0x12e0  VgaSave - ok
13:37:02.0394 0x12e0  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
13:37:02.0395 0x12e0  viaagp - ok
13:37:02.0413 0x12e0  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
13:37:02.0415 0x12e0  ViaC7 - ok
13:37:02.0456 0x12e0  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
13:37:02.0457 0x12e0  viaide - ok
13:37:02.0499 0x12e0  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:37:02.0501 0x12e0  volmgr - ok
13:37:02.0538 0x12e0  [ 98F5FFE6316BD74E9E2C97206C190196, CA9FA0EE5515D26F9406FF95F728E7F2CC29A8B7C97BC69FC2E95BBC60A2D261 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:37:02.0545 0x12e0  volmgrx - ok
13:37:02.0656 0x12e0  [ D8B4A53DD2769F226B3EB374374987C9, 49314B3E53FBF40A60E272C5B3B79FD1EFABFE1215DA5B030571B4DDF5592896 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:37:02.0663 0x12e0  volsnap - ok
13:37:02.0706 0x12e0  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:37:02.0710 0x12e0  vsmraid - ok
13:37:02.0900 0x12e0  [ D5FB73D19C46ADE183F968E13F186B23, D35432BE4FF462FCEA958CF646D5572B6D78058BC2F1F324C9F50A0B14B02259 ] VSS             C:\Windows\system32\vssvc.exe
13:37:02.0926 0x12e0  VSS - ok
13:37:03.0010 0x12e0  [ 1CF9206966A8458CDA9A8B20DF8AB7D3, 405D5FE96DA7ED03D4124EF6C692F80E88E5982B90DF46E353E94FFF576A5570 ] W32Time         C:\Windows\system32\w32time.dll
13:37:03.0027 0x12e0  W32Time - ok
13:37:03.0077 0x12e0  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:37:03.0078 0x12e0  WacomPen - ok
13:37:03.0083 0x12e0  Wajam Internet Enhancer Service - ok
13:37:03.0103 0x12e0  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
13:37:03.0106 0x12e0  Wanarp - ok
13:37:03.0114 0x12e0  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:37:03.0116 0x12e0  Wanarpv6 - ok
13:37:03.0185 0x12e0  [ F3A5C2E1A6533192B070D06ECF6BE796, CBA11D9E60A04A0B82C6934A53EA859513CD476FF047DD3D59727B10CE7DB2DA ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:37:03.0200 0x12e0  wcncsvc - ok
13:37:03.0225 0x12e0  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:37:03.0229 0x12e0  WcsPlugInService - ok
13:37:03.0255 0x12e0  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
13:37:03.0257 0x12e0  Wd - ok
13:37:03.0298 0x12e0  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96, 6A6EFFDB538DE1E201058A00F3E056F1256E92EED943FBFBCE28E54BE751E33D ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:37:03.0348 0x12e0  Wdf01000 - ok
13:37:03.0384 0x12e0  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:37:03.0389 0x12e0  WdiServiceHost - ok
13:37:03.0403 0x12e0  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:37:03.0408 0x12e0  WdiSystemHost - ok
13:37:03.0456 0x12e0  [ CF9A5F41789B642DB967021DE06A2713, A541F9D87CBDE2A4E48C5D5363736EF603B2701741D3044232474F179884AD7B ] WebClient       C:\Windows\System32\webclnt.dll
13:37:03.0463 0x12e0  WebClient - ok
13:37:03.0558 0x12e0  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:37:03.0564 0x12e0  Wecsvc - ok
13:37:03.0602 0x12e0  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:37:03.0606 0x12e0  wercplsupport - ok
13:37:03.0652 0x12e0  [ FD1965AAA112C6818A30AB02742D0461, 6779D836934412907390DC85FA2A8C3BB1CC31FD4151830275B773FD13CFFBC2 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:37:03.0658 0x12e0  WerSvc - ok
13:37:03.0812 0x12e0  [ 72CC6A8CA7891031D6380DB5025C773C, 33D5021C3A2FE8E9F6E2C22F4777E1D82A6B3998EB857B618A3C8838D3C8B03E ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:37:03.0831 0x12e0  winachsf - ok
13:37:03.0935 0x12e0  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
13:37:03.0953 0x12e0  WinDefend - ok
13:37:03.0963 0x12e0  WinHttpAutoProxySvc - ok
13:37:04.0057 0x12e0  [ 00B79A7C984678F24CF052E5BEB3A2F5, 4D8E4394C926D2B1C71613D309F2D62A663B0ADB73A036F5E9E7D1AFF605CA2A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:37:04.0063 0x12e0  Winmgmt - ok
13:37:04.0317 0x12e0  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:37:04.0364 0x12e0  WinRM - ok
13:37:04.0541 0x12e0  [ 275F4346E569DF56CFB95243BD6F6FF0, 9C85246BF99119DBD6E0B5D38F96B8BC00F3C87618D17BC0E0A063A0D9A03440 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:37:04.0600 0x12e0  Wlansvc - ok
13:37:04.0656 0x12e0  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:37:04.0659 0x12e0  WmiAcpi - ok
13:37:04.0755 0x12e0  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D, 07C1DAF3DA3CDA84FBE4C7576372115FCAAAAFC332F252C03625E53C7F3C6EE5 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:37:04.0759 0x12e0  wmiApSrv - ok
13:37:04.0865 0x12e0  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
13:37:04.0916 0x12e0  WMPNetworkSvc - ok
13:37:05.0020 0x12e0  [ 5D94CD167751294962BA238D82DD1BB8, 62C7A31706F1C33A2C1C68006191AEE85A98885D23EC582EF2F88AAF604AC9A7 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:37:05.0028 0x12e0  WPCSvc - ok
13:37:05.0056 0x12e0  [ 396D406292B0CD26E3504FFE82784702, 5F9015BB515AC13D4DFE8F4B532352CF2C5B61DEFD3D0D61BCD82C781D36E7AF ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:37:05.0061 0x12e0  WPDBusEnum - ok
13:37:05.0116 0x12e0  [ 0CEC23084B51B8288099EB710224E955, E1AAB1E08E1745313D0A149A645AA878148D2DBE5CCC23C4ECCFC5003945C22B ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
13:37:05.0118 0x12e0  WpdUsb - ok
13:37:05.0549 0x12e0  [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:37:05.0576 0x12e0  WPFFontCache_v0400 - ok
13:37:05.0615 0x12e0  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:37:05.0616 0x12e0  ws2ifsl - ok
13:37:05.0655 0x12e0  [ 683DD16B590372F2C9661D277F35E49C, 29D86389D95256EEF37BA01D403494385015D926E851A39EC7948FF6EF4E8481 ] wscsvc          C:\Windows\System32\wscsvc.dll
13:37:05.0662 0x12e0  wscsvc - ok
13:37:05.0669 0x12e0  WSearch - ok
13:37:05.0865 0x12e0  [ 6298277B73C77FA99106B271A7525163, 9E076697F025167B57D8D66ED0862B184D70324E058BFA36E42D0C6728720B31 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:37:05.0982 0x12e0  wuauserv - ok
13:37:06.0051 0x12e0  [ AC13CB789D93412106B0FB6C7EB2BCB6, 8F5B0BD0CBBAB182A400F8994D4727BC0C978D749B6429A2D41B412AE97428B6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:37:06.0055 0x12e0  WUDFRd - ok
13:37:06.0119 0x12e0  [ 575A4190D989F64732119E4114045A4F, 373C344B106AFDB1E6125A21DFE28CA6CFC77FA87FE904656A4F209DB2ED69C7 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:37:06.0126 0x12e0  wudfsvc - ok
13:37:06.0155 0x12e0  [ DAB33CFA9DD24251AAA389FF36B64D4B, 1C5D7C3D6C3552BDD52EB7E76031746D7DAAF64CA2432CC23329DA72BE7252D0 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
13:37:06.0164 0x12e0  XAudio - ok
13:37:06.0274 0x12e0  [ CD5F291A1161F15896D1A4D63DAFF5DF, 4F30DC454F255249431FCD14DE17858A79A088A4084F2CEDD0CF25382D427285 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
13:37:06.0288 0x12e0  XAudioService - ok
13:37:06.0305 0x12e0  ================ Scan global ===============================
13:37:06.0352 0x12e0  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
13:37:06.0440 0x12e0  [ F42F8855CB5C22E203C6672B124F17FD, 3A1BBCC916A02CFB5621FD32B336DDACCFBFB4E418B7FA48653DF2FA1CF563A5 ] C:\Windows\system32\winsrv.dll
13:37:06.0557 0x12e0  [ F42F8855CB5C22E203C6672B124F17FD, 3A1BBCC916A02CFB5621FD32B336DDACCFBFB4E418B7FA48653DF2FA1CF563A5 ] C:\Windows\system32\winsrv.dll
13:37:06.0634 0x12e0  [ 2B336AB6286D6C81FA02CBAB914E3C6C, C5ADF6D5BFC00375BA6D0E5D96F36D36ADFBF66325A48358C6317E387FB220EC ] C:\Windows\system32\services.exe
13:37:06.0667 0x12e0  [ Global ] - ok
13:37:06.0668 0x12e0  ================ Scan MBR ==================================
13:37:06.0680 0x12e0  [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
13:37:07.0338 0x12e0  \Device\Harddisk0\DR0 - ok
13:37:07.0344 0x12e0  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5
13:37:07.0455 0x12e0  \Device\Harddisk5\DR5 - ok
13:37:07.0455 0x12e0  ================ Scan VBR ==================================
13:37:07.0459 0x12e0  [ F7F91627DC70263D5FE0213A20ED8004 ] \Device\Harddisk0\DR0\Partition1
13:37:07.0518 0x12e0  \Device\Harddisk0\DR0\Partition1 - ok
13:37:07.0557 0x12e0  [ 0E6551BA12E928804B89E3EE304398F7 ] \Device\Harddisk0\DR0\Partition2
13:37:07.0566 0x12e0  \Device\Harddisk0\DR0\Partition2 - ok
13:37:07.0572 0x12e0  [ 5CE38D2D872DEA6A3A3483AAE92EE0F3 ] \Device\Harddisk5\DR5\Partition1
13:37:07.0573 0x12e0  \Device\Harddisk5\DR5\Partition1 - ok
13:37:07.0574 0x12e0  ================ Scan generic autorun ======================
13:37:07.0674 0x12e0  [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
13:37:07.0866 0x12e0  Windows Defender - ok
13:37:08.0264 0x12e0  [ 361CD47DC5BD83EE24407903233B0D9A, 95C5C141E167EB602D6DF7D737DDCBAA89C23A34248CCDF028C5A0086C80EDCB ] C:\Windows\RtHDVCpl.exe
13:37:08.0459 0x12e0  RtHDVCpl - ok
13:37:08.0523 0x12e0  [ 9A4322EE420D6FACD4D4B1FF6CB856B1, 527BF61885161B8D93C317CAC1FC8B8A709F0D4AF3599A000C82FE861D6019EF ] c:\hp\support\hpsysdrv.exe
13:37:08.0527 0x12e0  hpsysdrv - ok
13:37:08.0606 0x12e0  [ 7088B136BB58A5F95CF0DE8386CA6C0F, 7136F482C3795B6A18F4315FD9F01C88CD0372C4B4E3B6CE994402459D7BEDC9 ] C:\HP\KBD\KbdStub.EXE
13:37:08.0609 0x12e0  KBD - ok
13:37:08.0638 0x12e0  [ B1361669BDC6ED612C35B7C67ADA2240, 85ECCA86F7FFD69A0B6BDDC6844FB2E935744B8A825DEAE160180833C556B08B ] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
13:37:08.0643 0x12e0  OsdMaestro - ok
13:37:08.0774 0x12e0  [ B3E0C20A53D6A55590468B33AA9BC525, 162B848C258B333FE0E8A01B74C6CD602EAAFEBB40838F2987EF4DFF6D589A80 ] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
13:37:08.0779 0x12e0  IAAnotif - ok
13:37:08.0845 0x12e0  [ 767B74C5242D0F33E610F31A2363D7F6, DBEEC3E5CDAA0D6774293C18841A8E8272D4280774E2BA26FC4C9F92707AD5B9 ] C:\Windows\system32\igfxtray.exe
13:37:08.0856 0x12e0  IgfxTray - ok
13:37:08.0872 0x12e0  [ 409E5B10053382C9D339BAEAA6584999, D3E341E15DC67DC1C25E01C63970F5DA9AF982E9950E452A4CC95B5A7778ED00 ] C:\Windows\system32\hkcmd.exe
13:37:08.0878 0x12e0  HotKeysCmds - ok
13:37:08.0929 0x12e0  [ B76195C8E8845FF2A8FA658709345DE2, 16CA9C9A6CA91F3A120DA8179CDAF8D90FA2DCA14CE1E7FF3D4E17A954EDE624 ] C:\Windows\system32\igfxpers.exe
13:37:08.0934 0x12e0  Persistence - ok
13:37:08.0938 0x12e0  HP Health Check Scheduler - ok
13:37:09.0026 0x12e0  [ 689C6EA7A17B3AE0F2A0151465EF311E, 58DEA4E4F845D334CBFFA8896D17E97BFEAB08814D650B46353A5FA95808ED7C ] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
13:37:09.0030 0x12e0  SunJavaUpdateSched - ok
13:37:09.0151 0x12e0  [ FD278E51A7D6F52D22FCE6C67E037AD6, F0FF20E00AD3EE17A2E46B1B6D099E87330BBE57941F6DB1D8159D70EFD2CFEB ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:37:09.0183 0x12e0  Sidebar - ok
13:37:09.0191 0x12e0  WindowsWelcomeCenter - ok
13:37:09.0302 0x12e0  [ FD278E51A7D6F52D22FCE6C67E037AD6, F0FF20E00AD3EE17A2E46B1B6D099E87330BBE57941F6DB1D8159D70EFD2CFEB ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:37:09.0335 0x12e0  Sidebar - ok
13:37:09.0346 0x12e0  WindowsWelcomeCenter - ok
13:37:09.0553 0x12e0  [ FD278E51A7D6F52D22FCE6C67E037AD6, F0FF20E00AD3EE17A2E46B1B6D099E87330BBE57941F6DB1D8159D70EFD2CFEB ] C:\Program Files\Windows Sidebar\sidebar.exe
13:37:09.0596 0x12e0  Sidebar - ok
13:37:09.0859 0x12e0  [ E6D768E2E36C4B92E6CCDAECE133BBCB, 192E0F3C2FED901A052960EBE0AFCB850EFA50E5DEA6A3D57A49C38FC3A033AC ] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
13:37:09.0891 0x12e0  HPAdvisor - ok
13:37:09.0977 0x12e0  [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
13:37:09.0982 0x12e0  ehTray.exe - ok
13:37:10.0257 0x12e0  Google Update - ok
13:37:11.0141 0x12e0  [ CC78200C3ECFFA178E78308A0E160D80, 4E02D6827A99401781032A397663770FA7BE56397AA20F6E2FACE0A0004109C5 ] C:\Users\Pat\AppData\Local\Akamai\netsession_win.exe
13:37:11.0498 0x12e0  Akamai NetSession Interface - ok
13:37:11.0555 0x12e0  [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
13:37:11.0559 0x12e0  WMPNSCFG - ok
13:37:11.0587 0x12e0  EA Core - ok
13:37:12.0222 0x12e0  [ 3A3DA76220AF37207B80F7D7405A1D70, 67B99CA03DF0E19AE18A058C514E86D2BB89EBFEB705E78C494E165285B341B7 ] C:\Program Files\Origin\Origin.exe
13:37:12.0377 0x12e0  EADM - ok
13:37:12.0502 0x12e0  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
13:37:12.0503 0x12e0  swg - ok
13:37:12.0595 0x12e0  [ 39C0E2667F4DFBE4EC25CCEAA16084D6, 40A5E72F4D15DAA5F84B9900E756CCFE33200B021B0FFADB2772E2C3EDCBBFA0 ] C:\Program Files\Fast Browser\Application\chrome.exe
13:37:12.0660 0x12e0  GoogleChromeAutoLaunch_E7E74011083E2C909EDA19AC484563C2 - ok
13:37:12.0713 0x12e0  [ 9781B464C09F97F0B03A9D86A06AD373, AF77C026AFE022E1052D5407EF56003189DFA4F2A5B9F632198AD74E67190C1C ] C:\Users\Pat\AppData\Local\Search Protect\spro.exe
13:37:12.0719 0x12e0  Search Protect - ok
13:37:12.0859 0x12e0  [ 707B14667FB21DB84F9B0A70D75F7C53, 83EF18ABB3D3FCE5884A00BE87984343E5DFE571D69D5F42A3ECDAEC22F5D526 ] C:\Program Files\ATT-SST\McciBrowser.exe
13:37:12.0922 0x12e0  ATT-SST - ok
13:37:13.0278 0x12e0  [ E468E50FBB7C623E1357F111BA62045B, 2D9BC1DCDF80D7B942A42AECA3E949D8E2A58A8C9CC39DCA4D35E1D085F8B401 ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
13:37:13.0559 0x12e0  SUPERAntiSpyware - ok
13:37:13.0676 0x12e0  [ FD278E51A7D6F52D22FCE6C67E037AD6, F0FF20E00AD3EE17A2E46B1B6D099E87330BBE57941F6DB1D8159D70EFD2CFEB ] C:\Program Files\Windows Sidebar\sidebar.exe
13:37:13.0702 0x12e0  Sidebar - ok
13:37:13.0710 0x12e0  WindowsWelcomeCenter - ok
13:37:13.0753 0x12e0  [ E6D768E2E36C4B92E6CCDAECE133BBCB, 192E0F3C2FED901A052960EBE0AFCB850EFA50E5DEA6A3D57A49C38FC3A033AC ] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
13:37:13.0832 0x12e0  HPADVISOR - ok
13:37:13.0859 0x12e0  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
13:37:13.0866 0x12e0  Win FW state via NFP2: enabled
13:37:13.0867 0x12e0  ============================================================
13:37:13.0867 0x12e0  Scan finished
13:37:13.0867 0x12e0  ============================================================
13:37:13.0880 0x1788  Detected object count: 2
13:37:13.0880 0x1788  Actual detected object count: 2
13:37:26.0236 0x1788  DcomLaunch ( Trojan.Win32.Patched.pj ) - skipped by user
13:37:26.0236 0x1788  DcomLaunch ( Trojan.Win32.Patched.pj ) - User select action: Skip
13:37:26.0239 0x1788  RpcSs ( Trojan.Win32.Patched.pj ) - skipped by user
13:37:26.0239 0x1788  RpcSs ( Trojan.Win32.Patched.pj ) - User select action: Skip
13:37:37.0939 0x09e8  Deinitialize success
 


  • 0

#6
kepayne228

kepayne228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Thanks Adam! The FRST scan ran twice on the computer. Maybe I clicked scan twice? Should I post the logs the second scan made?


  • 0

#7
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hello Keisha,

 

No need to post the second set of logs. Please do the following. 


xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Search

  • Right-Click FRST.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Type the following text into the Search: textbox:
    rpcss.dll
  • Click on the Search File(s) button.
  • Upon completion, a log (Search.txt) will be open, and saved in the same location as FRST.exe.  
  • Copy the contents of the log and paste in your next reply.

  • 0

#8
kepayne228

kepayne228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Pat at 2014-09-16 14:28:19
Running from C:\Users\Pat\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[2009-04-17 19:35][2009-03-02 21:32] 0551424 ____A (Microsoft Corporation) 4DFCBDEF3CCAA98F99038DED78945253 [File is signed]

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[2009-04-17 19:35][2009-03-02 21:39] 0551424 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
[2008-01-20 19:24][2008-01-20 19:24] 0547328 ____A (Microsoft Corporation) 33FB1F0193EE2051067441492D56113C [File is signed]

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
[2009-04-17 19:35][2009-03-02 21:17] 0550400 ____A (Microsoft Corporation) B1BB45E24717A7F790B4411C4446EF5E [File is signed]

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[2009-04-17 19:35][2009-03-02 21:19] 0549888 ____A (Microsoft Corporation) 7B981222A257D076885BFFB66F19B7CE [File is signed]

C:\Windows\System32\rpcss.dll
[2009-04-17 19:35][2009-03-02 21:39] 0551424 ____A (Microsoft Corporation) 9E3E9631FB576086DE8B17C923EB0B50

C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[2009-11-27 14:21][2009-04-10 23:28] 0550400 ____A (Microsoft Corporation) 3B5B4D53FEC14F7476CA29A20CC31AC9 [File is signed]

=== End Of Search ===


  • 0

#9
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hi Keisha, 

 

Please do the following. 

 

STEP 1
xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll C:\Windows\System32\rpcss.dll
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
BY4dvz9.png.pagespeed.ce.cpqHQmQDB6.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 3
xE3feWj5.png.pagespeed.ic.JE3sJIzHrn.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 4
xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================

STEP 5
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • AdwCleaner[S0].txt
  • JRT.txt
  • FRST.txt
  • Addition.txt

  • 0

#10
kepayne228

kepayne228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Adam, after doing step 2, the computer is taking an awfully long time to reboot/doesn't seem to be rebooting. I am sending this post from my own laptop in case you are wondering.


  • 0

Advertisements


#11
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hello, 

 

Did your computer reboot after performing STEP 1? Or did you go straight on to STEP 2? 


  • 0

#12
kepayne228

kepayne228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

I went straight to step 2. A log was created for step 1 and there was no reboot. I went to step 2


Edited by kepayne228, 16 September 2014 - 06:17 PM.

  • 0

#13
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hello, 

 

You'll need a USB drive for this. 

 

STEP 1
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png FRST Recovery Environment Scan

  • Please download Farbar Recovery Scan Tool 32-Bit to your USB drive using a clean PC.
  • Insert the USB drive into the infected PC
  • Enter the Recovery Environment using one of the two options below.

Option #1: Enter Recovery Environment (Windows 7/Vista)

  • Restart the infected computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select your the keyboard language settings, and then click Next.
  • Select the operating system you wish to repair, and then click Next.
  • Select your user account, and then click Next.
     

Option #2: Enter Recovery Environment (Windows Installation Disc)

  • Insert your Windows installation disc.
  • Restart your computer.
  • Configure your infected PC to boot from CD/DVD. Instructions on how to do this can be found here.
  • If prompted, press any key to start Windows from the installation disc.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the Operating System you want to repair, and then click Next.
  • Select your user account, and then click Next.
     

Advanced Boot Options Menu

  • Select Command Prompt.
  • In the command window type notepad and press Enter on your keyboard.
  • Notepad will open. Click File and select Open
  • Select Computer, write down your USB drive letter on a piece of paper and close notepad.
  • In the command window type: x:\frst.exe depending on your system's bit type.
    • Note: Replace letter x with the drive letter of your USB drive you wrote down earlier.
  • Press Enter on your keyboard. The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Press the Scan button.
  • It will create a log (FRST.txt) on the USB drive. Using your clean PC, please copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 2
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt

  • 0

#14
kepayne228

kepayne228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Thanks Adam, here is the new scan

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by SYSTEM on MINWINPC on 16-09-2014 17:32:52
Running from f:\
Platform: Windows Vista ™ Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [132760 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [IPInSightMonitor 01] => C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe [122880 2005-08-10] (Visual Networks)
HKLM\...\Run: [IPInSightLAN 01] => C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe [380928 2005-08-10] (Visual Networks)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\McciTrayApp.exe [1573888 2010-07-27] (Alcatel-Lucent)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [ShopAtHomeWatcher] => C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [140944 2013-08-20] (ShopAtHome.com)
HKLM\...\Run: [ShopAtHomeUpdater] => C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [179856 2013-08-20] (ShopAtHome.com)
HKLM\...\Run: [TelevisionFanatic EPM Support] => "C:\PROGRA~1\TELEVI~2\bar\1.bin\64medint.exe" T8EPMSUP.DLL,S
HKLM\...\Run: [TelevisionFanatic Home Page Guard 32 bit] => "C:\PROGRA~1\TELEVI~2\bar\1.bin\AppIntegrator.exe"
HKLM\...\Run: [TelevisionFanatic Search Scope Monitor] => "C:\PROGRA~1\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] => C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [1090952 2010-04-29] (Malwarebytes Corporation)
HKLM\...\Run: [fst_us_203] => [X]
HKLM\...\Run: [SBRegRebootCleaner] => C:\VIPRERESCUE\SBRC.exe [202128 2013-09-30] (ThreatTrack Security, Inc.)
HKLM\...\Run: [{04db920b-6fa4-db47-4ffb-55416ab0330d}] => C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}\{04db920b-6fa4-db47-4ffb-55416ab0330d}.exe [184876 2014-09-16] ()
HKLM\...\Policies\Explorer\Run: [{04db920b-6fa4-db47-4ffb-55416ab0330d}] => C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}\{04db920b-6fa4-db47-4ffb-55416ab0330d}.exe [184876 2014-09-16] ( ())
HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [942080 2008-01-18] (Hewlett-Packard)
HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [942080 2008-01-18] (Hewlett-Packard)
HKU\Morgan\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Morgan\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [942080 2008-01-18] (Hewlett-Packard)
HKU\Pat\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [942080 2008-01-18] (Hewlett-Packard)
HKU\Pat\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Pat\...\Run: [Google Update] => "C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\Pat\...\Run: [Akamai NetSession Interface] => C:\Users\Pat\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\Pat\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Pat\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\Pat\...\Run: [EADM] => C:\Program Files\Origin\Origin.exe [3588952 2014-04-04] (Electronic Arts)
HKU\Pat\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-12] (Google Inc.)
HKU\Pat\...\Run: [GoogleChromeAutoLaunch_E7E74011083E2C909EDA19AC484563C2] => C:\Program Files\Fast Browser\Application\chrome.exe [713728 2014-03-22] (Fast Browser)
HKU\Pat\...\Run: [Search Protect] => C:\Users\Pat\AppData\Local\Search Protect\spro.exe [225792 2014-04-12] (Home)
HKU\Pat\...\Run: [ATT-SST] => C:\Program Files\ATT-SST\McciBrowser.exe [1057792 2011-09-09] (Alcatel-Lucent)
HKU\Pat\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6690072 2014-09-09] (SUPERAntiSpyware)
HKU\Pat\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [35481 2014-09-16] ()
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S2 pcServiceHost; C:\Program Files\Common Files\Motive\pcServiceHost.exe [342528 2013-04-01] (Alcatel-Lucent)
S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [X]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 RpcSs; %SystemRoot%\system32\rpcss.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-03-12] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-03-12] (Printing Communications Assoc., Inc. (PCAUSA))
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 IPVNMon; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 15:58 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\System32\sqlite3.dll
2014-09-16 15:56 - 2014-09-16 16:00 - 00000000 ____D () C:\AdwCleaner
2014-09-16 15:56 - 2014-09-16 15:52 - 01373475 _____ () C:\Users\Pat\Desktop\AdwCleaner.exe
2014-09-16 13:28 - 2014-09-16 13:30 - 00001899 _____ () C:\Users\Pat\Desktop\Search.txt
2014-09-16 12:33 - 2014-09-16 12:33 - 00050615 _____ () C:\Users\Pat\Desktop\FRST 9-14 132.txt
2014-09-16 12:32 - 2014-09-16 12:32 - 00053589 _____ () C:\Users\Pat\Desktop\Addition 9-14 132.txt
2014-09-16 12:31 - 2014-09-16 12:31 - 00054835 _____ () C:\Users\Pat\Desktop\Addition 9-14 131.txt
2014-09-16 12:31 - 2014-09-16 12:31 - 00051102 _____ () C:\Users\Pat\Desktop\FRST 9-16 131.txt
2014-09-16 12:27 - 2014-09-16 12:32 - 00053589 _____ () C:\Users\Pat\Desktop\Addition.txt
2014-09-16 12:23 - 2014-09-16 15:40 - 00000000 ____D () C:\FRST
2014-09-16 12:23 - 2014-09-16 12:32 - 00050615 _____ () C:\Users\Pat\Desktop\FRST.txt
2014-09-16 12:23 - 2014-09-15 09:45 - 01097728 _____ (Farbar) C:\Users\Pat\Desktop\FRST.exe
2014-09-16 12:21 - 2014-09-15 09:47 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Pat\Desktop\tdsskiller.exe
2014-09-16 12:21 - 2014-09-15 09:46 - 02105856 _____ (Farbar) C:\Users\Pat\Desktop\FRST64.exe
2014-09-14 20:37 - 2014-09-14 20:37 - 00042262 _____ () C:\Users\Pat\Desktop\otl extra.txt
2014-09-14 20:31 - 2014-09-14 20:31 - 01109072 _____ () C:\Users\Pat\Desktop\OTL.Txt
2014-09-14 18:45 - 2014-09-14 18:45 - 00000000 ____D () C:\SUPERDelete
2014-09-14 18:44 - 2014-09-14 18:44 - 00001802 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-09-14 18:44 - 2014-09-14 18:44 - 00001802 _____ () C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-09-14 18:44 - 2014-09-14 18:44 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\SUPERAntiSpyware.com
2014-09-14 18:43 - 2014-09-14 19:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-14 18:43 - 2014-09-14 18:43 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-09-14 13:45 - 2013-09-04 13:57 - 00024040 _____ (ThreatTrack Security) C:\Windows\System32\Drivers\gfiutil.sys
2014-09-14 13:45 - 2013-05-23 07:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\System32\Drivers\gfiark.sys
2014-09-14 13:44 - 2014-09-14 17:25 - 00000000 ____D () C:\VIPRERESCUE
2014-09-14 12:53 - 2014-09-14 13:26 - 168402944 _____ () C:\Users\Pat\Downloads\VIPRERescue33104.exe
2014-09-14 12:41 - 2014-09-14 12:41 - 00000000 _____ () C:\Users\Pat\Downloads\OTL.scr
2014-09-14 12:41 - 2014-09-14 12:41 - 00000000 _____ () C:\Users\Pat\Downloads\OTL.com
2014-09-14 12:13 - 2014-09-14 12:13 - 00000000 ____D () C:\Program Files\dowiNloaditKeep
2014-09-13 08:30 - 2014-09-14 12:11 - 00000000 ____D () C:\ProgramData\ShoppingDealFactory
2014-09-13 08:23 - 2014-09-13 08:23 - 00000000 ____D () C:\Windows\System32\EventProviders
2014-08-31 22:10 - 2014-09-14 17:36 - 00000000 ____D () C:\ProgramData\dowiNloaditKeep

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 16:02 - 2008-01-20 18:47 - 00199018 _____ () C:\Windows\PFRO.log
2014-09-16 16:01 - 2008-05-28 20:26 - 01827463 _____ () C:\Windows\WindowsUpdate.log
2014-09-16 16:01 - 2006-11-02 04:47 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-16 16:01 - 2006-11-02 04:47 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-16 16:00 - 2014-09-16 15:56 - 00000000 ____D () C:\AdwCleaner
2014-09-16 16:00 - 2008-05-28 20:33 - 00000000 ____D () C:\Users\Pat\Local Settings\Application Data\Temp
2014-09-16 15:52 - 2014-09-16 15:56 - 01373475 _____ () C:\Users\Pat\Desktop\AdwCleaner.exe
2014-09-16 15:40 - 2014-09-16 12:23 - 00000000 ____D () C:\FRST
2014-09-16 13:30 - 2014-09-16 13:28 - 00001899 _____ () C:\Users\Pat\Desktop\Search.txt
2014-09-16 12:48 - 2014-03-31 14:29 - 00000000 ___RD () C:\Users\Pat\Dropbox
2014-09-16 12:48 - 2014-03-31 14:26 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Dropbox
2014-09-16 12:45 - 2013-06-07 15:00 - 00000000 ____D () C:\ProgramData\Origin
2014-09-16 12:33 - 2014-09-16 12:33 - 00050615 _____ () C:\Users\Pat\Desktop\FRST 9-14 132.txt
2014-09-16 12:32 - 2014-09-16 12:32 - 00053589 _____ () C:\Users\Pat\Desktop\Addition 9-14 132.txt
2014-09-16 12:32 - 2014-09-16 12:27 - 00053589 _____ () C:\Users\Pat\Desktop\Addition.txt
2014-09-16 12:32 - 2014-09-16 12:23 - 00050615 _____ () C:\Users\Pat\Desktop\FRST.txt
2014-09-16 12:31 - 2014-09-16 12:31 - 00054835 _____ () C:\Users\Pat\Desktop\Addition 9-14 131.txt
2014-09-16 12:31 - 2014-09-16 12:31 - 00051102 _____ () C:\Users\Pat\Desktop\FRST 9-16 131.txt
2014-09-16 12:25 - 2008-02-24 12:32 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-16 12:24 - 2006-11-02 02:33 - 00703388 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-09-16 12:22 - 2014-04-08 17:17 - 00000000 ____D () C:\ProgramData\Npackd
2014-09-15 09:47 - 2014-09-16 12:21 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Pat\Desktop\tdsskiller.exe
2014-09-15 09:46 - 2014-09-16 12:21 - 02105856 _____ (Farbar) C:\Users\Pat\Desktop\FRST64.exe
2014-09-15 09:45 - 2014-09-16 12:23 - 01097728 _____ (Farbar) C:\Users\Pat\Desktop\FRST.exe
2014-09-14 20:37 - 2014-09-14 20:37 - 00042262 _____ () C:\Users\Pat\Desktop\otl extra.txt
2014-09-14 20:31 - 2014-09-14 20:31 - 01109072 _____ () C:\Users\Pat\Desktop\OTL.Txt
2014-09-14 19:00 - 2014-09-14 18:43 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-14 18:54 - 2014-08-11 23:07 - 00000000 ____D () C:\Program Files\HQPureV1.8
2014-09-14 18:47 - 2008-02-24 12:38 - 00000000 ____D () C:\Program Files\AWS
2014-09-14 18:45 - 2014-09-14 18:45 - 00000000 ____D () C:\SUPERDelete
2014-09-14 18:44 - 2014-09-14 18:44 - 00001802 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-09-14 18:44 - 2014-09-14 18:44 - 00001802 _____ () C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-09-14 18:44 - 2014-09-14 18:44 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\SUPERAntiSpyware.com
2014-09-14 18:43 - 2014-09-14 18:43 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-09-14 18:40 - 2006-11-02 04:52 - 00045552 _____ () C:\Windows\setupact.log
2014-09-14 18:33 - 2014-05-04 07:46 - 00000000 ____D () C:\Program Files\NpackdDetected
2014-09-14 18:27 - 2013-05-18 12:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-14 18:27 - 2010-04-03 11:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-14 17:36 - 2014-08-31 22:10 - 00000000 ____D () C:\ProgramData\dowiNloaditKeep
2014-09-14 17:36 - 2011-10-26 16:23 - 00000000 ____D () C:\Program Files\ATT-SST
2014-09-14 17:35 - 2014-08-11 23:08 - 00000000 ____D () C:\Program Files\videos MediaPlay-Air
2014-09-14 17:35 - 2014-08-11 23:03 - 00000000 ____D () C:\Program Files\SearchArmor
2014-09-14 17:25 - 2014-09-14 13:44 - 00000000 ____D () C:\VIPRERESCUE
2014-09-14 15:14 - 2011-03-23 16:31 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\HpUpdate
2014-09-14 13:28 - 2014-01-29 09:33 - 00000087 _____ () C:\Windows\System32\osgyyfu.ijm
2014-09-14 13:26 - 2014-09-14 12:53 - 168402944 _____ () C:\Users\Pat\Downloads\VIPRERescue33104.exe
2014-09-14 12:41 - 2014-09-14 12:41 - 00000000 _____ () C:\Users\Pat\Downloads\OTL.scr
2014-09-14 12:41 - 2014-09-14 12:41 - 00000000 _____ () C:\Users\Pat\Downloads\OTL.com
2014-09-14 12:30 - 2010-04-03 11:33 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-14 12:30 - 2010-04-03 11:33 - 00000848 _____ () C:\ProgramData\Desktop\Mozilla Firefox.lnk
2014-09-14 12:21 - 2014-08-11 23:04 - 00000000 ____D () C:\ProgramData\19e8f4e397351af7
2014-09-14 12:13 - 2014-09-14 12:13 - 00000000 ____D () C:\Program Files\dowiNloaditKeep
2014-09-14 12:11 - 2014-09-13 08:30 - 00000000 ____D () C:\ProgramData\ShoppingDealFactory
2014-09-14 02:11 - 2013-08-14 02:01 - 00000000 ____D () C:\Windows\System32\MRT
2014-09-14 02:02 - 2006-11-02 02:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-09-14 02:01 - 2013-05-18 12:54 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-09-14 02:01 - 2013-05-18 12:53 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-13 09:11 - 2013-08-24 14:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-09-13 09:11 - 2012-03-24 08:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-09-13 08:45 - 2010-03-12 18:00 - 00000000 ____D () C:\Users\Pat\Local Settings\Application Data\Google
2014-09-13 08:45 - 2010-03-12 18:00 - 00000000 ____D () C:\Users\Pat\AppData\Local\Google
2014-09-13 08:23 - 2014-09-13 08:23 - 00000000 ____D () C:\Windows\System32\EventProviders
2014-09-01 10:55 - 2014-08-08 07:50 - 00039936 _____ () C:\Windows\System32\btlcp.cpo
2014-09-01 10:55 - 2014-01-27 07:52 - 00000291 _____ () C:\Windows\System32\hirh.dnc
2014-08-24 23:48 - 2012-07-13 20:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-24 23:48 - 2010-03-12 18:00 - 00000000 ____D () C:\Program Files\Google

Files to move or delete:
====================
C:\Users\Pat\RecipeHub.exe


Some content of TEMP:
====================
C:\Users\Pat\AppData\Local\Temp\BackupSetup.exe
C:\Users\Pat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqzgcyp.dll
C:\Users\Pat\AppData\Local\Temp\Quarantine.exe
C:\Users\Pat\AppData\Local\Temp\swt-win32-3333.dll
C:\Users\Pat\AppData\Local\Temp\vcredist_x86.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (whitelisted) =============


==================== Restore Points  =========================

Restore point made on: 2014-07-25 21:15:25
Restore point made on: 2014-07-26 21:15:22
Restore point made on: 2014-07-27 21:15:31
Restore point made on: 2014-07-28 21:15:01
Restore point made on: 2014-07-29 21:14:54
Restore point made on: 2014-07-30 21:15:04
Restore point made on: 2014-07-31 21:14:45
Restore point made on: 2014-08-01 21:14:56
Restore point made on: 2014-08-02 21:15:54
Restore point made on: 2014-08-03 21:15:39
Restore point made on: 2014-08-04 21:15:44
Restore point made on: 2014-08-05 21:15:26
Restore point made on: 2014-08-06 21:18:24
Restore point made on: 2014-08-07 21:15:16
Restore point made on: 2014-08-08 21:16:27
Restore point made on: 2014-08-09 21:17:12
Restore point made on: 2014-08-10 21:16:39
Restore point made on: 2014-08-11 21:16:07
Restore point made on: 2014-08-12 21:15:50
Restore point made on: 2014-08-13 21:16:55
Restore point made on: 2014-08-14 21:16:52
Restore point made on: 2014-08-15 02:00:17
Restore point made on: 2014-08-15 21:16:22
Restore point made on: 2014-08-26 00:00:02
Restore point made on: 2014-08-26 23:59:55
Restore point made on: 2014-08-27 23:59:59
Restore point made on: 2014-08-29 00:00:11
Restore point made on: 2014-08-29 23:59:40
Restore point made on: 2014-08-30 23:59:37
Restore point made on: 2014-09-13 08:23:30
Restore point made on: 2014-09-14 02:00:15
Restore point made on: 2014-09-14 18:48:23
Restore point made on: 2014-09-14 19:44:00
Restore point made on: 2014-09-16 12:33:33

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3061.77 MB
Available physical RAM: 2559.02 MB
Total Pagefile: 2750.94 MB
Available Pagefile: 2599.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.43 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:326.11 GB) (Free:193.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.24 GB) (Free:1.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (USB DISK) (Removable) (Total:7.45 GB) (Free:6.79 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 335.4 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=326.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0C)


LastRegBack: 2014-09-16 16:19

==================== End Of Log ============================


  • 0

#15
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hello, 

 

Please do the following. Let me know if you can boot normally. 

 

xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png FRST Recovery Environment Script

  • Using your clean PC, press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll C:\Windows\System32\rpcss.dll
    end
  • Click FileSave As and type fixlist.txt as the File Name.
  • Save the file to your USB drive.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Enter the Recovery Environment just as you did before.
  • Run FRST just as you did before.
  • Click the Fixbutton once.
  • A log (Fixlog.txt) will be created on your USB drive.
  • Attempt to boot normally into Windows.
  • Copy the contents of Fixlog.txt and paste in your next reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP