Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

serious system lag - svchost mem hog [Solved]


  • This topic is locked This topic is locked

#1
jt4211

jt4211

    Member

  • Member
  • PipPip
  • 39 posts

G2G -

 

Having serious system lag - takes forever to open browser window(s) - start programs, etc.  Noticed a lot of SVChost.exe (10+) running - need help!

Pasted below is OTL log - THANKS!

EDIT:  Extras.txt also added to end

 

OTL logfile created on: 12/28/2014 7:57:22 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TeamTkac\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.86 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 51.67% Memory free
7.71 Gb Paging File | 5.25 Gb Available in Paging File | 68.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.07 Gb Total Space | 376.49 Gb Free Space | 64.90% Space Free | Partition Type: NTFS
 
Computer Name: TEAMTKAC-PC | User Name: TeamTkac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/28 07:56:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TeamTkac\Desktop\OTL.exe
PRC - [2014/12/22 01:54:10 | 000,846,624 | ---- | M] (Glarysoft Ltd) -- C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
PRC - [2014/12/11 13:49:42 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/12/03 10:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/21 18:54:57 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/11/12 18:31:10 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/11/11 19:24:03 | 000,309,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2014/07/10 12:45:42 | 000,438,104 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/08/24 20:03:44 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/08/24 20:03:42 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/08/10 15:09:56 | 000,057,344 | ---- | M] (Atheros) -- C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
PRC - [2011/06/30 21:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/06/30 21:51:14 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/06/30 21:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/04/23 20:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/02/01 16:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 16:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/12 20:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/05/08 05:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/22 01:56:58 | 000,080,160 | ---- | M] () -- C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
MOD - [2014/11/21 18:55:35 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/10/14 23:28:04 | 008,897,696 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
MOD - [2014/10/11 13:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/04/23 15:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/08/24 20:03:42 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/08/24 20:03:42 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/04/23 20:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/11/21 18:54:57 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/11/21 18:54:00 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/08/02 13:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/12/28 05:39:51 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/03 10:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/07/10 12:45:42 | 000,438,104 | ---- | M] (Garmin Ltd or its subsidiaries) [On_Demand | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/10/07 20:07:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/16 17:52:06 | 000,105,120 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/08/10 15:09:56 | 000,057,344 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/02/01 16:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 16:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/12 20:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/28 07:45:48 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/11/23 22:47:24 | 000,017,600 | ---- | M] (Glarysoft Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BootDefragDriver.sys -- (BootDefragDriver)
DRV:64bit: - [2014/11/21 18:58:25 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/11/21 18:55:45 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/11/21 18:55:45 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/11/21 18:55:45 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/11/21 18:55:44 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/11/21 18:55:44 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/11/21 18:55:44 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/11/21 18:55:42 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/11/21 18:54:00 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/11/15 11:06:43 | 000,020,160 | ---- | M] (Glarysoft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GUBootStartup.sys -- (GUBootStartup)
DRV:64bit: - [2014/01/22 07:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 07:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/03/18 15:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/18 20:46:10 | 000,012,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MmpGuiDrv.sys -- (mmpguidrv)
DRV:64bit: - [2012/10/18 20:46:08 | 000,021,008 | ---- | M] (<company name here>) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mmpDrv.sys -- (mmpDrv)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/16 18:01:36 | 000,517,280 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/09/16 18:00:50 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/09/16 18:00:34 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/09/16 18:00:04 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/09/16 17:59:48 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/09/16 17:59:32 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/09/16 17:59:18 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/09/16 17:59:02 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/08/05 16:33:48 | 002,768,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/07/14 00:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/14 00:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/10 13:16:08 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/08 11:36:14 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/03/09 23:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/09 23:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/01/12 19:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 03:28:17 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/27 02:24:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/07/29 08:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/07/20 04:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKLM\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS508
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Google"
FF - prefs.js..browser.search.defaulturl: "https://www.google.com/search"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.0.2502.149
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - prefs.js..keyword.URL: "https://www.google.com/search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2014/11/29 15:55:41 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2014/11/29 15:55:41 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TeamTkac\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TeamTkac\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/11/21 18:55:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/06/02 20:48:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Unfriend Checker\FF\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/06/02 20:48:13 | 000,000,000 | ---D | M]
 
[2014/04/05 12:50:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TeamTkac\AppData\Roaming\Mozilla\Extensions
[2014/11/28 14:42:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\extensions
[2014/06/07 08:08:15 | 000,002,823 | ---- | M] () -- C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\searchplugins\Google.xml
[2014/11/21 18:55:51 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/10/17 11:25:52 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/11/09 17:41:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [GUDelayStartup] C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe (Glarysoft Ltd)
O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1419770777 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.11.0.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FD5FCF0-2519-466E-AA20-ED70A9CB7E27}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C48D062-7D24-42A7-81B9-F9AF11D550A4}: DhcpNameServer = 192.168.1.250
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/28 07:56:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TeamTkac\Desktop\OTL.exe
[2014/12/28 07:18:55 | 000,118,048 | ---- | C] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe
[2014/12/28 07:18:55 | 000,017,600 | ---- | C] (Glarysoft Ltd) -- C:\Windows\SysNative\drivers\BootDefragDriver.sys
[2014/12/12 17:19:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014/12/07 07:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/12/07 07:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/12/07 05:21:23 | 000,000,000 | ---D | C] -- C:\Users\TeamTkac\AppData\Local\EgisTec
[2014/12/07 05:16:51 | 000,695,443 | ---- | C] (UltraDefrag Development Team) -- C:\Users\TeamTkac\Desktop\UltraDefrag_(64bit)_v6.0.4.exe
[2014/11/29 15:56:08 | 000,000,000 | ---D | C] -- C:\Users\TeamTkac\AppData\Local\IsolatedStorage
[2014/11/29 15:55:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Earth 3D
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/28 07:56:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TeamTkac\Desktop\OTL.exe
[2014/12/28 07:51:54 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/28 07:51:54 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/28 07:46:38 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 5.job
[2014/12/28 07:46:04 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-563202287-1717114301-743867805-1000UA.job
[2014/12/28 07:45:48 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/28 07:44:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/28 07:44:32 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/28 07:30:22 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/12/28 07:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/28 07:23:33 | 000,007,612 | ---- | M] () -- C:\Users\TeamTkac\AppData\Local\Resmon.ResmonCfg
[2014/12/28 05:46:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-563202287-1717114301-743867805-1000Core.job
[2014/12/28 05:36:04 | 000,000,120 | ---- | M] () -- C:\Windows\wininit.ini
[2014/12/28 05:30:58 | 000,001,068 | ---- | M] () -- C:\Users\TeamTkac\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk
[2014/12/28 05:30:58 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 5.lnk
[2014/12/28 05:00:10 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/28 05:00:10 | 000,662,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/28 05:00:10 | 000,122,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/22 01:57:26 | 000,118,048 | ---- | M] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe
[2014/12/11 19:53:05 | 000,002,388 | ---- | M] () -- C:\Users\TeamTkac\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/12/11 19:53:05 | 000,002,386 | ---- | M] () -- C:\Users\TeamTkac\Desktop\Google Chrome.lnk
[2014/12/10 09:46:21 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014/12/07 05:16:52 | 000,695,443 | ---- | M] (UltraDefrag Development Team) -- C:\Users\TeamTkac\Desktop\UltraDefrag_(64bit)_v6.0.4.exe
[2014/12/06 21:03:48 | 009,424,140 | ---- | M] () -- C:\Users\TeamTkac\Desktop\Ed Sheeran  Make It Rain (Sons of Anarchy) with Lyrics [HQ NEW 2014].mp3
[2014/12/04 02:14:59 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/29 15:55:42 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Bing Maps 3D.lnk
 
========== Files Created - No Company Name ==========
 
[2014/12/28 05:36:03 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2014/12/22 21:30:44 | 008,951,480 | ---- | C] () -- C:\Users\TeamTkac\Desktop\scan0001.tif
[2014/12/22 19:41:03 | 001,732,944 | ---- | C] () -- C:\Users\TeamTkac\Desktop\DSC_0062.JPG
[2014/12/22 19:30:40 | 001,869,068 | ---- | C] () -- C:\Users\TeamTkac\Desktop\DSC_0061.JPG
[2014/12/16 07:59:09 | 000,007,612 | ---- | C] () -- C:\Users\TeamTkac\AppData\Local\Resmon.ResmonCfg
[2014/12/06 21:03:47 | 009,424,140 | ---- | C] () -- C:\Users\TeamTkac\Desktop\Ed Sheeran  Make It Rain (Sons of Anarchy) with Lyrics [HQ NEW 2014].mp3
[2014/11/29 15:55:42 | 000,002,022 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Maps 3D.lnk
[2014/11/29 15:55:42 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Bing Maps 3D.lnk
[2014/11/15 11:07:15 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2014/06/02 20:44:58 | 000,208,583 | ---- | C] () -- C:\Windows\hpoins41.dat
[2014/06/02 20:44:57 | 000,001,112 | ---- | C] () -- C:\Windows\hpomdl41.dat
[2013/04/18 18:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/04/18 18:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/04/18 18:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/04/18 18:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/06 16:18:41 | 000,000,000 | ---D | M] -- C:\Users\TeamTkac\AppData\Roaming\AVAST Software
[2014/12/28 07:44:25 | 000,000,000 | ---D | M] -- C:\Users\TeamTkac\AppData\Roaming\DiskDefrag
[2014/12/28 07:12:16 | 000,000,000 | ---D | M] -- C:\Users\TeamTkac\AppData\Roaming\Dropbox
[2014/11/09 11:35:53 | 000,000,000 | ---D | M] -- C:\Users\TeamTkac\AppData\Roaming\Garmin
[2014/11/15 11:06:42 | 000,000,000 | ---D | M] -- C:\Users\TeamTkac\AppData\Roaming\Glarysoft
[2014/04/17 13:13:02 | 000,000,000 | ---D | M] -- C:\Users\TeamTkac\AppData\Roaming\Oracle
[2013/05/25 08:50:29 | 000,000,000 | ---D | M] -- C:\Users\TeamTkac\AppData\Roaming\player
[2014/08/29 07:27:13 | 000,000,000 | ---D | M] -- C:\Users\TeamTkac\AppData\Roaming\PowerCinema
[2014/11/14 19:20:09 | 000,000,000 | ---D | M] -- C:\Users\TeamTkac\AppData\Roaming\QuickScan
[2014/10/29 18:24:36 | 000,000,000 | ---D | M] -- C:\Users\TeamTkac\AppData\Roaming\Samsung
[2011/11/26 17:17:05 | 000,000,000 | ---D | M] -- C:\Users\TeamTkac\AppData\Roaming\Screensaver
[2013/06/09 06:52:25 | 000,000,000 | ---D | M] -- C:\Users\TeamTkac\AppData\Roaming\SoftGrid Client
[2014/11/08 21:12:08 | 000,000,000 | ---D | M] -- C:\Users\TeamTkac\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1150 bytes -> C:\Users\TeamTkac\Desktop\Facebook.website:TASKICON_3friends2073392651
@Alternate Data Stream - 1150 bytes -> C:\Users\TeamTkac\Desktop\Facebook.website:TASKICON_2events-954496249
@Alternate Data Stream - 1150 bytes -> C:\Users\TeamTkac\Desktop\Facebook.website:TASKICON_1messages523453257
@Alternate Data Stream - 1150 bytes -> C:\Users\TeamTkac\Desktop\Facebook.website:TASKICON_0news964078814

< End of report >

 

EXTRAS.TXT

 

OTL Extras logfile created on: 12/28/2014 7:57:22 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TeamTkac\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.86 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 51.67% Memory free
7.71 Gb Paging File | 5.25 Gb Available in Paging File | 68.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.07 Gb Total Space | 376.49 Gb Free Space | 64.90% Space Free | Partition Type: NTFS
 
Computer Name: TEAMTKAC-PC | User Name: TeamTkac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = CryptoPreventCPL] -- "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" *"%1" %*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.pif [@ = CryptoPreventPIF] -- "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" *"%1" %*
.scr [@ = CryptoPreventSCR] -- "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = CryptoPreventCPL] -- "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" *"%1" %*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.pif [@ = CryptoPreventPIF] -- "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" *"%1" %*
.scr [@ = CryptoPreventSCR] -- "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08ED6CD4-C69E-455B-AB14-B48741BA310E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B99AAE5-F169-4E54-A3BA-E7D06C2E84CB}" = rport=137 | protocol=17 | dir=out | app=system |
"{15B53B73-8892-4396-88EB-0BF3099C7DC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1AAB94FA-CA73-44DA-9C8C-45404E387796}" = rport=445 | protocol=6 | dir=out | app=system |
"{29284BD7-5DA8-47C6-82EF-E5E3587084F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FC4FF11-8515-4754-BBF4-EC59CDD555CA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{3393B697-0858-4290-B2F5-1B537492A0E4}" = rport=139 | protocol=6 | dir=out | app=system |
"{3620D6FF-4A24-4BD5-9F85-C795423A4EB6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45D3B801-54A6-455B-B1DB-60FF280C529A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{52D07107-B4B2-4A5C-899F-AD775F621F68}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{579F1793-D5EE-47B6-AF65-09AAECC8DFF1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{601BFEBC-63C0-49D1-BBD2-D3CFA831AED8}" = lport=139 | protocol=6 | dir=in | app=system |
"{6131DC3D-D1B2-456E-ADEE-1C8D47E142C9}" = lport=445 | protocol=6 | dir=in | app=system |
"{6FB7B573-2D63-4689-BF80-D439D41BDEEE}" = rport=2869 | protocol=6 | dir=out | app=system |
"{746B31AD-AA92-4D85-9C5F-07E7C5769F0D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7752D269-E0CD-4B9B-B3EB-E2ADC676DD6F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7FE227C7-5D38-45E8-986D-307F4039C91A}" = lport=137 | protocol=17 | dir=in | app=system |
"{983D7253-AAB6-4D2F-A7C3-6915E1709209}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9FEC1792-F270-471D-A970-DC0515438752}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{A4646A65-3A05-46BD-B6F6-73ED2763B53A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A488BB9F-EC91-4EBB-B1CE-E958C928C5B3}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AF8597D0-8D1C-4A8D-A47E-94544F7F6C29}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B1605240-9FA8-4891-9BBE-359353445BD0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C149BD9C-5AA7-4511-A61A-21DEAA6D9390}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C509BBC8-BF5C-4867-999B-90489BDD97C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB1772FB-FE1C-4651-A6DA-F2078F24B73F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CED85DCA-64AF-4092-B6D3-BD5E16D66D71}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0AAFEB1-353F-44DC-82C6-6EB95CFE71DC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D113A31B-63E0-4621-BDFE-9E68A549FDE4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D86809C5-C0C9-48F7-91AA-44FCF5C0CA4F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D999716E-820F-49D7-AEAD-48C0FB10F8D7}" = rport=138 | protocol=17 | dir=out | app=system |
"{DAEAC1E8-9850-443A-8BFE-754CF1732201}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E0791C69-9A17-44BA-8DCA-DEFC08296A55}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB386666-23AC-4F1D-A34B-3E3BF5F26D24}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FF8384DA-9F24-497F-88B7-DED9C18A0E91}" = lport=138 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C82F7F-9B19-4A8E-97C9-13B409ACACB4}" = protocol=58 | dir=out | [email protected],-503 |
"{0613FC4B-452E-46A1-A2E0-97A8FA46290B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{062D87C0-66D2-4B5A-9475-13283FC1F95B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0AA85B78-E897-47FC-96BA-FFDCBFAD94A6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0AE6E5DF-2D83-4156-AD3B-A7EFC0621065}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1275B31F-B419-4DA1-8050-56C561AD9199}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{128E5117-5FF7-4253-84B8-5EF147733373}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{12D97E62-9A27-4C85-AC54-D07D59F2D906}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{1457BC76-0E1D-442C-8C3F-98AB8F8086E0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{14DF8793-0156-4D63-9EBD-EBA75DABF771}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{15AF3050-2F70-44F9-970B-FDBA2E54EDEE}" = protocol=6 | dir=out | app=system |
"{1B88C80C-9D3D-4413-9F76-C8F6C3DEC56F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1F12BE64-5F2E-4F55-9CA9-57B24C87171D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1F87610B-C797-489C-99C2-47180C7324F9}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
"{20DA0396-922B-4AF8-ABB6-68900B4AD909}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{20ECD8FB-02C2-4993-9631-356D5641CA51}" = protocol=6 | dir=in | app=c:\users\teamtkac\appdata\local\temp\7zs5180\hpdiagnosticcoreui.exe |
"{23D72727-A7A0-4027-B0F2-BBDD01B28B21}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe |
"{2466333F-94EE-4421-BDF2-16F4A107521B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2ACBD8F2-D79B-4B16-AFB8-8D941E7ACD32}" = protocol=6 | dir=in | app=c:\users\teamtkac\appdata\local\temp\7zs56b8\hpdiagnosticcoreui.exe |
"{2D9E63FD-F514-492B-83EF-9251A40D6E0A}" = protocol=6 | dir=in | app=c:\users\teamtkac\appdata\local\temp\7zs4279\hpdiagnosticcoreui.exe |
"{2DA29287-3217-4435-801B-0EB877929B9F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{2EFF1D2E-43A0-4099-A048-C0B082A23D51}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{37625DF1-8004-4975-8CF5-BC2A2925D673}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3BD2326D-D54D-4096-AFB8-C32DE34859DB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3FD5D925-3521-4F70-812E-3A21CCAF0D6E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{46609516-F56F-4B0F-8E40-8AB9539B1B0F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |
"{47895338-041D-4A21-A3CF-09F7B643DD78}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{4A2B7C5E-4444-485B-BF2A-2B91A4309D18}" = protocol=58 | dir=out | [email protected],-28546 |
"{4A38A86F-FF03-4B86-9F14-BEA690FBF129}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{4DFD60EE-0FFF-4BE6-B138-FDC53C985C32}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{52071627-BA18-4614-A724-AF3CE2E67C76}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5272596A-2DD2-44A6-A1AD-EEC65069CA29}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{53EFDFEB-7DE8-4C5D-BF3F-8660E8CDC5FD}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{56CB3FAA-DFD7-478F-BCE2-A54F475AAEA6}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |
"{5926DA05-68AE-47F6-ACEB-08F8346F52A7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5BE00DBB-7899-4203-BDE3-273C3BE3092E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{5DC4A144-B8DA-4513-A30A-9017C70394C6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{5DDA2700-A248-4037-83C7-544EB3976883}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5EC1C650-F35A-4160-9818-F4D9AD7E8FDC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{69EC190B-12F4-43A8-B1BA-77FC478B368D}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{6CB2DC33-6368-4A37-9E96-C5849E4CAA2A}" = protocol=17 | dir=in | app=c:\users\teamtkac\appdata\local\temp\7zs56b8\hpdiagnosticcoreui.exe |
"{6D985F7B-DA68-4745-BD9C-7EAC3C46C89E}" = protocol=1 | dir=in | [email protected],-28543 |
"{7C868A56-2483-42A5-91BB-8732DBC8B8E2}" = protocol=17 | dir=in | app=c:\users\teamtkac\appdata\local\temp\7zs5180\hpdiagnosticcoreui.exe |
"{7E1BAF05-E756-4B37-9DB0-C0F7BCA6963C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{836DCD3B-AF58-4CA6-8B2A-60856EDC6DD0}" = protocol=1 | dir=out | [email protected],-28544 |
"{89F746DF-B9CF-455A-9B62-FF7D23ECD3D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C849DCD-59E8-40B2-BD90-0F3288471199}" = protocol=6 | dir=in | app=c:\users\teamtkac\appdata\local\temp\7zs3257\hpdiagnosticcoreui.exe |
"{90C3B903-7E5F-44D8-B49D-3C3DB2FE7327}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{93D4EEA2-FAD4-488F-B328-EBCE9C1233D9}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |
"{94DBF21C-9453-4C9A-8950-58C6AB0200F9}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{997D7C71-4F0D-424F-9948-9BC9A708C98D}" = protocol=17 | dir=in | app=c:\users\teamtkac\appdata\local\temp\7zs3257\hpdiagnosticcoreui.exe |
"{9C8EFE8E-8B5D-4AC0-BDB6-E3B991BA5C64}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A224D36A-669B-49E6-B21E-8D565C07D085}" = protocol=17 | dir=in | app=c:\users\teamtkac\appdata\local\temp\7zs4279\hpdiagnosticcoreui.exe |
"{A252A45C-B562-4FF1-8579-2FD8544BA0A0}" = protocol=17 | dir=in | app=c:\users\teamtkac\appdata\local\temp\7zs307c\hppiw.exe |
"{A2EBB868-4074-4296-9C65-11D07788BDAE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A2FFB2E7-E4EC-4DA7-93F6-72D15210E3E7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A498C7BF-EB3A-4540-BE27-E765BB288A8D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A9590B87-4C6E-4D5C-A73F-1635564B78CA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{AD4B2D00-86ED-438B-B272-3540FEDCF216}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
"{B7F81647-BC5E-40B9-823C-00FD1A65DFF3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDD121E5-DDEB-489A-A462-03FBF6ABFD41}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{BE15AD6E-D291-4628-B11C-2EFB9AF9C029}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BFAAEC96-3829-477B-981B-3CC765829048}" = protocol=58 | dir=in | [email protected],-28545 |
"{C30AEF54-9F1E-4276-8ACE-4AC18A35853D}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{C3368738-508C-4968-9926-0DA4FE0830A5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{C42CE298-A17E-4683-AF91-743A3EC064B9}" = protocol=6 | dir=in | app=c:\users\teamtkac\appdata\local\temp\7zs307c\hppiw.exe |
"{C52BBDE1-1235-41BF-B9A6-C3C9E2DD0A61}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{DEEB750E-DCC3-4C7C-9DDD-5C23C186FCDC}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{E2188163-1832-4AE0-B0E4-71A44A361511}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E4197F9A-196B-4C31-987D-3ACD49C760EA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |
"{E423903E-F4D9-4E9D-8166-C3FBC4902DBB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{E7892B0F-E276-4332-AABF-0261F800A97F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E7C1D749-1F23-4600-BFC0-1810DE958113}" = dir=in | app=c:\users\teamtkac\appdata\local\microsoft\skydrive\skydrive.exe |
"{E9A088EC-11FB-4E80-A355-707F1BF604D8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{ED03DC3A-2A1F-4CCF-B760-3D806A0B3E3F}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{EE651DFD-5E9B-4D68-8A4F-E4C3183865A3}" = protocol=58 | dir=in | app=system |
"{F24442E7-A29B-4592-95DB-4CE2AC7DDD89}" = dir=in | app=d:\setup\hpznui40.exe |
"{F7C62B8B-F305-45C5-A9AA-A29AA0713FEC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8B52127-C303-4523-BA99-B777535BBC0D}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{FAB3F6FD-B72F-4274-9A2D-4915EC6ACDEF}" = protocol=58 | dir=in | [email protected],-148 |
"{FEBF4EB9-3390-4903-8E26-1405AFB6EE77}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{FFEE2BB1-4D96-4B81-A883-FBAA66A7EE9C}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe |
"TCP Query User{12C12D01-2B98-4C53-AB8D-42ACEFB5F9BD}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{2F783625-9291-4E7B-ACE4-98BFA0A2D1F9}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe |
"TCP Query User{599406A8-4BB1-42FC-B798-2F508F0543BD}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{EE5382D2-5597-411C-A4B4-2F158C0D9AF5}C:\users\teamtkac\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\teamtkac\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{0A186868-5F8C-4661-9B3B-37161622B686}C:\users\teamtkac\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\teamtkac\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{1E795A52-89B0-4E2B-94EF-0220612C4C31}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{A8CBE2A1-A52E-440F-A6F0-2B56AD5A12D6}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{D7ACD24D-FF35-49EB-81BD-EE06240F6634}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0925-000001000000}" = 7-Zip 9.25 (x64 edition)
"{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{550331CC-C34B-494F-BCDA-37CE4EF6E924}" = Garmin Communicator Plugin x64
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB1394B2-CCD4-4B72-9CF7-14CC2AF26967}" = ANT Drivers Installer x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0
"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support
"{CCD42CCF-9AFF-4BC5-862A-38CCD3C8E8F8}" = HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2" = Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1)
"F9D2A789F9CFF8CEC36B544F53877C80F1F73C46" = Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}" = Qualcomm Atheros Fast Reconnect
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{268F88C6-2B12-4670-AFA6-2B515BF81CF6}" = Android ADB Fastboot
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DCF042E-0CF3-4E4F-957C-D2E1C060E178}" = Garmin Express
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{56D0E0C2-DF58-4FF8-9FEB-F9119123779F}" = Elevated Installer
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1" = CryptoPrevent
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BB526A8-7658-4697-BD27-425E87932035}" = Garmin Express Tray
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ac22014a-a254-43b9-9cc0-e87cf9c7e18a}" = Garmin Express
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.13) MUI
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C206CD7D-7CFE-4F0C-BC68-8873CDE3A5F5}_is1" = MiniAide Fat32 Formatter Home Edition version 1.05
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C60F3836-333A-4AE2-B526-CFDBA143A9BA}" = Google Drive
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6319C60-D4DF-4D4D-A077-9F46D656E4FB}" = C309g-m
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE177519-70E3-4A94-B8DB-FD0B78D1A47E}" = PS_AIO_06_C309g-m_SW_Min
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Android SDK Tools" = Android SDK Tools
"avast" = Avast Free Antivirus
"EaseUS Data Recovery Wizard 6.0_is1" = EaseUS Data Recovery Wizard 6.0
"Glary Utilities 5" = Glary Utilities 5.15
"HP Photo Creations" = HP Photo Creations
"Identity Card" = Identity Card
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Picasa 3" = Picasa 3
"UltraDefrag" = Ultra Defragmenter
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"YInstHelper" = Yahoo! Install Manager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/25/2014 1:18:55 PM | Computer Name = TeamTkac-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5632
 
Error - 12/27/2014 9:42:40 PM | Computer Name = TeamTkac-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/27/2014 9:42:40 PM | Computer Name = TeamTkac-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9703
 
Error - 12/27/2014 9:42:40 PM | Computer Name = TeamTkac-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9703
 
Error - 12/28/2014 1:43:49 AM | Computer Name = TeamTkac-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/28/2014 1:43:49 AM | Computer Name = TeamTkac-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9578
 
Error - 12/28/2014 1:43:49 AM | Computer Name = TeamTkac-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9578
 
Error - 12/28/2014 6:00:02 AM | Computer Name = TeamTkac-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 50a1c    Start
 Time: 01d020a5c702e002    Termination Time: 2578    Application Path: C:\Program Files
(x86)\Internet Explorer\IEXPLORE.EXE    Report Id:  
 
Error - 12/28/2014 8:14:42 AM | Computer Name = TeamTkac-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 12/28/2014 8:45:09 AM | Computer Name = TeamTkac-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 12/27/2014 6:23:07 PM | Computer Name = TeamTkac-PC | Source = DCOM | ID = 10016
Description =
 
Error - 12/28/2014 1:42:53 AM | Computer Name = TeamTkac-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 12/28/2014 1:43:20 AM | Computer Name = TeamTkac-PC | Source = DCOM | ID = 10010
Description =
 
Error - 12/28/2014 5:56:56 AM | Computer Name = TeamTkac-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 12/28/2014 8:12:39 AM | Computer Name = TeamTkac-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:10:15 AM on ?12/?28/?2014 was unexpected.
 
Error - 12/28/2014 8:14:08 AM | Computer Name = TeamTkac-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler
 service to connect.
 
Error - 12/28/2014 8:14:08 AM | Computer Name = TeamTkac-PC | Source = Service Control Manager | ID = 7000
Description = The MBAMScheduler service failed to start due to the following error:
   %%1053
 
Error - 12/28/2014 8:14:16 AM | Computer Name = TeamTkac-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error:   %%2
 
Error - 12/28/2014 8:16:57 AM | Computer Name = TeamTkac-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 12/28/2014 8:44:41 AM | Computer Name = TeamTkac-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error:   %%2
 
 
< End of report >
 


Edited by jt4211, 28 December 2014 - 01:08 PM.

  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, I've got an idea of what's infecting your machine, and for that, we'll need to take a look with a different scanner. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

  • 0

#3
jt4211

jt4211

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Pystryker - Thanks so much for the help - at times this laptop is barely usable with browser and app lag.  Below is the FRST Log:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by TeamTkac (administrator) on TEAMTKAC-PC on 29-12-2014 21:22:29
Running from C:\Users\TeamTkac\Desktop
Loaded Profile: TeamTkac (Available profiles: TeamTkac)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe
() C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [YMailAdvisor] => C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe [174424 2009-05-08] (Yahoo! Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-11] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-563202287-1717114301-743867805-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-10] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-563202287-1717114301-743867805-1000\...\Run: [Google Update] => C:\Users\TeamTkac\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-11] (Google Inc.)
HKU\S-1-5-21-563202287-1717114301-743867805-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-12-22] (Glarysoft Ltd)
HKU\S-1-5-21-563202287-1717114301-743867805-1000\...\RunOnce: [Adobe Speed Launcher] => 1419853777
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-10] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
BootExecute: autocheck autochk *  BootDefrag.exeaswBoot.exe /M:3928276c /wow /dir:"C:\Program Files\AVAST Software\Avast"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-563202287-1717114301-743867805-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-563202287-1717114301-743867805-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-563202287-1717114301-743867805-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-563202287-1717114301-743867805-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.11.0.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

FireFox:
========
FF ProfilePath: C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default
FF DefaultSearchUrl: https://www.google.com/search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: https://www.google.com/search
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-563202287-1717114301-743867805-1000: @tools.google.com/Google Update;version=3 -> C:\Users\TeamTkac\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-563202287-1717114301-743867805-1000: @tools.google.com/Google Update;version=9 -> C:\Users\TeamTkac\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-11-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-06-02]
FF HKU\S-1-5-21-563202287-1717114301-743867805-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Unfriend Checker\FF
FF HKU\S-1-5-21-563202287-1717114301-743867805-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR Profile: C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-12]
CHR Extension: (Avast Online Security) - C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-09]
CHR Extension: (Google Wallet) - C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [105120 2011-09-16] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-21] (Avast Software)
R3 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438104 2014-07-10] (Garmin Ltd or its subsidiaries)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [File not signed]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-21] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-21] ()
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-11-23] (Glarysoft Ltd)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-11-15] (Glarysoft Ltd)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 mmpDrv; C:\Windows\system32\Drivers\mmpDrv.sys [21008 2012-10-18] (<company name here>)
S3 mmpguidrv; C:\Windows\system32\Drivers\MmpGuiDrv.sys [12304 2012-10-18] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-21] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 21:22 - 2014-12-29 21:23 - 00037650 _____ () C:\Users\TeamTkac\Desktop\FRST.txt
2014-12-29 21:21 - 2014-12-29 21:22 - 00000000 ____D () C:\FRST
2014-12-29 21:20 - 2014-12-29 21:20 - 02123264 _____ (Farbar) C:\Users\TeamTkac\Desktop\FRST64.exe
2014-12-29 17:49 - 2014-12-29 17:49 - 02602587 _____ () C:\Users\TeamTkac\Desktop\Shiftr182_LJ7_Inverted_AOSP_Email.zip
2014-12-29 06:51 - 2014-12-29 06:51 - 00000197 _____ () C:\Windows\system32\2014-12-29-11-51-52.085-AvastVBoxSVC.exe-4404.log
2014-12-28 08:07 - 2014-12-28 08:07 - 00091968 _____ () C:\Users\TeamTkac\Desktop\OTL.Txt
2014-12-28 08:07 - 2014-12-28 08:07 - 00084412 _____ () C:\Users\TeamTkac\Desktop\Extras.Txt
2014-12-28 07:56 - 2014-12-28 07:56 - 00602112 _____ (OldTimer Tools) C:\Users\TeamTkac\Desktop\OTL.exe
2014-12-28 07:47 - 2014-12-28 07:47 - 00000197 _____ () C:\Windows\system32\2014-12-28-12-47-09.094-AvastVBoxSVC.exe-3684.log
2014-12-28 07:18 - 2014-12-22 01:57 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-12-28 07:18 - 2014-11-23 22:47 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-12-28 07:16 - 2014-12-28 07:17 - 00000197 _____ () C:\Windows\system32\2014-12-28-12-16-58.044-AvastVBoxSVC.exe-3760.log
2014-12-28 07:12 - 2014-12-29 06:48 - 00000168 _____ () C:\Windows\setupact.log
2014-12-28 07:12 - 2014-12-28 07:44 - 00002244 _____ () C:\Windows\PFRO.log
2014-12-28 07:12 - 2014-12-28 07:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-28 05:36 - 2014-12-28 05:36 - 00000120 _____ () C:\Windows\wininit.ini
2014-12-26 21:44 - 2014-12-26 21:44 - 31682383 _____ () C:\Users\TeamTkac\Downloads\EGFT_Blue.zip
2014-12-22 21:30 - 2013-04-07 18:30 - 08951480 _____ () C:\Users\TeamTkac\Desktop\scan0001.tif
2014-12-21 17:23 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-21 17:23 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-18 07:22 - 2014-12-18 07:22 - 00000197 _____ () C:\Windows\system32\2014-12-18-12-22-40.073-AvastVBoxSVC.exe-3452.log
2014-12-17 19:47 - 2014-12-17 19:47 - 00009216 _____ () C:\Users\TeamTkac\Desktop\Contractor work log.xls
2014-12-16 07:59 - 2014-12-28 07:23 - 00007612 _____ () C:\Users\TeamTkac\AppData\Local\Resmon.ResmonCfg
2014-12-14 14:07 - 2014-12-14 14:07 - 00000197 _____ () C:\Windows\system32\2014-12-14-19-07-15.064-AvastVBoxSVC.exe-3752.log
2014-12-13 18:06 - 2014-12-13 18:06 - 00000197 _____ () C:\Windows\system32\2014-12-13-23-06-35.064-AvastVBoxSVC.exe-3744.log
2014-12-12 17:23 - 2014-12-29 06:51 - 00003490 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-12-12 17:22 - 2014-12-12 17:22 - 00000197 _____ () C:\Windows\system32\2014-12-12-22-22-20.073-AvastVBoxSVC.exe-3932.log
2014-12-12 17:19 - 2014-12-12 17:19 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 15:39 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 15:39 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-12 15:29 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-12 15:29 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-12 15:29 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-12 15:29 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-12 15:29 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-12 15:29 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-12 15:29 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-12 15:29 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-12 15:29 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-12 15:29 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-12 15:29 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-12 15:29 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-12 15:29 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-12 15:29 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-12 15:29 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-12 15:29 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-12 15:29 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-12 15:29 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-12 15:29 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-12 15:29 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-12 15:29 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-12 15:29 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-12 15:29 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-12 15:29 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-12 15:29 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-12 15:29 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-12 15:29 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-12 15:29 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-12 15:29 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-12 15:29 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-12 15:29 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-12 15:29 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-12 15:29 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-12 15:29 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-12 15:29 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-12 15:29 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-12 15:29 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-12 15:29 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-12 15:29 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-12 15:29 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-12 15:29 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-12 15:29 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-12 15:29 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-12 15:29 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-12 15:29 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-12 15:29 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-12 15:29 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-12 15:29 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-12 15:29 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-12 15:29 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-12 15:29 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-12 15:29 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-12 15:29 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-12 15:29 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-12 15:29 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-12 15:29 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-12 15:29 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-12 15:29 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-12 15:29 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-12 15:29 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-12 15:29 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-12 15:29 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-12 15:29 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-12 15:29 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-12 15:28 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-12 15:28 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-12 15:28 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-12 15:27 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-12 15:27 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-12 15:27 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-12 15:27 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-12 15:27 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-12 15:27 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-12 15:27 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-12 15:27 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-12 15:27 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-12 15:27 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-12 15:27 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-12 15:27 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 13:49 - 2014-12-11 13:50 - 00000197 _____ () C:\Windows\system32\2014-12-11-18-49-45.033-AvastVBoxSVC.exe-3684.log
2014-12-09 23:41 - 2014-12-09 23:41 - 00000197 _____ () C:\Windows\system32\2014-12-10-04-41-40.087-AvastVBoxSVC.exe-4256.log
2014-12-07 07:15 - 2014-12-07 07:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-07 07:15 - 2014-12-07 07:15 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-07 05:45 - 2014-12-07 05:46 - 00000197 _____ () C:\Windows\system32\2014-12-07-10-45-59.005-AvastVBoxSVC.exe-2348.log
2014-12-07 05:21 - 2014-12-07 05:24 - 00000000 ____D () C:\Users\TeamTkac\AppData\Local\EgisTec
2014-12-07 05:16 - 2014-12-07 05:16 - 00695443 _____ (UltraDefrag Development Team) C:\Users\TeamTkac\Desktop\UltraDefrag_(64bit)_v6.0.4.exe
2014-12-07 04:59 - 2014-12-07 04:59 - 00000197 _____ () C:\Windows\system32\2014-12-07-09-59-28.048-AvastVBoxSVC.exe-1096.log
2014-11-29 15:56 - 2014-11-29 15:56 - 00000000 ____D () C:\Users\TeamTkac\AppData\Local\IsolatedStorage
2014-11-29 15:55 - 2014-11-29 15:55 - 00002022 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Maps 3D.lnk
2014-11-29 15:55 - 2014-11-29 15:55 - 00002010 _____ () C:\Users\Public\Desktop\Bing Maps 3D.lnk
2014-11-29 15:55 - 2014-11-29 15:55 - 00000000 ____D () C:\Program Files (x86)\Virtual Earth 3D

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 21:16 - 2012-10-07 14:02 - 00000330 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-12-29 20:59 - 2011-10-07 19:44 - 01191359 _____ () C:\Windows\WindowsUpdate.log
2014-12-29 20:46 - 2011-11-26 18:12 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-563202287-1717114301-743867805-1000UA.job
2014-12-29 20:33 - 2014-04-10 15:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-29 20:25 - 2014-04-06 16:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-29 06:55 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-29 06:55 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 06:52 - 2014-06-12 14:50 - 00000000 ____D () C:\Users\TeamTkac\AppData\Local\Adobe
2014-12-29 06:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-29 06:50 - 2014-11-15 11:06 - 00000338 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-12-29 06:50 - 2014-11-15 11:06 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-12-29 06:49 - 2013-04-05 18:57 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-29 06:49 - 2011-11-26 17:46 - 00000000 ____D () C:\ProgramData\clear.fi
2014-12-29 06:48 - 2011-11-26 18:12 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-563202287-1717114301-743867805-1000Core.job
2014-12-29 06:48 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-28 09:41 - 2013-02-06 17:50 - 00000000 ____D () C:\Users\TeamTkac\Desktop\S4
2014-12-28 07:44 - 2014-11-15 11:06 - 00000000 ____D () C:\Users\TeamTkac\AppData\Roaming\DiskDefrag
2014-12-28 07:12 - 2013-01-31 20:21 - 00000000 ____D () C:\Users\TeamTkac\AppData\Roaming\Dropbox
2014-12-28 05:41 - 2013-06-09 07:47 - 00000000 ____D () C:\Windows\Minidump
2014-12-28 05:39 - 2014-04-06 16:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-28 05:39 - 2014-04-06 16:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-28 05:39 - 2014-04-06 16:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-28 05:38 - 2011-08-26 04:23 - 00000000 ____D () C:\ProgramData\Skype
2014-12-28 05:30 - 2014-11-15 11:06 - 00002984 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-12-28 05:30 - 2014-11-15 11:06 - 00002646 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-12-28 05:30 - 2014-11-15 11:06 - 00001056 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-12-28 05:30 - 2014-11-15 11:06 - 00001044 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-12-28 05:00 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-27 15:27 - 2013-05-09 22:21 - 00000000 ___RD () C:\Users\TeamTkac\SkyDrive
2014-12-25 08:16 - 2012-07-07 20:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-21 14:52 - 2013-05-01 20:58 - 00000000 ____D () C:\Users\TeamTkac\Desktop\Galaxy S4 Root
2014-12-18 03:58 - 2014-08-02 20:14 - 00000000 ____D () C:\Users\TeamTkac\Desktop\GooseWorks
2014-12-12 19:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 17:19 - 2014-05-07 13:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-12 17:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 17:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-12 15:59 - 2013-06-09 07:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-12 15:59 - 2012-04-28 06:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-12 15:55 - 2013-07-21 02:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 15:49 - 2011-11-26 18:30 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 19:53 - 2011-11-26 18:14 - 00002386 _____ () C:\Users\TeamTkac\Desktop\Google Chrome.lnk
2014-12-10 09:46 - 2011-11-28 19:44 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-12-10 09:46 - 2011-08-26 04:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-07 05:29 - 2011-08-26 04:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-07 05:22 - 2013-12-21 07:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-07 05:17 - 2012-11-04 14:08 - 00000824 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraDefrag.lnk
2014-12-07 05:17 - 2012-11-04 14:08 - 00000000 ____D () C:\Program Files\UltraDefrag
2014-12-07 05:15 - 2013-11-24 10:54 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-12-07 05:11 - 2011-10-07 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
2014-12-06 07:37 - 2011-11-26 18:08 - 00000000 ____D () C:\Users\TeamTkac\AppData\Local\CrashDumps
2014-12-04 02:14 - 2014-04-10 15:50 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-04 02:14 - 2014-04-10 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-04 02:14 - 2014-04-10 15:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-25 09:57

==================== End Of Log ============================


  • 0

#4
jt4211

jt4211

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

.....and the Addition.txt log :

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by TeamTkac at 2014-12-29 21:23:28
Running from C:\Users\TeamTkac\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.25 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0925-000001000000}) (Version: 9.25.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2904.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2904.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Android ADB Fastboot (HKLM-x32\...\{268F88C6-2B12-4670-AFA6-2B515BF81CF6}) (Version: 1.1 - ajua Custom Installers)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.96 - Atheros)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C309g-m (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
EaseUS Data Recovery Wizard 6.0 (HKLM-x32\...\EaseUS Data Recovery Wizard 6.0_is1) (Version:  - EaseUS)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Elevated Installer (x32 Version: 3.2.13.0 - Garmin Ltd or its subsidiaries) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{ac22014a-a254-43b9-9cc0-e87cf9c7e18a}) (Version: 3.2.13.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.13.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.13.0 - Garmin Ltd or its subsidiaries) Hidden
Glary Utilities 5.15 (HKLM-x32\...\Glary Utilities 5) (Version: 5.15.0.28 - Glarysoft Ltd)
Google Chrome (HKU\S-1-5-21-563202287-1717114301-743867805-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9452 - HP Photo Creations Powered by RocketLife)
HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{CCD42CCF-9AFF-4BC5-862A-38CCD3C8E8F8}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-563202287-1717114301-743867805-1000\...\SkyDriveSetup.exe) (Version: 16.4.6003.0710 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MiniAide Fat32 Formatter Home Edition version 1.05 (HKLM-x32\...\{C206CD7D-7CFE-4F0C-BC68-8873CDE3A5F5}_is1) (Version: 1.05 - MiniAide Tech Development Co., Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_06_C309g-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Qualcomm Atheros Fast Reconnect (HKLM-x32\...\{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}) (Version: 1.0 - QualComm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.0.4 - UltraDefrag Development Team)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version:  - )
Yahoo! Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version:  - )
Yahoo! Mail Advisor (HKLM-x32\...\Yahoo! Mail Advisor) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\TeamTkac\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\TeamTkac\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\TeamTkac\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\TeamTkac\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
CustomCLSID: HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
CustomCLSID: HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
CustomCLSID: HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File

==================== Restore Points  =========================

15-11-2014 10:08:43 End of disinfection
18-11-2014 12:50:25 Windows Update
21-11-2014 07:03:37 Windows Update
21-11-2014 18:51:20 avast! antivirus system restore point
25-11-2014 13:46:33 Windows Update
02-12-2014 18:13:46 Windows Update
05-12-2014 18:28:50 Windows Update
07-12-2014 05:23:09 Removed MyWinLocker Suite
07-12-2014 05:27:14 削除 PlayMemories Home
07-12-2014 05:28:57 Removed SamsungSimpleDL
07-12-2014 05:30:25 Removed 7-Zip 9.20 (x64 edition)
07-12-2014 07:00:01 Removed 7-Zip 9.21
07-12-2014 07:14:46 Installed 7-Zip 9.25 (x64 edition)
10-12-2014 08:25:20 Windows Update
12-12-2014 15:30:57 Windows Update
16-12-2014 07:32:21 Windows Update
20-12-2014 05:06:39 Windows Update
21-12-2014 17:23:28 Windows Update
27-12-2014 06:58:39 Windows Update
28-12-2014 05:37:37 Removed Skype™ 6.11
28-12-2014 05:51:46 Removed System Requirements Lab for Intel
28-12-2014 05:52:14 Removed Times Reader
28-12-2014 07:39:52 Installed Microsoft Fix it 50123

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-11-09 17:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10E9EB21-AE4C-4545-A55E-96ECE0C79967} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {13AD2619-4473-4CC4-87EB-6556D2BA0A29} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {17E6442F-A187-4918-AD43-44296FFD2004} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-11] (Google Inc.)
Task: {1972E568-FD6C-4859-9CD4-522F6E583011} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {1A2630BD-0E6D-46D7-A02B-FA966002D096} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-10-07] ()
Task: {245B5967-FCAB-420B-BACB-FDB120A1806A} - System32\Tasks\{4C13F02C-79F7-4C0B-8709-7C85BEC6795F} => pcalua.exe -a "C:\Users\TeamTkac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C19WAGYJ\yahoo_toolbar_install_helper.exe" -d C:\Users\TeamTkac\Desktop
Task: {2AA7ED17-B7CE-4E35-B267-F1F9AC60E7BA} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {361B43D1-76E7-448C-912A-E261058C4931} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-21] (AVAST Software)
Task: {37FA766A-2CE0-459B-ACB8-572EA8EEC4FB} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {4B0DA400-DB85-4094-86D5-FE2D2347D39A} - System32\Tasks\{BCC578ED-8FEF-42B0-A239-CFE639599683} => pcalua.exe -a "C:\Users\TeamTkac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95DVQ1KK\UPROsyncInstaller.exe" -d C:\Users\TeamTkac\Desktop
Task: {52179819-D804-49B6-8C73-836D9AAAA96F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {554162E7-2663-49D7-8B87-D2167420E402} - System32\Tasks\{49974574-8B8F-4115-B3FF-B1D48993F3C6} => pcalua.exe -a "C:\Users\TeamTkac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XDRDL3MI\jre-6u29-windows-i586-iftw.exe" -d C:\Users\TeamTkac\Desktop
Task: {6801D284-7C81-4170-91C3-F75AE67E9DE4} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2014-12-03] (Adobe Systems Incorporated)
Task: {6BC96265-37F1-44C8-8920-EA32D3CFC404} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-12-22] (Glarysoft Ltd)
Task: {6FE190FF-3D3D-4BB9-851F-384308B50164} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-563202287-1717114301-743867805-1000Core => C:\Users\TeamTkac\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-11] (Google Inc.)
Task: {71A69423-3472-4719-9774-49B4B55AA6C4} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-12-22] (Glarysoft Ltd)
Task: {896D2798-37B0-460F-8598-C174E515A1B8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {973797D9-7402-441D-A5AE-9A0E70A18003} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A34FE139-96B0-4C77-A93F-04FAA837E989} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {AB4E4466-A13C-4846-BCC6-A0B2325230D0} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {B1BF6AE5-C65C-475D-86ED-17D64AB05A69} - System32\Tasks\{C5370B14-3A20-42BA-95A4-04F3756E44EB} => pcalua.exe -a C:\Users\TeamTkac\Desktop\reflash_package.exe -d C:\Users\TeamTkac\Desktop
Task: {B6169160-2AB3-4970-B946-3690251FBBF6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-563202287-1717114301-743867805-1000UA => C:\Users\TeamTkac\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-11] (Google Inc.)
Task: {C81EF65D-0E58-40CF-8E69-D3FC07E5953D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-11] (Google Inc.)
Task: {DAE9C653-D513-4E49-B18D-32115D7F37CD} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-06-09] ()
Task: {E172CDAE-D74A-4AD9-9624-5E61D86D847D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E92ACD3F-F064-41A1-9EB8-6AF4EE56EBBB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-28] (Adobe Systems Incorporated)
Task: {EA3C4D93-3456-4050-9EE1-52804B5C6AE4} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-10] ()
Task: {F9A5D0B6-06BA-4543-A28C-E9BE0FDDABFA} - System32\Tasks\{23CB6078-131B-4617-B5D4-A30C13AADB4F} => pcalua.exe -a C:\Users\TeamTkac\Desktop\md5.exe -d C:\Users\TeamTkac\Desktop
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-563202287-1717114301-743867805-1000Core.job => C:\Users\TeamTkac\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-563202287-1717114301-743867805-1000UA.job => C:\Users\TeamTkac\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Loaded Modules (whitelisted) =============

2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-08-26 04:45 - 2011-06-10 12:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-21 18:54 - 2014-11-21 18:54 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-21 18:54 - 2014-11-21 18:54 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2012-10-07 14:02 - 2012-10-07 14:02 - 00186576 _____ () C:\ProgramData\HP Photo Creations\Communicator.exe
2014-11-21 18:54 - 2014-11-21 18:54 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-12-29 15:03 - 2014-12-29 15:03 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122901\algo.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-23 20:29 - 2011-04-23 20:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-23 20:29 - 2011-04-23 20:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-23 20:29 - 2011-04-23 20:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-10-14 23:28 - 2014-10-14 23:28 - 08897696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-08-24 20:03 - 2011-08-24 20:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-11-21 18:55 - 2014-11-21 18:55 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-22 01:56 - 2014-12-22 01:56 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2014-10-16 06:52 - 2014-10-16 06:52 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2011-08-26 04:04 - 2011-01-12 19:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\TeamTkac\Desktop\Facebook.website:TASKICON_0news964078814
AlternateDataStreams: C:\Users\TeamTkac\Desktop\Facebook.website:TASKICON_1messages523453257
AlternateDataStreams: C:\Users\TeamTkac\Desktop\Facebook.website:TASKICON_2events-954496249
AlternateDataStreams: C:\Users\TeamTkac\Desktop\Facebook.website:TASKICON_3friends2073392651

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^TeamTkac^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\TeamTkac\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-563202287-1717114301-743867805-500 - Administrator - Disabled)
Guest (S-1-5-21-563202287-1717114301-743867805-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-563202287-1717114301-743867805-1002 - Limited - Enabled)
TeamTkac (S-1-5-21-563202287-1717114301-743867805-1000 - Administrator - Enabled) => C:\Users\TeamTkac

==================== Faulty Device Manager Devices =============

Name: Photosmart Premium C309g-m
Description: Photosmart Premium C309g-m
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart Premium C309g-m
Description: Photosmart Premium C309g-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/29/2014 06:49:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 06:37:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19b8

Start Time: 01d0229ce2878d9b

Termination Time: 641

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/28/2014 10:23:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11091

Error: (12/28/2014 10:23:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11091

Error: (12/28/2014 10:23:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/28/2014 10:23:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9781

Error: (12/28/2014 10:23:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9781

Error: (12/28/2014 10:23:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/28/2014 10:23:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8065

Error: (12/28/2014 10:23:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8065

System errors:
=============
Error: (12/29/2014 11:03:16 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (12/29/2014 11:03:13 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (12/29/2014 09:12:34 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (12/29/2014 06:48:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (12/29/2014 06:48:11 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:44:05 AM on ‎12/‎29/‎2014 was unexpected.

Error: (12/28/2014 08:59:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (12/28/2014 08:59:07 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (12/28/2014 08:58:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Garmin Core Update Service service.

Error: (12/28/2014 03:04:43 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (12/28/2014 01:59:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Microsoft Office Sessions:
=========================
Error: (12/29/2014 06:49:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 06:37:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1749619b801d0229ce2878d9b641C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (12/28/2014 10:23:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11091

Error: (12/28/2014 10:23:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11091

Error: (12/28/2014 10:23:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/28/2014 10:23:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9781

Error: (12/28/2014 10:23:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9781

Error: (12/28/2014 10:23:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/28/2014 10:23:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8065

Error: (12/28/2014 10:23:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8065

CodeIntegrity Errors:
===================================
  Date: 2014-11-09 17:40:19.004
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-09 17:40:18.957
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 73%
Total physical RAM: 3947.86 MB
Available physical RAM: 1037.18 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 4117.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:580.07 GB) (Free:381.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: B4D0916B)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=580.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Pystryker - Thanks so much for the help - at times this laptop is barely usable with browser and app lag.

You're quite welcome, it's my pleasure. :) I'm not seeing the infection I thought was responsible for your issues in the logs. In fact, I'm not seeing anything malware related. However, we'll give it a good scrubbing, and we'll run some further scans to see what turns up. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
CustomCLSID: HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
CustomCLSID: HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
CustomCLSID: HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
CustomCLSID: HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 4: Scan with TDSSKiller

Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

TDSSKiller Log

How is the machine running now?

  • 0

#6
jt4211

jt4211

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

As requested:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014

Ran by TeamTkac at 2014-12-29 23:26:48 Run:1

Running from C:\Users\TeamTkac\Desktop

Loaded Profile: TeamTkac (Available profiles: TeamTkac)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

Start

CreateRestorePoint:

CloseProcesses:

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File

CustomCLSID: HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

CustomCLSID: HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File

CustomCLSID: HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File

CustomCLSID: HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File

CustomCLSID: HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state on

CMD: ipconfig /flushdns

Emptytemp:

Hosts:

*****************

Restore point was successfully created.

Processes closed successfully.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.

"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.

"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.

"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.

"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.

"HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => Key deleted successfully.

HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found.

HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found.

HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found.

HKU\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found.

========= netsh advfirewall reset =========

Ok.

 

========= End of CMD: =========

 

========= netsh advfirewall set allprofiles state on =========

Ok.

 

========= End of CMD: =========

 

========= ipconfig /flushdns =========

 

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

EmptyTemp: => Removed 1.9 GB temporary data.

 

The system needed a reboot.

==== End of Fixlog 23:29:17 ====


  • 0

#7
jt4211

jt4211

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

JRT.TXT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.1 (12.28.2014:1)

OS: Windows 7 Home Premium x64

Ran by TeamTkac on Mon 12/29/2014 at 23:38:25.75

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

~~~ Services

 

 

~~~ Registry Values

 

 

~~~ Registry Keys

 

 

~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-316F10F7.pf

Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-66EEE4D2.pf

Successfully deleted: [File] "C:\Windows\wininit.ini"

 

 

~~~ Folders

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 12/29/2014 at 23:44:46.69

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#8
jt4211

jt4211

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

ADWCLEANER LOG:

 

# AdwCleaner v4.106 - Report created 29/12/2014 at 23:50:14

# Updated 21/12/2014 by Xplode

# Database : 2014-12-28.1 [Live]

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : TeamTkac - TEAMTKAC-PC

# Running from : C:\Users\TeamTkac\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

Service Deleted : YahooAUService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Yahoo! Companion

***** [ Scheduled Tasks ] *****

 

***** [ Shortcuts ] *****

 

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.delta.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

 

-\\ Mozilla Firefox v

 

-\\ Google Chrome v

[C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Comodo Dragon v

[C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2070 octets] - [29/12/2014 23:48:07]

AdwCleaner[S0].txt - [2319 octets] - [29/12/2014 23:50:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2379 octets] ##########


  • 0

#9
jt4211

jt4211

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

TDSSKiller LOG:

 

23:57:54.0242 0x12c4 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20

23:58:01.0948 0x12c4 ============================================================

23:58:01.0948 0x12c4 Current date / time: 2014/12/29 23:58:01.0948

23:58:01.0948 0x12c4 SystemInfo:

23:58:01.0948 0x12c4

23:58:01.0948 0x12c4 OS Version: 6.1.7601 ServicePack: 1.0

23:58:01.0948 0x12c4 Product type: Workstation

23:58:01.0948 0x12c4 ComputerName: TEAMTKAC-PC

23:58:01.0948 0x12c4 UserName: TeamTkac

23:58:01.0948 0x12c4 Windows directory: C:\Windows

23:58:01.0948 0x12c4 System windows directory: C:\Windows

23:58:01.0948 0x12c4 Running under WOW64

23:58:01.0948 0x12c4 Processor architecture: Intel x64

23:58:01.0948 0x12c4 Number of processors: 4

23:58:01.0948 0x12c4 Page size: 0x1000

23:58:01.0948 0x12c4 Boot type: Normal boot

23:58:01.0948 0x12c4 ============================================================

23:58:04.0538 0x12c4 KLMD registered as C:\Windows\system32\drivers\08973878.sys

23:58:05.0864 0x12c4 System UUID: {7ED19978-CEEE-1531-ADF5-45E303F2DFD3}

23:58:07.0626 0x12c4 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:58:07.0626 0x12c4 ============================================================

23:58:07.0626 0x12c4 \Device\Harddisk0\DR0:

23:58:07.0626 0x12c4 MBR partitions:

23:58:07.0626 0x12c4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000

23:58:07.0626 0x12c4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x48825000

23:58:07.0626 0x12c4 ============================================================

23:58:07.0720 0x12c4 C: <-> \Device\Harddisk0\DR0\Partition2

23:58:07.0720 0x12c4 ============================================================

23:58:07.0720 0x12c4 Initialize success

23:58:07.0720 0x12c4 ============================================================

23:58:38.0421 0x06b4 ============================================================

23:58:38.0421 0x06b4 Scan started

23:58:38.0421 0x06b4 Mode: Manual; SigCheck; TDLFS;

23:58:38.0421 0x06b4 ============================================================

23:58:38.0421 0x06b4 KSN ping started

23:58:40.0917 0x06b4 KSN ping finished: true

23:58:44.0832 0x06b4 ================ Scan system memory ========================

23:58:44.0832 0x06b4 System memory - ok

23:58:44.0832 0x06b4 ================ Scan services =============================

23:58:46.0642 0x06b4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

23:58:46.0798 0x06b4 1394ohci - ok

23:58:47.0110 0x06b4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys

23:58:47.0219 0x06b4 ACPI - ok

23:58:47.0313 0x06b4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

23:58:47.0406 0x06b4 AcpiPmi - ok

23:58:47.0734 0x06b4 [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

23:58:47.0859 0x06b4 AdobeARMservice - ok

23:58:49.0746 0x06b4 [ 4E48A7DF7ECACB38C686B2BEBAA687A3, D4DEE6BD464855B24A6D40BC6A9279B2041099615C6A319D869DA113AD896EA3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

23:58:49.0840 0x06b4 AdobeFlashPlayerUpdateSvc - ok

23:58:50.0168 0x06b4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

23:58:50.0261 0x06b4 adp94xx - ok

23:58:50.0417 0x06b4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys

23:58:50.0464 0x06b4 adpahci - ok

23:58:50.0511 0x06b4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

23:58:50.0558 0x06b4 adpu320 - ok

23:58:50.0698 0x06b4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

23:58:50.0994 0x06b4 AeLookupSvc - ok

23:58:51.0228 0x06b4 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys

23:58:51.0306 0x06b4 AFD - ok

23:58:51.0416 0x06b4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys

23:58:51.0478 0x06b4 agp440 - ok

23:58:51.0634 0x06b4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe

23:58:51.0774 0x06b4 ALG - ok

23:58:51.0899 0x06b4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys

23:58:51.0946 0x06b4 aliide - ok

23:58:52.0024 0x06b4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys

23:58:52.0071 0x06b4 amdide - ok

23:58:52.0196 0x06b4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

23:58:52.0305 0x06b4 AmdK8 - ok

23:58:52.0305 0x06b4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

23:58:52.0367 0x06b4 AmdPPM - ok

23:58:52.0414 0x06b4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys

23:58:52.0461 0x06b4 amdsata - ok

23:58:52.0508 0x06b4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

23:58:52.0570 0x06b4 amdsbs - ok

23:58:52.0617 0x06b4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys

23:58:52.0695 0x06b4 amdxata - ok

23:58:52.0851 0x06b4 [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID C:\Windows\system32\drivers\appid.sys

23:58:52.0929 0x06b4 AppID - ok

23:58:52.0976 0x06b4 [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc C:\Windows\System32\appidsvc.dll

23:58:53.0069 0x06b4 AppIDSvc - ok

23:58:53.0288 0x06b4 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll

23:58:53.0381 0x06b4 Appinfo - ok

23:58:53.0662 0x06b4 [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

23:58:53.0709 0x06b4 Apple Mobile Device - ok

23:58:54.0005 0x06b4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys

23:58:54.0099 0x06b4 arc - ok

23:58:54.0286 0x06b4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys

23:58:54.0333 0x06b4 arcsas - ok

23:58:54.0692 0x06b4 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

23:58:54.0941 0x06b4 aspnet_state - ok

23:58:55.0347 0x06b4 [ 9BE9F2B83DE80E2752B1405CC427E2EC, 6015CA66553B3B882083B33F24FB338249A110D9769831C3D3D3C681AAFA9411 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys

23:58:55.0581 0x06b4 aswHwid - ok

23:58:55.0784 0x06b4 [ 2DA1C1AEDF454F8E32A863A1AEACDD8C, F02E4D197AE00B9A9507CF6007A7B7BEA54AF0F255B752FBA7174FA2596D1CA9 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys

23:58:55.0846 0x06b4 aswMonFlt - ok

23:58:55.0986 0x06b4 [ 4750016EF9CC1DEC6DA3FE5AF9A7F095, C4CF46246D8A3FF9BD8D2FE899685654ADD45EB9B032F33804D0B8131882BC74 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys

23:58:56.0018 0x06b4 aswRdr - ok

23:58:56.0361 0x06b4 [ 1323269A92645705DEFA053F3596829D, 83EC58E0577A1E45D1FCBC0C0AF182099FB70B9005B9F8161166EBB4E9F58F35 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys

23:58:56.0423 0x06b4 aswRvrt - ok

23:58:56.0829 0x06b4 [ E74FD717476B30E23F45354B8F3ACB30, 951D1655E1FA4CF0ACB29F2EEDDB3B42522D392F46DD826C63DCA8941E17ABA8 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys

23:58:57.0000 0x06b4 aswSnx - ok

23:58:57.0406 0x06b4 [ B1881A01E301990B671694CA1623F1B6, 5299C713EA7CF96F0550943DB37E963CDA09258F65C471CCEEAB44C4736B7A08 ] aswSP C:\Windows\system32\drivers\aswSP.sys

23:58:57.0624 0x06b4 aswSP - ok

23:58:57.0796 0x06b4 [ 7509F07BA6F84C1E3B2C0D78A1F6F782, A90A36E8E23F58E430DE98B3623688DC09D34B62906EF7796DFC90F581FC385F ] aswStm C:\Windows\system32\drivers\aswStm.sys

23:58:57.0843 0x06b4 aswStm - ok

23:58:58.0155 0x06b4 [ 1A5BDDE65B648DC3AD48B6ECAA3AE9C8, 858F674C3B775F9C8C782B7AFAC0B02AE9410C9F3B7F5B3AE1C4AD3BF6448C14 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys

23:58:58.0280 0x06b4 aswVmm - ok

23:58:58.0404 0x06b4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

23:58:58.0498 0x06b4 AsyncMac - ok

23:58:58.0638 0x06b4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys

23:58:58.0732 0x06b4 atapi - ok

23:58:59.0044 0x06b4 [ 185F180536188C1A4ED605234721A5B9, FF06E13656E3442D66F8092CA2CF5AC474EFF7DC9C530E8DD87843E8322EF5C5 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys

23:58:59.0294 0x06b4 AthBTPort - ok

23:58:59.0793 0x06b4 [ 1D1C5E029F0742F04F88C16E7A6AB0E0, B74E9B025EA5C4189954B73D0A160888F612353CEB551C14F8938710C0A5E59D ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

23:58:59.0918 0x06b4 AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )

23:59:02.0554 0x06b4 Detect skipped due to KSN trusted

23:59:02.0554 0x06b4 AtherosSvc - ok

23:59:03.0677 0x06b4 [ 16567AB05CD34F46D0DCBB129CA143C2, 4C76D866C8A897C43E8D5EA6119FE6470024995CA99C898A3A190603DC60E5EC ] athr C:\Windows\system32\DRIVERS\athrx.sys

23:59:04.0036 0x06b4 athr - ok

23:59:04.0411 0x06b4 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

23:59:04.0535 0x06b4 AudioEndpointBuilder - ok

23:59:04.0738 0x06b4 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll

23:59:04.0785 0x06b4 AudioSrv - ok

23:59:05.0175 0x06b4 [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

23:59:05.0237 0x06b4 avast! Antivirus - ok

23:59:07.0172 0x06b4 [ 4F4EBF6163D3A02D52A66BBD145B0069, 179B2FD2671F6BB8D3F77B39001F546A0DEBE85BFF9782060AF1DC50DFA071EF ] AvastVBoxSvc C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

23:59:07.0577 0x06b4 AvastVBoxSvc - ok

23:59:07.0796 0x06b4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll

23:59:08.0404 0x06b4 AxInstSV - ok

23:59:08.0825 0x06b4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

23:59:09.0637 0x06b4 b06bdrv - ok

23:59:09.0808 0x06b4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

23:59:09.0886 0x06b4 b57nd60a - ok

23:59:11.0696 0x06b4 [ 11F844B46B631337395651ABE9C4167B, 98771B4D9DABEE4C485D718E3BB7D4EF365CA1D7CF043BE12431BC08F6D16EFD ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

23:59:12.0117 0x06b4 BCM43XX - ok

23:59:12.0257 0x06b4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll

23:59:12.0351 0x06b4 BDESVC - ok

23:59:12.0476 0x06b4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys

23:59:12.0601 0x06b4 Beep - ok

23:59:13.0256 0x06b4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll

23:59:13.0474 0x06b4 BFE - ok

23:59:13.0708 0x06b4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll

23:59:16.0953 0x06b4 BITS - ok

23:59:17.0015 0x06b4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

23:59:17.0156 0x06b4 blbdrive - ok

23:59:17.0593 0x06b4 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

23:59:17.0639 0x06b4 Bonjour Service - ok

23:59:18.0123 0x06b4 [ 369D7E0E01117A1A4A23C9C6A04EED06, 000793ECF7BF88A108A9FF623AF03508AD360854D08BD70DF32C22EBFE78E119 ] BootDefragDriver C:\Windows\system32\drivers\BootDefragDriver.sys

23:59:18.0154 0x06b4 BootDefragDriver - ok

23:59:18.0232 0x06b4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

23:59:18.0279 0x06b4 bowser - ok

23:59:18.0388 0x06b4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

23:59:18.0482 0x06b4 BrFiltLo - ok

23:59:18.0513 0x06b4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

23:59:18.0575 0x06b4 BrFiltUp - ok

23:59:19.0043 0x06b4 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

23:59:19.0168 0x06b4 BridgeMP - ok

23:59:19.0371 0x06b4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll

23:59:19.0449 0x06b4 Browser - ok

23:59:19.0511 0x06b4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys

23:59:19.0699 0x06b4 Brserid - ok

23:59:19.0886 0x06b4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

23:59:20.0042 0x06b4 BrSerWdm - ok

23:59:20.0104 0x06b4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

23:59:20.0167 0x06b4 BrUsbMdm - ok

23:59:20.0229 0x06b4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

23:59:20.0369 0x06b4 BrUsbSer - ok

23:59:20.0697 0x06b4 [ D74A81CCF0372C955862692B7AF272C9, E38305D2F98315B107382FAA4508997E15A45007BDAA6607B8414B8DD9F075F1 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys

23:59:20.0884 0x06b4 BTATH_A2DP - ok

23:59:20.0931 0x06b4 [ 3118072D09DAA1961A9F6549A4E8433A, 19159A2D424362BAF84D98AA95E0F3F517FE46726B4A1E19DFE0B62D17DE6227 ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys

23:59:21.0040 0x06b4 btath_avdt - ok

23:59:21.0181 0x06b4 [ E6B734A37ADE36FE1A77035F4E484C8C, 7F3AB1E0CF9F348633B3B325F5F365CCD4C7FF7E4564BDE02C2DA27A499D0234 ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys

23:59:21.0259 0x06b4 BTATH_BUS - ok

23:59:21.0399 0x06b4 [ FB3833E63FF602B69C2FF085846DCF43, 468BC9580341AD4C65F0BBB3A11F3E39C1DD0F9694D098AB3647A181C03E4E11 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys

23:59:21.0477 0x06b4 BTATH_HCRP - ok

23:59:21.0711 0x06b4 [ 8008D892A2BDA67EEFBE25E14EB5DC83, 765FBBF0E58D0FA61A11AA888AB168314622572BB0F73E44FC4F88ACAF1ECB32 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys

23:59:21.0805 0x06b4 BTATH_LWFLT - ok

23:59:22.0054 0x06b4 [ ABCD3C16CA850A7594CEB9AD5D966810, DB0EAF000BB6F12F2AA550B66F5C61E08F2C6E58A18DA40BE69DD2B662D1EC60 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys

23:59:22.0226 0x06b4 BTATH_RCP - ok

23:59:22.0616 0x06b4 [ 65350DC9B058B34BBD3AC837C38C2817, ABC6484F5386D5E8E9E344103F6B8BBEF3988E225281C2815FC6843DBB5016E8 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys

23:59:22.0897 0x06b4 BtFilter - ok

23:59:23.0146 0x06b4 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

23:59:23.0318 0x06b4 BthEnum - ok

23:59:23.0411 0x06b4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

23:59:23.0552 0x06b4 BTHMODEM - ok

23:59:23.0614 0x06b4 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

23:59:23.0692 0x06b4 BthPan - ok

23:59:23.0973 0x06b4 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

23:59:24.0129 0x06b4 BTHPORT - ok

23:59:24.0379 0x06b4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll

23:59:24.0472 0x06b4 bthserv - ok

23:59:24.0613 0x06b4 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

23:59:24.0800 0x06b4 BTHUSB - ok

23:59:24.0940 0x06b4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

23:59:25.0049 0x06b4 cdfs - ok

23:59:25.0159 0x06b4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

23:59:25.0221 0x06b4 cdrom - ok

23:59:25.0439 0x06b4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll

23:59:25.0580 0x06b4 CertPropSvc - ok

23:59:25.0673 0x06b4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys

23:59:25.0829 0x06b4 circlass - ok

23:59:26.0001 0x06b4 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys

23:59:26.0141 0x06b4 CLFS - ok

23:59:26.0360 0x06b4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:59:26.0422 0x06b4 clr_optimization_v2.0.50727_32 - ok

23:59:26.0547 0x06b4 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:59:26.0641 0x06b4 clr_optimization_v2.0.50727_64 - ok

23:59:27.0124 0x06b4 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:59:27.0967 0x06b4 clr_optimization_v4.0.30319_32 - ok

23:59:28.0107 0x06b4 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:59:28.0575 0x06b4 clr_optimization_v4.0.30319_64 - ok

23:59:28.0715 0x06b4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

23:59:28.0825 0x06b4 CmBatt - ok

23:59:28.0903 0x06b4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys

23:59:29.0012 0x06b4 cmdide - ok

23:59:29.0230 0x06b4 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys

23:59:29.0386 0x06b4 CNG - ok

23:59:29.0542 0x06b4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

23:59:29.0589 0x06b4 Compbatt - ok

23:59:29.0729 0x06b4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

23:59:29.0870 0x06b4 CompositeBus - ok

23:59:29.0948 0x06b4 COMSysApp - ok

23:59:30.0073 0x06b4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

23:59:30.0119 0x06b4 crcdisk - ok

23:59:30.0338 0x06b4 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\Windows\system32\cryptsvc.dll

23:59:30.0431 0x06b4 CryptSvc - ok

23:59:30.0634 0x06b4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll

23:59:30.0962 0x06b4 DcomLaunch - ok

23:59:31.0087 0x06b4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll

23:59:31.0289 0x06b4 defragsvc - ok

23:59:31.0352 0x06b4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys

23:59:31.0492 0x06b4 DfsC - ok

23:59:31.0664 0x06b4 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys

23:59:31.0898 0x06b4 dg_ssudbus - ok

23:59:32.0054 0x06b4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll

23:59:32.0179 0x06b4 Dhcp - ok

23:59:32.0303 0x06b4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys

23:59:32.0459 0x06b4 discache - ok

23:59:32.0522 0x06b4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys

23:59:32.0553 0x06b4 Disk - ok

23:59:32.0865 0x06b4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll

23:59:32.0927 0x06b4 Dnscache - ok

23:59:33.0005 0x06b4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll

23:59:33.0083 0x06b4 dot3svc - ok

23:59:33.0333 0x06b4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll

23:59:33.0489 0x06b4 DPS - ok

23:59:33.0645 0x06b4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

23:59:33.0707 0x06b4 drmkaud - ok

23:59:33.0910 0x06b4 [ 9DD3A22F804697606C2B7FF9E912FF6B, BBE2FC0D554030BA9E3A96CC4A360D61DBCCAA1D81BD7547809F29A3AF0B3A25 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe

23:59:33.0988 0x06b4 DsiWMIService - ok

23:59:34.0269 0x06b4 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

23:59:34.0378 0x06b4 DXGKrnl - ok

23:59:34.0706 0x06b4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll

23:59:35.0033 0x06b4 EapHost - ok

23:59:36.0671 0x06b4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys

23:59:37.0139 0x06b4 ebdrv - ok

23:59:37.0280 0x06b4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe

23:59:37.0420 0x06b4 EFS - ok

23:59:37.0951 0x06b4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

23:59:38.0231 0x06b4 ehRecvr - ok

23:59:38.0387 0x06b4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe

23:59:38.0450 0x06b4 ehSched - ok

23:59:38.0668 0x06b4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys

23:59:38.0731 0x06b4 elxstor - ok

23:59:39.0230 0x06b4 [ 48425C93B6F36529707206E4FA680CF3, 328BD59DEDFAD359EF79CCFBC2AD3E9C95657EC616AE0611F5EFEB34B810692A ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

23:59:39.0433 0x06b4 ePowerSvc - ok

23:59:39.0464 0x06b4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys

23:59:39.0620 0x06b4 ErrDev - ok

23:59:39.0901 0x06b4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll

23:59:40.0010 0x06b4 EventSystem - ok

23:59:40.0135 0x06b4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys

23:59:40.0213 0x06b4 exfat - ok

23:59:40.0259 0x06b4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys

23:59:40.0306 0x06b4 fastfat - ok

23:59:40.0540 0x06b4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe

23:59:40.0727 0x06b4 Fax - ok

23:59:40.0790 0x06b4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys

23:59:40.0915 0x06b4 fdc - ok

23:59:41.0055 0x06b4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll

23:59:41.0164 0x06b4 fdPHost - ok

23:59:41.0227 0x06b4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll

23:59:41.0320 0x06b4 FDResPub - ok

23:59:41.0367 0x06b4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

23:59:41.0461 0x06b4 FileInfo - ok

23:59:41.0507 0x06b4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

23:59:41.0617 0x06b4 Filetrace - ok

23:59:41.0897 0x06b4 [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

23:59:41.0991 0x06b4 FLEXnet Licensing Service - ok

23:59:42.0100 0x06b4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

23:59:42.0163 0x06b4 flpydisk - ok

23:59:42.0225 0x06b4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

23:59:42.0272 0x06b4 FltMgr - ok

23:59:42.0724 0x06b4 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll

23:59:42.0911 0x06b4 FontCache - ok

23:59:43.0083 0x06b4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:59:43.0099 0x06b4 FontCache3.0.0.0 - ok

23:59:43.0161 0x06b4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

23:59:43.0239 0x06b4 FsDepends - ok

23:59:43.0426 0x06b4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

23:59:43.0473 0x06b4 Fs_Rec - ok

23:59:43.0738 0x06b4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

23:59:43.0801 0x06b4 fvevol - ok

23:59:43.0925 0x06b4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

23:59:43.0988 0x06b4 gagp30kx - ok

23:59:44.0456 0x06b4 [ 1412AF9A55BCC400E03FF3296C23DEAA, 2D31FE3D5F6C6E397450AB018FBA4C3468801B8DE06D5A614987049A26139888 ] Garmin Core Update Service C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

23:59:44.0690 0x06b4 Garmin Core Update Service - ok

23:59:44.0830 0x06b4 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:59:44.0877 0x06b4 GEARAspiWDM - ok

23:59:45.0267 0x06b4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll

23:59:45.0485 0x06b4 gpsvc - ok

23:59:45.0641 0x06b4 [ C9B2D1D3F86FD3673EF847DEF73B6F9E, 9D3822A6464F685F770F8D02A8AE623A676888F135E8425C3BAF1CC077429A7F ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

23:59:45.0657 0x06b4 GREGService - ok

23:59:45.0797 0x06b4 [ 0636745A40DEA06283D45885C228AF01, 514EF6F912CB9BF552AE109739BC02A2BC46B4784C65BC3C0B03DB6F60BBF380 ] GUBootStartup C:\Windows\System32\drivers\GUBootStartup.sys

23:59:45.0844 0x06b4 GUBootStartup - ok

23:59:46.0047 0x06b4 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:59:46.0125 0x06b4 gupdate - ok

23:59:46.0172 0x06b4 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:59:46.0187 0x06b4 gupdatem - ok

23:59:46.0453 0x06b4 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

23:59:46.0562 0x06b4 gusvc - ok

23:59:46.0609 0x06b4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

23:59:46.0733 0x06b4 hcw85cir - ok

23:59:46.0749 0x06b4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

23:59:46.0874 0x06b4 HdAudAddService - ok

23:59:46.0936 0x06b4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

23:59:47.0014 0x06b4 HDAudBus - ok

23:59:47.0123 0x06b4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

23:59:47.0186 0x06b4 HidBatt - ok

23:59:47.0233 0x06b4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys

23:59:47.0357 0x06b4 HidBth - ok

23:59:47.0498 0x06b4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys

23:59:47.0654 0x06b4 HidIr - ok

23:59:47.0763 0x06b4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll

23:59:47.0841 0x06b4 hidserv - ok

23:59:47.0950 0x06b4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys

23:59:48.0013 0x06b4 HidUsb - ok

23:59:48.0153 0x06b4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll

23:59:48.0262 0x06b4 hkmsvc - ok

23:59:48.0434 0x06b4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

23:59:48.0590 0x06b4 HomeGroupListener - ok

23:59:48.0855 0x06b4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

23:59:48.0871 0x06b4 HomeGroupProvider - ok

23:59:49.0261 0x06b4 [ 5DA42D24712E00728CEA2342A65009B2, 73EC5250DCFD556525B24B3CA66C64AC7747E77652A2AD6119936A59A9E8562A ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

23:59:49.0292 0x06b4 hpqcxs08 - ok

23:59:49.0417 0x06b4 [ D86A39BF100069444D026D22D9A6E555, 7B24D48D5BA67704C88697FADB64364E0E64D26259408E3C219820C5404C5EEC ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

23:59:49.0463 0x06b4 hpqddsvc - ok

23:59:49.0588 0x06b4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

23:59:49.0635 0x06b4 HpSAMD - ok

23:59:50.0072 0x06b4 [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

23:59:50.0243 0x06b4 HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )

23:59:52.0958 0x06b4 Detect skipped due to KSN trusted

23:59:52.0958 0x06b4 HPSLPSVC - ok

23:59:53.0098 0x06b4 [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys

23:59:53.0161 0x06b4 HTCAND64 - detected UnsignedFile.Multi.Generic ( 1 )

23:59:55.0625 0x06b4 Detect skipped due to KSN trusted

23:59:55.0625 0x06b4 HTCAND64 - ok

23:59:55.0875 0x06b4 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys

23:59:55.0984 0x06b4 HTTP - ok

23:59:56.0015 0x06b4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

23:59:56.0031 0x06b4 hwpolicy - ok

23:59:56.0125 0x06b4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

23:59:56.0203 0x06b4 i8042prt - ok

23:59:56.0327 0x06b4 [ D469B77687E12FE43E344806740B624D, DFDD486FD040813BF4E5DDB504CF9E0BFBF6D4E540DDDA4829F9B675ACF63E89 ] iaStor C:\Windows\system32\drivers\iaStor.sys

23:59:56.0390 0x06b4 iaStor - ok

23:59:56.0671 0x06b4 [ 983FC69644DDF0486C8DFEA262948D1A, 329EC95117C31E61F6D22D79CFF339D70A70522710E7DC0CED06EC95E6D4B34F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

23:59:56.0842 0x06b4 IAStorDataMgrSvc - ok

23:59:57.0123 0x06b4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

23:59:57.0201 0x06b4 iaStorV - ok

23:59:57.0419 0x06b4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:59:57.0607 0x06b4 idsvc - ok

23:59:57.0747 0x06b4 IEEtwCollectorService - ok

23:59:58.0574 0x06b4 [ 9937600A1584FF00565D5379EB4C9EDB, CF03333E9E7BD940B27194A9CF21ED8A6A10B698B545A898291976F650FC2675 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

23:59:59.0401 0x06b4 igfx - ok

23:59:59.0525 0x06b4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys

23:59:59.0588 0x06b4 iirsp - ok

23:59:59.0681 0x06b4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll

23:59:59.0837 0x06b4 IKEEXT - ok

00:00:00.0259 0x06b4 [ CB7DADEF3D83FE2C12655A0BDCBA99F2, AD55A578986F008ED01635D3BB26414D71F418640099BFA92D9CABAB6A88E01D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

00:00:00.0461 0x06b4 IntcAzAudAddService - ok

00:00:00.0617 0x06b4 [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

00:00:00.0711 0x06b4 IntcDAud - ok

00:00:00.0758 0x06b4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys

00:00:00.0805 0x06b4 intelide - ok

00:00:00.0945 0x06b4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

00:00:01.0132 0x06b4 intelppm - ok

00:00:01.0257 0x06b4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll

00:00:01.0397 0x06b4 IPBusEnum - ok

00:00:01.0429 0x06b4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:00:01.0569 0x06b4 IpFilterDriver - ok

00:00:01.0834 0x06b4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

00:00:02.0021 0x06b4 iphlpsvc - ok

00:00:02.0084 0x06b4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

00:00:02.0131 0x06b4 IPMIDRV - ok

00:00:02.0162 0x06b4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys

00:00:02.0287 0x06b4 IPNAT - ok

00:00:02.0521 0x06b4 [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

00:00:02.0739 0x06b4 iPod Service - ok

00:00:02.0848 0x06b4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys

00:00:02.0989 0x06b4 IRENUM - ok

00:00:03.0051 0x06b4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys

00:00:03.0113 0x06b4 isapnp - ok

00:00:03.0254 0x06b4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

00:00:03.0472 0x06b4 iScsiPrt - ok

00:00:03.0581 0x06b4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

00:00:04.0814 0x06b4 kbdclass - ok

00:00:06.0093 0x06b4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

00:00:06.0202 0x06b4 kbdhid - ok

00:00:06.0233 0x06b4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe

00:00:06.0733 0x06b4 KeyIso - ok

00:00:06.0842 0x06b4 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

00:00:08.0885 0x06b4 KSecDD - ok

00:00:09.0447 0x06b4 [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

00:00:09.0525 0x06b4 KSecPkg - ok

00:00:09.0697 0x06b4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

00:00:09.0806 0x06b4 ksthunk - ok

00:00:09.0931 0x06b4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll

00:00:10.0757 0x06b4 KtmRm - ok

00:00:11.0054 0x06b4 [ 0E154DA6CA9105354A07D0C576804037, 10A7F6E2A031C2D96B362411DCA2C347E7D7B6ADED9021674E0E633AB9F45D7B ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

00:00:11.0132 0x06b4 L1C - ok

00:00:11.0428 0x06b4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll

00:00:11.0647 0x06b4 LanmanServer - ok

00:00:11.0756 0x06b4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

00:00:11.0865 0x06b4 LanmanWorkstation - ok

00:00:12.0068 0x06b4 [ 93B73DED2BC688F140C6AE2FBAD45789, B6859BC5D309B99BCCDC3717108B714497AAE9C5B26CE5B201344A41FC4CFF9D ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe

00:00:12.0177 0x06b4 Live Updater Service - ok

00:00:12.0271 0x06b4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

00:00:12.0411 0x06b4 lltdio - ok

00:00:12.0520 0x06b4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll

00:00:12.0676 0x06b4 lltdsvc - ok

00:00:12.0707 0x06b4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll

00:00:12.0801 0x06b4 lmhosts - ok

00:00:13.0035 0x06b4 [ 50C7CE53EF461870410355F1F2E7D515, D6E84C63D74E4603D37FD7CC88BF51DE23CD17DB1D1AD4ADBED62F949F3C470C ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

00:00:13.0238 0x06b4 LMS - ok

00:00:13.0363 0x06b4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

00:00:13.0441 0x06b4 LSI_FC - ok

00:00:13.0487 0x06b4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

00:00:13.0503 0x06b4 LSI_SAS - ok

00:00:13.0519 0x06b4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

00:00:13.0565 0x06b4 LSI_SAS2 - ok

00:00:13.0612 0x06b4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

00:00:13.0690 0x06b4 LSI_SCSI - ok

00:00:13.0737 0x06b4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys

00:00:13.0815 0x06b4 luafv - ok

00:00:14.0002 0x06b4 [ CA43F8904E24BBE49982E4C0B29E6579, 2E3E6D02980706061C478C1643F8838310DDAC573C8722AE7F3290CE36B02CB2 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

00:00:14.0111 0x06b4 MBAMProtector - ok

00:00:14.0985 0x06b4 [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

00:00:15.0391 0x06b4 MBAMScheduler - ok

00:00:15.0578 0x06b4 [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

00:00:15.0640 0x06b4 MBAMService - ok

00:00:15.0749 0x06b4 [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys

00:00:15.0812 0x06b4 MBAMSwissArmy - ok

00:00:15.0890 0x06b4 [ A646C2DDB8C46E9B20A326FAF566646C, F46E3BF392CB4EB53D323BC8CC41EFBB9C5D7C935FECF255F524EB18583A2A37 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys

00:00:15.0968 0x06b4 MBAMWebAccessControl - ok

00:00:15.0968 0x06b4 McAfee SiteAdvisor Service - ok

00:00:16.0077 0x06b4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

00:00:16.0155 0x06b4 Mcx2Svc - ok

00:00:16.0217 0x06b4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys

00:00:16.0295 0x06b4 megasas - ok

00:00:16.0514 0x06b4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

00:00:16.0654 0x06b4 MegaSR - ok

00:00:16.0873 0x06b4 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys

00:00:16.0951 0x06b4 MEIx64 - ok

00:00:17.0075 0x06b4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll

00:00:17.0200 0x06b4 MMCSS - ok

00:00:17.0341 0x06b4 [ E1CE5BE3C912FD9734C8C93470A47B65, 27E8BF06898C242B70CA35B87D48DFC23431501800162B8FA9D69E7C422422FB ] mmpDrv C:\Windows\system32\Drivers\mmpDrv.sys

00:00:17.0356 0x06b4 mmpDrv - ok

00:00:17.0387 0x06b4 [ 3E5026B324FB71FD8D775EDF099A8275, BD451E71C2F1FB63AF892F3F648531F0963DD3CE74572D64F363B949157FF6E4 ] mmpguidrv C:\Windows\system32\Drivers\MmpGuiDrv.sys

00:00:17.0434 0x06b4 mmpguidrv - ok

00:00:17.0481 0x06b4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys

00:00:17.0621 0x06b4 Modem - ok

00:00:17.0684 0x06b4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

00:00:17.0840 0x06b4 monitor - ok

00:00:17.0887 0x06b4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

00:00:17.0918 0x06b4 mouclass - ok

00:00:17.0980 0x06b4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

00:00:18.0136 0x06b4 mouhid - ok

00:00:18.0199 0x06b4 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

00:00:18.0261 0x06b4 mountmgr - ok

00:00:18.0323 0x06b4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys

00:00:18.0386 0x06b4 mpio - ok

00:00:18.0448 0x06b4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

00:00:18.0511 0x06b4 mpsdrv - ok

00:00:18.0667 0x06b4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll

00:00:18.0823 0x06b4 MpsSvc - ok

00:00:18.0885 0x06b4 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

00:00:19.0025 0x06b4 MRxDAV - ok

00:00:19.0088 0x06b4 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

00:00:19.0228 0x06b4 mrxsmb - ok

00:00:19.0322 0x06b4 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:00:19.0400 0x06b4 mrxsmb10 - ok

00:00:19.0462 0x06b4 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:00:19.0603 0x06b4 mrxsmb20 - ok

00:00:19.0634 0x06b4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys

00:00:19.0696 0x06b4 msahci - ok

00:00:19.0759 0x06b4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys

00:00:19.0821 0x06b4 msdsm - ok

00:00:19.0868 0x06b4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe

00:00:19.0915 0x06b4 MSDTC - ok

00:00:19.0977 0x06b4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys

00:00:20.0133 0x06b4 Msfs - ok

00:00:20.0258 0x06b4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

00:00:20.0320 0x06b4 mshidkmdf - ok

00:00:20.0383 0x06b4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

00:00:20.0461 0x06b4 msisadrv - ok

00:00:20.0570 0x06b4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

00:00:20.0710 0x06b4 MSiSCSI - ok

00:00:20.0726 0x06b4 msiserver - ok

00:00:20.0835 0x06b4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

00:00:20.0897 0x06b4 MSKSSRV - ok

00:00:20.0960 0x06b4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

00:00:21.0053 0x06b4 MSPCLOCK - ok

00:00:21.0069 0x06b4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

00:00:21.0209 0x06b4 MSPQM - ok

00:00:21.0272 0x06b4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

00:00:21.0365 0x06b4 MsRPC - ok

00:00:21.0412 0x06b4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

00:00:21.0428 0x06b4 mssmbios - ok

00:00:21.0459 0x06b4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

00:00:21.0537 0x06b4 MSTEE - ok

00:00:21.0568 0x06b4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

00:00:21.0615 0x06b4 MTConfig - ok

00:00:21.0662 0x06b4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys

00:00:21.0724 0x06b4 Mup - ok

00:00:21.0880 0x06b4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll

00:00:21.0989 0x06b4 napagent - ok

00:00:22.0114 0x06b4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

00:00:22.0255 0x06b4 NativeWifiP - ok

00:00:22.0473 0x06b4 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys

00:00:22.0629 0x06b4 NDIS - ok

00:00:23.0113 0x06b4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

00:00:23.0206 0x06b4 NdisCap - ok

00:00:23.0269 0x06b4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

00:00:23.0347 0x06b4 NdisTapi - ok

00:00:23.0393 0x06b4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

00:00:23.0456 0x06b4 Ndisuio - ok

00:00:23.0503 0x06b4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

00:00:23.0549 0x06b4 NdisWan - ok

00:00:23.0581 0x06b4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

00:00:23.0627 0x06b4 NDProxy - ok

00:00:23.0752 0x06b4 [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

00:00:23.0861 0x06b4 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )

00:00:26.0498 0x06b4 Detect skipped due to KSN trusted

00:00:26.0498 0x06b4 Net Driver HPZ12 - ok

00:00:26.0591 0x06b4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

00:00:26.0716 0x06b4 NetBIOS - ok

00:00:26.0779 0x06b4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

00:00:26.0919 0x06b4 NetBT - ok

00:00:27.0028 0x06b4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe

00:00:27.0059 0x06b4 Netlogon - ok

00:00:27.0231 0x06b4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll

00:00:27.0309 0x06b4 Netman - ok

00:00:27.0449 0x06b4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

00:00:27.0574 0x06b4 NetMsmqActivator - ok

00:00:27.0574 0x06b4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

00:00:27.0605 0x06b4 NetPipeActivator - ok

00:00:27.0699 0x06b4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll

00:00:27.0855 0x06b4 netprofm - ok

00:00:27.0917 0x06b4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

00:00:27.0933 0x06b4 NetTcpActivator - ok

00:00:27.0964 0x06b4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

00:00:27.0995 0x06b4 NetTcpPortSharing - ok

00:00:28.0089 0x06b4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

00:00:28.0151 0x06b4 nfrd960 - ok

00:00:28.0229 0x06b4 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll

00:00:28.0307 0x06b4 NlaSvc - ok

00:00:28.0323 0x06b4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys

00:00:28.0354 0x06b4 Npfs - ok

00:00:28.0479 0x06b4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll

00:00:28.0651 0x06b4 nsi - ok

00:00:28.0713 0x06b4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

00:00:28.0822 0x06b4 nsiproxy - ok

00:00:29.0025 0x06b4 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

00:00:29.0150 0x06b4 Ntfs - ok

00:00:29.0321 0x06b4 [ 1873214666F6F0A883742DF91FBC48C9, DCF5382CE338D4B5B0C3A3B722A19B6C7BAB59EB7B266FEF04698B79070E2C4B ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

00:00:29.0431 0x06b4 NTI IScheduleSvc - ok

00:00:29.0524 0x06b4 [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys

00:00:29.0602 0x06b4 NTIDrvr - ok

00:00:29.0649 0x06b4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys

00:00:29.0727 0x06b4 Null - ok

00:00:29.0758 0x06b4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys

00:00:29.0821 0x06b4 nvraid - ok

00:00:29.0914 0x06b4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys

00:00:29.0961 0x06b4 nvstor - ok

00:00:30.0008 0x06b4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

00:00:30.0055 0x06b4 nv_agp - ok

00:00:30.0101 0x06b4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

00:00:30.0179 0x06b4 ohci1394 - ok

00:00:30.0398 0x06b4 [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

00:00:30.0460 0x06b4 ose64 - ok

00:00:31.0162 0x06b4 [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

00:00:31.0568 0x06b4 osppsvc - ok

00:00:31.0661 0x06b4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

00:00:31.0880 0x06b4 p2pimsvc - ok

00:00:31.0973 0x06b4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll

00:00:32.0098 0x06b4 p2psvc - ok

00:00:32.0145 0x06b4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys

00:00:32.0207 0x06b4 Parport - ok

00:00:32.0254 0x06b4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys

00:00:32.0285 0x06b4 partmgr - ok

00:00:32.0363 0x06b4 [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc C:\Windows\System32\pcasvc.dll

00:00:32.0551 0x06b4 PcaSvc - ok

00:00:32.0613 0x06b4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys

00:00:32.0675 0x06b4 pci - ok

00:00:32.0722 0x06b4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys

00:00:32.0738 0x06b4 pciide - ok

00:00:32.0831 0x06b4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

00:00:32.0909 0x06b4 pcmcia - ok

00:00:32.0956 0x06b4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys

00:00:32.0972 0x06b4 pcw - ok

00:00:33.0081 0x06b4 [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

00:00:33.0206 0x06b4 PEAUTH - ok

00:00:33.0362 0x06b4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe

00:00:33.0471 0x06b4 PerfHost - ok

00:00:33.0721 0x06b4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll

00:00:33.0845 0x06b4 pla - ok

00:00:33.0970 0x06b4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

00:00:34.0111 0x06b4 PlugPlay - ok

00:00:34.0204 0x06b4 [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

00:00:34.0547 0x06b4 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )

00:00:37.0309 0x06b4 Detect skipped due to KSN trusted

00:00:37.0309 0x06b4 Pml Driver HPZ12 - ok

00:00:37.0324 0x06b4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

00:00:37.0371 0x06b4 PNRPAutoReg - ok

00:00:37.0418 0x06b4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

00:00:37.0449 0x06b4 PNRPsvc - ok

00:00:37.0574 0x06b4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

00:00:37.0699 0x06b4 PolicyAgent - ok

00:00:37.0714 0x06b4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll

00:00:37.0761 0x06b4 Power - ok

00:00:37.0870 0x06b4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

00:00:37.0979 0x06b4 PptpMiniport - ok

00:00:38.0089 0x06b4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys

00:00:38.0291 0x06b4 Processor - ok

00:00:38.0479 0x06b4 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll

00:00:38.0603 0x06b4 ProfSvc - ok

00:00:38.0666 0x06b4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe

00:00:38.0681 0x06b4 ProtectedStorage - ok

00:00:38.0728 0x06b4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

00:00:38.0759 0x06b4 Psched - ok

00:00:39.0274 0x06b4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

00:00:39.0383 0x06b4 ql2300 - ok

00:00:39.0602 0x06b4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

00:00:39.0695 0x06b4 ql40xx - ok

00:00:39.0945 0x06b4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll

00:00:40.0241 0x06b4 QWAVE - ok

00:00:40.0366 0x06b4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

00:00:40.0647 0x06b4 QWAVEdrv - ok

00:00:40.0756 0x06b4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

00:00:40.0834 0x06b4 RasAcd - ok

00:00:40.0959 0x06b4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

00:00:41.0099 0x06b4 RasAgileVpn - ok

00:00:41.0193 0x06b4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll

00:00:41.0287 0x06b4 RasAuto - ok

00:00:41.0349 0x06b4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

00:00:41.0458 0x06b4 Rasl2tp - ok

00:00:41.0583 0x06b4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll

00:00:41.0833 0x06b4 RasMan - ok

00:00:41.0864 0x06b4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

00:00:41.0957 0x06b4 RasPppoe - ok

00:00:42.0020 0x06b4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

00:00:42.0176 0x06b4 RasSstp - ok

00:00:42.0254 0x06b4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

00:00:42.0394 0x06b4 rdbss - ok

00:00:42.0457 0x06b4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

00:00:42.0597 0x06b4 rdpbus - ok

00:00:42.0706 0x06b4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

00:00:42.0815 0x06b4 RDPCDD - ok

00:00:42.0878 0x06b4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

00:00:42.0940 0x06b4 RDPENCDD - ok

00:00:43.0003 0x06b4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

00:00:43.0034 0x06b4 RDPREFMP - ok

00:00:43.0221 0x06b4 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

00:00:43.0455 0x06b4 RdpVideoMiniport - ok

00:00:43.0533 0x06b4 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

00:00:43.0736 0x06b4 RDPWD - ok

00:00:43.0829 0x06b4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

00:00:43.0907 0x06b4 rdyboost - ok

00:00:44.0032 0x06b4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll

00:00:44.0219 0x06b4 RemoteAccess - ok

00:00:44.0344 0x06b4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll

00:00:44.0438 0x06b4 RemoteRegistry - ok

00:00:44.0609 0x06b4 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

00:00:44.0672 0x06b4 RFCOMM - ok

00:00:44.0797 0x06b4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

00:00:44.0875 0x06b4 RpcEptMapper - ok

00:00:44.0921 0x06b4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe

00:00:44.0968 0x06b4 RpcLocator - ok

00:00:45.0031 0x06b4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\System32\rpcss.dll

00:00:45.0077 0x06b4 RpcSs - ok

00:00:45.0218 0x06b4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

00:00:45.0358 0x06b4 rspndr - ok

00:00:45.0499 0x06b4 [ 9BEB5F18A418FF70659CE2E356829568, 8E327A99E68B5F9028778F5845719D00C590882B8609AF66D97DA880D537C937 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

00:00:45.0577 0x06b4 RSUSBSTOR - ok

00:00:45.0623 0x06b4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe

00:00:45.0639 0x06b4 SamSs - ok

00:00:45.0717 0x06b4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

00:00:45.0826 0x06b4 sbp2port - ok

00:00:45.0951 0x06b4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll

00:00:46.0060 0x06b4 SCardSvr - ok

00:00:46.0091 0x06b4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

00:00:46.0154 0x06b4 scfilter - ok

00:00:46.0450 0x06b4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll

00:00:46.0622 0x06b4 Schedule - ok

00:00:46.0669 0x06b4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll

00:00:46.0700 0x06b4 SCPolicySvc - ok

00:00:46.0778 0x06b4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll

00:00:46.0903 0x06b4 SDRSVC - ok

00:00:47.0012 0x06b4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys

00:00:47.0043 0x06b4 secdrv - ok

00:00:47.0043 0x06b4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll

00:00:47.0137 0x06b4 seclogon - ok

00:00:47.0168 0x06b4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll

00:00:47.0246 0x06b4 SENS - ok

00:00:47.0293 0x06b4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll

00:00:47.0339 0x06b4 SensrSvc - ok

00:00:47.0464 0x06b4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys

00:00:47.0542 0x06b4 Serenum - ok

00:00:47.0589 0x06b4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys

00:00:47.0636 0x06b4 Serial - ok

00:00:47.0729 0x06b4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys

00:00:47.0792 0x06b4 sermouse - ok

00:00:47.0870 0x06b4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll

00:00:48.0010 0x06b4 SessionEnv - ok

00:00:48.0041 0x06b4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

00:00:48.0088 0x06b4 sffdisk - ok

00:00:48.0135 0x06b4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

00:00:48.0197 0x06b4 sffp_mmc - ok

00:00:48.0229 0x06b4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

00:00:48.0244 0x06b4 sffp_sd - ok

00:00:48.0260 0x06b4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

00:00:48.0275 0x06b4 sfloppy - ok

00:00:48.0431 0x06b4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll

00:00:48.0541 0x06b4 SharedAccess - ok

00:00:48.0587 0x06b4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

00:00:48.0681 0x06b4 ShellHWDetection - ok

00:00:48.0712 0x06b4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

00:00:48.0728 0x06b4 SiSRaid2 - ok

00:00:48.0837 0x06b4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

00:00:48.0853 0x06b4 SiSRaid4 - ok

00:00:48.0931 0x06b4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys

00:00:48.0977 0x06b4 Smb - ok

00:00:49.0071 0x06b4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

00:00:49.0133 0x06b4 SNMPTRAP - ok

00:00:49.0227 0x06b4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys

00:00:49.0321 0x06b4 spldr - ok

00:00:49.0414 0x06b4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe

00:00:49.0664 0x06b4 Spooler - ok

00:00:50.0179 0x06b4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe

00:00:50.0444 0x06b4 sppsvc - ok

00:00:50.0522 0x06b4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll

00:00:50.0615 0x06b4 sppuinotify - ok

00:00:51.0083 0x06b4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys

00:00:51.0271 0x06b4 srv - ok

00:00:51.0286 0x06b4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

00:00:51.0427 0x06b4 srv2 - ok

00:00:51.0442 0x06b4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

00:00:51.0505 0x06b4 srvnet - ok

00:00:51.0614 0x06b4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

00:00:51.0692 0x06b4 SSDPSRV - ok

00:00:51.0739 0x06b4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll

00:00:52.0004 0x06b4 SstpSvc - ok

00:00:52.0175 0x06b4 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys

00:00:52.0269 0x06b4 ssudmdm - ok

00:00:52.0316 0x06b4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys

00:00:52.0363 0x06b4 stexstor - ok

00:00:52.0409 0x06b4 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

00:00:52.0534 0x06b4 StillCam - ok

00:00:52.0675 0x06b4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll

00:00:52.0784 0x06b4 stisvc - ok

00:00:52.0831 0x06b4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys

00:00:52.0846 0x06b4 swenum - ok

00:00:52.0987 0x06b4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll

00:00:53.0127 0x06b4 swprv - ok

00:00:53.0548 0x06b4 [ EF51B22706DB03F0857FADE127C804EC, F3A97B8D94E96ACF93448CDF33DED97B076C3D8FFE42E9EAD088EE662306277B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

00:00:53.0642 0x06b4 SynTP - ok

00:00:53.0814 0x06b4 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll

00:00:54.0032 0x06b4 SysMain - ok

00:00:54.0079 0x06b4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll

00:00:54.0094 0x06b4 TabletInputService - ok

00:00:54.0157 0x06b4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll

00:00:54.0235 0x06b4 TapiSrv - ok

00:00:54.0297 0x06b4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll

00:00:54.0344 0x06b4 TBS - ok

00:00:54.0703 0x06b4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

00:00:54.0843 0x06b4 Tcpip - ok

00:00:55.0062 0x06b4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

00:00:55.0124 0x06b4 TCPIP6 - ok

00:00:55.0249 0x06b4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

00:00:55.0311 0x06b4 tcpipreg - ok

00:00:55.0358 0x06b4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

00:00:55.0436 0x06b4 TDPIPE - ok

00:00:55.0483 0x06b4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

00:00:55.0561 0x06b4 TDTCP - ok

00:00:55.0639 0x06b4 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys

00:00:55.0764 0x06b4 tdx - ok

00:00:55.0842 0x06b4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys

00:00:55.0857 0x06b4 TermDD - ok

00:00:56.0076 0x06b4 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll

00:00:56.0216 0x06b4 TermService - ok

00:00:56.0263 0x06b4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll

00:00:56.0341 0x06b4 Themes - ok

00:00:56.0388 0x06b4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll

00:00:56.0419 0x06b4 THREADORDER - ok

00:00:56.0497 0x06b4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll

00:00:56.0590 0x06b4 TrkWks - ok

00:00:56.0731 0x06b4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

00:00:56.0824 0x06b4 TrustedInstaller - ok

00:00:56.0871 0x06b4 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

00:00:56.0918 0x06b4 tssecsrv - ok

00:00:57.0027 0x06b4 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

00:00:57.0058 0x06b4 TsUsbFlt - ok

00:00:57.0136 0x06b4 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

00:00:57.0230 0x06b4 TsUsbGD - ok

00:00:57.0308 0x06b4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

00:00:57.0402 0x06b4 tunnel - ok

00:00:57.0495 0x06b4 [ FD24F98D2898BE093FE926604BE7DB99, F9851C57A2ED838AC76BB19FE2F62BB81C57DBBE2A2555F738B5D6725D39AD61 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys

00:00:57.0558 0x06b4 TurboB - ok

00:00:57.0620 0x06b4 [ 600B406A04D90F577FEA8A88D7379F08, 77CC8E8AFB6F571A42D916C0B2FEFFD3A7A32A455C78228B407C6C9B6DED8CAD ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe

00:00:57.0636 0x06b4 TurboBoost - ok

00:00:57.0714 0x06b4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

00:00:57.0729 0x06b4 uagp35 - ok

00:00:57.0760 0x06b4 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper C:\Windows\system32\drivers\UBHelper.sys

00:00:57.0776 0x06b4 UBHelper - ok

00:00:57.0823 0x06b4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

00:00:57.0932 0x06b4 udfs - ok

00:00:57.0979 0x06b4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe

00:00:58.0057 0x06b4 UI0Detect - ok

00:00:58.0088 0x06b4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

00:00:58.0119 0x06b4 uliagpkx - ok

00:00:58.0197 0x06b4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys

00:00:58.0291 0x06b4 umbus - ok

00:00:58.0338 0x06b4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys

00:00:58.0400 0x06b4 UmPass - ok

00:00:58.0806 0x06b4 [ 374EBDA379A8F38E0CFC2211611E7167, 0D6C3002B28E27C052227488CEE69FA99399421FF777EB48031E6080A759F532 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

00:00:58.0993 0x06b4 UNS - ok

00:00:59.0164 0x06b4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll

00:00:59.0274 0x06b4 upnphost - ok

00:00:59.0367 0x06b4 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

00:00:59.0383 0x06b4 USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )

00:01:02.0206 0x06b4 Detect skipped due to KSN trusted

00:01:02.0206 0x06b4 USBAAPL64 - ok

00:01:02.0378 0x06b4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

00:01:02.0472 0x06b4 usbccgp - ok

00:01:02.0550 0x06b4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys

00:01:02.0908 0x06b4 usbcir - ok

00:01:02.0971 0x06b4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys

00:01:03.0049 0x06b4 usbehci - ok

00:01:03.0142 0x06b4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

00:01:03.0205 0x06b4 usbhub - ok

00:01:03.0314 0x06b4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys

00:01:03.0330 0x06b4 usbohci - ok

00:01:03.0423 0x06b4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys

00:01:03.0532 0x06b4 usbprint - ok

00:01:03.0564 0x06b4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:01:03.0642 0x06b4 USBSTOR - ok

00:01:03.0860 0x06b4 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

00:01:03.0876 0x06b4 usbuhci - ok

00:01:04.0000 0x06b4 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

00:01:04.0094 0x06b4 usbvideo - ok

00:01:04.0234 0x06b4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll

00:01:04.0344 0x06b4 UxSms - ok

00:01:04.0406 0x06b4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe

00:01:04.0422 0x06b4 VaultSvc - ok

00:01:05.0170 0x06b4 [ 1352B215BDC5807A5641E7C143796DD7, B54F95307253BB81E4CEE4F2033782210652364DE6A1E833B27ECE7E04A2BD51 ] VBoxAswDrv C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys

00:01:05.0217 0x06b4 VBoxAswDrv - ok

00:01:05.0326 0x06b4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

00:01:05.0373 0x06b4 vdrvroot - ok

00:01:05.0529 0x06b4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe

00:01:05.0748 0x06b4 vds - ok

00:01:05.0826 0x06b4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

00:01:05.0857 0x06b4 vga - ok

00:01:05.0872 0x06b4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys

00:01:05.0919 0x06b4 VgaSave - ok

00:01:05.0935 0x06b4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

00:01:05.0997 0x06b4 vhdmp - ok

00:01:06.0028 0x06b4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys

00:01:06.0106 0x06b4 viaide - ok

00:01:06.0153 0x06b4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys

00:01:06.0169 0x06b4 volmgr - ok

00:01:06.0200 0x06b4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

00:01:06.0231 0x06b4 volmgrx - ok

00:01:06.0247 0x06b4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys

00:01:06.0294 0x06b4 volsnap - ok

00:01:06.0340 0x06b4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

00:01:06.0372 0x06b4 vsmraid - ok

00:01:06.0668 0x06b4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe

00:01:06.0840 0x06b4 VSS - ok

00:01:06.0871 0x06b4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

00:01:06.0933 0x06b4 vwifibus - ok

00:01:06.0964 0x06b4 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

00:01:07.0011 0x06b4 vwififlt - ok

00:01:07.0120 0x06b4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll

00:01:07.0230 0x06b4 W32Time - ok

00:01:07.0292 0x06b4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

00:01:07.0339 0x06b4 WacomPen - ok

00:01:07.0386 0x06b4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

00:01:07.0464 0x06b4 WANARP - ok

00:01:07.0495 0x06b4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

00:01:07.0542 0x06b4 Wanarpv6 - ok

00:01:07.0729 0x06b4 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

00:01:07.0916 0x06b4 WatAdminSvc - ok

00:01:08.0197 0x06b4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe

00:01:08.0368 0x06b4 wbengine - ok

00:01:08.0415 0x06b4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

00:01:08.0493 0x06b4 WbioSrvc - ok

00:01:08.0649 0x06b4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll

00:01:08.0696 0x06b4 wcncsvc - ok

00:01:08.0743 0x06b4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

00:01:08.0821 0x06b4 WcsPlugInService - ok

00:01:08.0868 0x06b4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys

00:01:08.0930 0x06b4 Wd - ok

00:01:09.0086 0x06b4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

00:01:09.0164 0x06b4 Wdf01000 - ok

00:01:09.0226 0x06b4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll

00:01:09.0320 0x06b4 WdiServiceHost - ok

00:01:09.0320 0x06b4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll

00:01:09.0351 0x06b4 WdiSystemHost - ok

00:01:09.0414 0x06b4 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll

00:01:09.0492 0x06b4 WebClient - ok

00:01:09.0538 0x06b4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll

00:01:09.0585 0x06b4 Wecsvc - ok

00:01:09.0601 0x06b4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll

00:01:09.0679 0x06b4 wercplsupport - ok

00:01:09.0726 0x06b4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll

00:01:09.0757 0x06b4 WerSvc - ok

00:01:09.0804 0x06b4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

00:01:09.0866 0x06b4 WfpLwf - ok

00:01:09.0960 0x06b4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys

00:01:09.0975 0x06b4 WIMMount - ok

00:01:10.0022 0x06b4 WinDefend - ok

00:01:10.0022 0x06b4 WinHttpAutoProxySvc - ok

00:01:10.0100 0x06b4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

00:01:10.0178 0x06b4 Winmgmt - ok

00:01:10.0256 0x06b4 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll

00:01:10.0412 0x06b4 WinRM - ok

00:01:10.0537 0x06b4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

00:01:10.0615 0x06b4 WinUsb - ok

00:01:10.0786 0x06b4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll

00:01:10.0911 0x06b4 Wlansvc - ok

00:01:11.0114 0x06b4 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

00:01:11.0176 0x06b4 wlcrasvc - ok

00:01:11.0738 0x06b4 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

00:01:11.0956 0x06b4 wlidsvc - ok

00:01:12.0003 0x06b4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

00:01:12.0081 0x06b4 WmiAcpi - ok

00:01:12.0144 0x06b4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

00:01:12.0206 0x06b4 wmiApSrv - ok

00:01:12.0346 0x06b4 WMPNetworkSvc - ok

00:01:12.0471 0x06b4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll

00:01:12.0596 0x06b4 WPCSvc - ok

00:01:12.0705 0x06b4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

00:01:12.0830 0x06b4 WPDBusEnum - ok

00:01:12.0892 0x06b4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

00:01:12.0970 0x06b4 ws2ifsl - ok

00:01:13.0017 0x06b4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll

00:01:13.0142 0x06b4 wscsvc - ok

00:01:13.0142 0x06b4 WSearch - ok

00:01:13.0719 0x06b4 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll

00:01:13.0922 0x06b4 wuauserv - ok

00:01:14.0000 0x06b4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

00:01:14.0156 0x06b4 WudfPf - ok

00:01:14.0203 0x06b4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

00:01:14.0265 0x06b4 WUDFRd - ok

00:01:14.0312 0x06b4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

00:01:14.0343 0x06b4 wudfsvc - ok

00:01:14.0390 0x06b4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll

00:01:14.0546 0x06b4 WwanSvc - ok

00:01:15.0092 0x06b4 [ 6DB01688FDBF299F426EEB01DDEC684A, B183578E52662CAC6253E418B25BA1B9E4FF825485531C8749A130358D98A856 ] ZAtheros Wlan Agent C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe

00:01:15.0248 0x06b4 ZAtheros Wlan Agent - detected UnsignedFile.Multi.Generic ( 1 )

00:01:17.0916 0x06b4 ZAtheros Wlan Agent ( UnsignedFile.Multi.Generic ) - warning

00:01:20.0505 0x06b4 ================ Scan global ===============================

00:01:20.0568 0x06b4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll

00:01:20.0677 0x06b4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

00:01:20.0692 0x06b4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

00:01:20.0817 0x06b4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll

00:01:20.0895 0x06b4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe

00:01:20.0911 0x06b4 [ Global ] - ok

00:01:20.0911 0x06b4 ================ Scan MBR ==================================

00:01:20.0942 0x06b4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

00:01:22.0908 0x06b4 \Device\Harddisk0\DR0 - ok

00:01:22.0908 0x06b4 ================ Scan VBR ==================================

00:01:22.0923 0x06b4 [ 5FBD08512BEE6A3BF85CAD3400E6E8BE ] \Device\Harddisk0\DR0\Partition1

00:01:23.0048 0x06b4 \Device\Harddisk0\DR0\Partition1 - ok

00:01:23.0079 0x06b4 [ 8EB89C2363CD4C240BD7085C2558D5D8 ] \Device\Harddisk0\DR0\Partition2

00:01:23.0235 0x06b4 \Device\Harddisk0\DR0\Partition2 - ok

00:01:23.0235 0x06b4 ================ Scan generic autorun ======================

00:01:23.0313 0x06b4 [ BA9E8BF3E91C14DE99FDB1FA946D07AF, 9C3F5F52EE5B8D02B15EE18AA492FB110547A8DCDA3F8284A614F4E1A30F9BB1 ] C:\Windows\system32\igfxtray.exe

00:01:23.0407 0x06b4 IgfxTray - ok

00:01:23.0469 0x06b4 [ B20857C91A3E992A5AC93D8625C53CAE, ECB89856B267E2F4930CB7B404B51425C6375A47F864577C1A7B8B255278EC12 ] C:\Windows\system32\hkcmd.exe

00:01:23.0500 0x06b4 HotKeysCmds - ok

00:01:23.0516 0x06b4 [ 29E120E36791B2E620CC398847C28E12, 7C2904FEDD50F49447FD091D33BB3BFA5A2A684101ADB123BC2C08699320B912 ] C:\Windows\system32\igfxpers.exe

00:01:23.0594 0x06b4 Persistence - ok

00:01:23.0594 0x06b4 SynTPEnh - ok

00:01:24.0670 0x06b4 [ 5DADA908E14051D65DB1991CB0B1F58D, DC02EDA032CEC2241F302995BF010B0376D5421A3E97583CB8A13A80993290B4 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

00:01:25.0357 0x06b4 RtHDVCpl - ok

00:01:25.0669 0x06b4 [ E897F9B62E611D59FDFAB82FC829B93A, E11E1A488D461105104E7FFD9F8219BDD231807FE33600233BEF11A432E138FD ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

00:01:25.0887 0x06b4 RtHDVBg_Dolby - ok

00:01:26.0324 0x06b4 [ F0474296AC4E0E6BDE733C1B8513E41A, 2E54894FC1B422F0C520D11166204926D3994A3440037D655C73D66D7118859C ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

00:01:26.0511 0x06b4 Power Management - ok

00:01:26.0714 0x06b4 [ 0D360F06B168A6F37ACA9D9F958245DA, 0F37D510AE0A31503A359F65D5C04CD798B178A3A3E2601DFBAB6534B3C7C23C ] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

00:01:26.0854 0x06b4 BackupManagerTray - ok

00:01:27.0229 0x06b4 [ 9ABC4E3B00CFA3A47D5569F5B49FE42F, 5D33CCE770BC9BC3AFA544A21F100A7F1E5A36577FDB30884160AC4BFE6A1838 ] C:\Program Files (x86)\Launch Manager\LManager.exe

00:01:27.0354 0x06b4 LManager - ok

00:01:27.0416 0x06b4 [ E6CC0FA3C1040C791EB3F4BA6C789411, 095D5965FEE00ACB6D8713B2E2772A409A84F42D85383AEAF5FC3E2E393DC07D ] C:\Dolby PCEE4\pcee4.exe

00:01:27.0447 0x06b4 Dolby Advanced Audio v2 - ok

00:01:27.0697 0x06b4 [ 07A37CB5C5A01E73FB69F138FAE2DB0E, 9E8B5D78D7EAB8FA35133763EDA91AFE5CDEE275D604F02CDB56FB00A0D5AA0F ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

00:01:27.0837 0x06b4 Adobe ARM - ok

00:01:27.0931 0x06b4 [ C637FC4638A96165256B28D38DE7B953, CD658543610F151C7860DBDCF36596C9B5417D87E598FA50A435392D4AED1C14 ] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

00:01:27.0978 0x06b4 HP Software Update - ok

00:01:28.0040 0x06b4 [ 7D21171DA91A625692DAA6E0F27D27B2, 615EC0AD0CAD424048630F53014E8FC3A02505FFEEE7E90FF410F1DF88DACC0A ] C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe

00:01:28.0134 0x06b4 YMailAdvisor - ok

00:01:29.0304 0x06b4 [ 312C7978F0A42DB0475CE31D884DCE88, 53DBEF2473F39754BB1BC352DB9A32607FD3A2E2DC5E7AA6AE821CABEC00CCD1 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe

00:01:29.0569 0x06b4 AvastUI.exe - ok

00:01:29.0725 0x06b4 [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

00:01:29.0818 0x06b4 SunJavaUpdateSched - ok

00:01:29.0881 0x06b4 [ 0EF0822810009D58118CCDFD098FA9F4, 9FAA263057898BCDBCB0A064C463F48D149474AA339A3C4C47626CC118750D2D ] C:\Program Files (x86)\iTunes\iTunesHelper.exe

00:01:29.0974 0x06b4 iTunesHelper - ok

00:01:30.0099 0x06b4 [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe

00:01:30.0240 0x06b4 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )

00:01:32.0907 0x06b4 Detect skipped due to KSN trusted

00:01:32.0907 0x06b4 QuickTime Task - ok

00:01:33.0048 0x06b4 [ ED5A9D4C81EB2474185F092C2E2CA52F, 4DCC340A905F924ADE9936053ED5CE02F27B7BA02DD47149172C55693E746341 ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

00:01:33.0126 0x06b4 GarminExpressTrayApp - ok

00:01:33.0500 0x06b4 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] C:\Users\TeamTkac\AppData\Local\Google\Update\GoogleUpdate.exe

00:01:33.0531 0x06b4 Google Update - ok

00:01:33.0687 0x06b4 [ 146432E458B86C55F31B5BDF488E742F, 02B573DBA290AEB1C35A17C72D88716B87AF307BFBFD68638147D86DC4744CCF ] C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe

00:01:33.0781 0x06b4 GUDelayStartup - ok

00:01:33.0781 0x06b4 Adobe Speed Launcher - ok

00:01:33.0781 0x06b4 Waiting for KSN requests completion. In queue: 17

00:01:34.0795 0x06b4 Waiting for KSN requests completion. In queue: 17

00:01:35.0809 0x06b4 Waiting for KSN requests completion. In queue: 17

00:01:36.0901 0x06b4 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )

00:01:37.0026 0x06b4 Win FW state via NFP2: enabled

00:01:39.0568 0x06b4 ============================================================

00:01:39.0568 0x06b4 Scan finished

00:01:39.0568 0x06b4 ============================================================

00:01:39.0568 0x0c68 Detected object count: 1

00:01:39.0568 0x0c68 Actual detected object count: 1

00:02:49.0581 0x0c68 ZAtheros Wlan Agent ( UnsignedFile.Multi.Generic ) - skipped by user

00:02:49.0581 0x0c68 ZAtheros Wlan Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:02:58.0442 0x0434 Deinitialize success


  • 0

#10
jt4211

jt4211

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Pystryker - At the moment the system running much better - I no longer see the multitude of SVCHosts running in the background! 


  • 0

Advertisements


#11
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Pystryker - At the moment the system running much better - I no longer see the multitude of SVCHosts running in the background!


Good news :thumbsup:

The rootkit scan came back clean, so let's run some scans for remnants, orphans and out of date programs. :)

Please note: The ESET scan can take several hours to complete.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Start Malwarebytes and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#12
jt4211

jt4211

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Pystryker - logs requested:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/30/2014
Scan Time: 6:48:58 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.30.08
Rootkit Database: v2014.12.30.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: TeamTkac

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 413558
Time Elapsed: 28 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#13
jt4211

jt4211

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

ESET log:

 

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e1f75409da430c43ada058051a9cc325
# engine=21764
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-12-31 01:37:55
# local_time=2014-12-30 08:37:55 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 163105 183488765 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 171533325 0 0
# scanned=167998
# found=603
# cleaned=0
# scan_time=4053
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Acer\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Acer\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Acer\Acer Updater\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Acer\Acer Updater\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\clear.fi\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\clear.fi\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Garmin\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Garmin\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Garmin\Core Update Service\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Garmin\Core Update Service\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Garmin\Core Update Service\GRG-VEH-Duckie\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Garmin\Core Update Service\GRG-VEH-Duckie\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Garmin\Core Update Service\GRG-VEH-High Style\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Garmin\Core Update Service\GRG-VEH-High Style\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Garmin\Core Update Service\GRG-VEH-Lil' Missy\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Garmin\Core Update Service\GRG-VEH-Lil' Missy\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Garmin\Core Update Service\GRG-VEH-Princess\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Garmin\Core Update Service\GRG-VEH-Princess\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Garmin\Logs\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Garmin\Logs\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Garmin\Logs\ExpressTray\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Garmin\Logs\ExpressTray\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\HP\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\HP\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\HP\LGT 2.0\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\HP\LGT 2.0\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\HP\LGT 2.0\data\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\HP\LGT 2.0\data\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\HP\LGT 2.0\data\sessions\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\HP\LGT 2.0\data\sessions\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\HP Photo Creations\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\HP Photo Creations\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\HP Photo Creations\rlroot\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\HP Photo Creations\rlroot\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\HP Photo Creations\rlroot\app\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\HP Photo Creations\rlroot\app\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\HP Photo Creations\rlroot\app\images\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\HP Photo Creations\rlroot\app\images\DECRYPT_INSTRUCTION.TXT"
sh=22B079CBDF1296CA1BC94F01DDE55EA5564B1023 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\ProgramData\InstallMate\{1FC97845-8974-4CD4-AE3F-C156C42A5AB3}\Custom.dll"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Visan\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Visan\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Visan\PhotoProduct\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\ProgramData\Visan\PhotoProduct\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Acer\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Acer\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Acer\Acer Updater\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Acer\Acer Updater\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\clear.fi\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\clear.fi\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Garmin\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Garmin\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Garmin\Core Update Service\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Garmin\Core Update Service\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Garmin\Core Update Service\GRG-VEH-Duckie\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Garmin\Core Update Service\GRG-VEH-Duckie\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Garmin\Core Update Service\GRG-VEH-High Style\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Garmin\Core Update Service\GRG-VEH-High Style\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Garmin\Core Update Service\GRG-VEH-Lil' Missy\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Garmin\Core Update Service\GRG-VEH-Lil' Missy\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Garmin\Core Update Service\GRG-VEH-Princess\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Garmin\Core Update Service\GRG-VEH-Princess\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Garmin\Logs\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Garmin\Logs\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Garmin\Logs\ExpressTray\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Garmin\Logs\ExpressTray\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\HP\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\HP\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\HP\LGT 2.0\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\HP\LGT 2.0\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\HP\LGT 2.0\data\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\HP\LGT 2.0\data\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\HP\LGT 2.0\data\sessions\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\HP\LGT 2.0\data\sessions\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\HP Photo Creations\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\HP Photo Creations\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\HP Photo Creations\rlroot\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\HP Photo Creations\rlroot\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\HP Photo Creations\rlroot\app\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\HP Photo Creations\rlroot\app\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\HP Photo Creations\rlroot\app\images\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\HP Photo Creations\rlroot\app\images\DECRYPT_INSTRUCTION.TXT"
sh=22B079CBDF1296CA1BC94F01DDE55EA5564B1023 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{1FC97845-8974-4CD4-AE3F-C156C42A5AB3}\Custom.dll"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Visan\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Visan\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Visan\PhotoProduct\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\All Users\Visan\PhotoProduct\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\Public\Videos\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\Public\Videos\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Apple Computer\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Apple Computer\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Apple Computer\iTunes\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Apple Computer\iTunes\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Cyberlink\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Cyberlink\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Cyberlink\ArcadeMovie\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Cyberlink\ArcadeMovie\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Cyberlink\ArcadeMovie\Extra\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Cyberlink\ArcadeMovie\Extra\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Chrome\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Chrome\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Chrome\Application\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Chrome\Application\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Extensions\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Extensions\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\P9DDHVQS\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\P9DDHVQS\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Picasa2\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Picasa2\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Picasa2\db3\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Picasa2\db3\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Picasa2Albums\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Google\Picasa2Albums\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Messenger\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Messenger\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Office\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Office\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Office\15.0\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Office\15.0\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Office\15.0\OfficeFileCache - 2.old\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Office\15.0\OfficeFileCache - 2.old\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Office\15.0\OfficeFileCache.old\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Office\15.0\OfficeFileCache.old\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Photo Acquisition\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Photo Acquisition\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live\Contacts\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live\Contacts\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live\Contacts\Default\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live\Contacts\Default\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.4\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.4\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.4\DBStore\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.4\DBStore\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.4\DBStore\Backup\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.4\DBStore\Backup\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.4\DBStore\Backup\new\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.4\DBStore\Backup\new\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live Mail\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live Mail\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live Mail\Backup\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live Mail\Backup\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live Mail\Backup\new\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live Mail\Backup\new\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live Mail\Calendars\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live Mail\Calendars\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live Mail\Calendars\DBStore\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live Mail\Calendars\DBStore\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live Mail\Calendars\DBStore\Backup\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live Mail\Calendars\DBStore\Backup\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live Mail\Calendars\DBStore\Backup\new\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live Mail\Calendars\DBStore\Backup\new\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live Mail\Sentinel\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Live Mail\Sentinel\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Photo Gallery\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Photo Gallery\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Mozilla\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Mozilla\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Mozilla\Firefox\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\Mozilla\Firefox\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\PowerCinema\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\PowerCinema\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\PowerCinema\CLML\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\PowerCinema\CLML\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\PowerCinema\HomeMedia\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Local\PowerCinema\HomeMedia\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\DECRYPT_INSTRUCTION.TXT"
sh=F0F9BD554F14DE864D7033CFD708B1CC224FE5C3 ft=1 fh=bd303f807cc69c1b vn="a variant of Win32/Kryptik.CPYZ trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\fclyuqa.dll"
sh=E82333080E1D3FDB59D996C60F730501CB3313AB ft=1 fh=bd8f355654de3bbe vn="a variant of Win32/Kryptik.CUHG trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\ssufwmj.dll"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Adobe\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Adobe\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Adobe\Acrobat\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Adobe\Acrobat\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Adobe\Acrobat\10.0\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Adobe\Acrobat\10.0\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\OfficeStarter\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\OfficeStarter\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\OfficeStarter\1\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\OfficeStarter\1\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f97^2f000^2f000^2f000^2f034\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f97^2f000^2f000^2f000^2f034\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\Silverlight\is\5enf2bj1.j3a\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\Silverlight\is\5enf2bj1.j3a\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\Silverlight\is\5enf2bj1.j3a\bzvjn3yi.oys\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\Silverlight\is\5enf2bj1.j3a\bzvjn3yi.oys\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\Silverlight\is\5enf2bj1.j3a\bzvjn3yi.oys\1\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\Silverlight\is\5enf2bj1.j3a\bzvjn3yi.oys\1\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\Silverlight\is\5enf2bj1.j3a\bzvjn3yi.oys\1\s\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\Silverlight\is\5enf2bj1.j3a\bzvjn3yi.oys\1\s\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\Silverlight\is\5enf2bj1.j3a\bzvjn3yi.oys\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\Silverlight\is\5enf2bj1.j3a\bzvjn3yi.oys\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\Silverlight\is\5enf2bj1.j3a\bzvjn3yi.oys\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\f\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\Silverlight\is\5enf2bj1.j3a\bzvjn3yi.oys\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\f\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\Silverlight\is\5enf2bj1.j3a\bzvjn3yi.oys\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\Silverlight\is\5enf2bj1.j3a\bzvjn3yi.oys\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\Silverlight\is\5enf2bj1.j3a\bzvjn3yi.oys\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Microsoft\Silverlight\is\5enf2bj1.j3a\bzvjn3yi.oys\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Sun\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Sun\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Sun\Java\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Sun\Java\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Sun\Java\Deployment\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Sun\Java\Deployment\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Sun\Java\Deployment\SystemCache\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Sun\Java\Deployment\SystemCache\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Adobe\Flash Player\AssetCache\NBPFQKZZ\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Adobe\Flash Player\AssetCache\NBPFQKZZ\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Garmin\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Garmin\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Garmin\Map Update\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Garmin\Map Update\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Glarysoft\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Glarysoft\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Glarysoft\Absolute Uninstaller\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Glarysoft\Absolute Uninstaller\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\HP\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\HP\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\HP\WebRegLogs\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\HP\WebRegLogs\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\HP\WowLogs\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\HP\WowLogs\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Document Building Blocks\1033\15\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Document Building Blocks\1033\15\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Templates\LiveContent\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Templates\LiveContent\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Templates\LiveContent\15\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Templates\LiveContent\15\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Templates\LiveContent\15\Managed\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Templates\LiveContent\15\Managed\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Templates\LiveContent\15\Managed\Word Document Building Blocks\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Templates\LiveContent\15\Managed\Word Document Building Blocks\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\1033\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\1033\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Windows Live Photo Gallery\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Microsoft\Windows Live Photo Gallery\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Motive\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Motive\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Motive\Comcast\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Motive\Comcast\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Motive\Comcast\Snapshots\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Motive\Comcast\Snapshots\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Motive\Comcast\Snapshots\BrowserProfile\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Motive\Comcast\Snapshots\BrowserProfile\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Motive\Comcast\Snapshots\NetworkProfile\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Motive\Comcast\Snapshots\NetworkProfile\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Motive\Comcast\Snapshots\NICProfile\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Motive\Comcast\Snapshots\NICProfile\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\storage\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\storage\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\storage\persistent\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\storage\persistent\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\storage\persistent\chrome\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\storage\persistent\chrome\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\storage\persistent\chrome\idb\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\storage\persistent\chrome\idb\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\storage\persistent\https+++mega.co.nz\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\storage\persistent\https+++mega.co.nz\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\storage\persistent\https+++mega.co.nz\idb\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\storage\persistent\https+++mega.co.nz\idb\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\storage\persistent\moz-safe-about+home\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\storage\persistent\moz-safe-about+home\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\storage\persistent\moz-safe-about+home\idb\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\storage\persistent\moz-safe-about+home\idb\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\ActionLog\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\ActionLog\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\ActionLog\ContentDatabase\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\ActionLog\ContentDatabase\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\de-DE\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\de-DE\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\de-DE\ShareItLater\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\de-DE\ShareItLater\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\en-US\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\en-US\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\en-US\ShareItLater\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\en-US\ShareItLater\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\es-ES\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\es-ES\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\es-ES\ShareItLater\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\es-ES\ShareItLater\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\fr-FR\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\fr-FR\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\fr-FR\ShareItLater\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\fr-FR\ShareItLater\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\it-IT\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\it-IT\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\it-IT\ShareItLater\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\it-IT\ShareItLater\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\ja-JP\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\ja-JP\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\ja-JP\ShareItLater\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\ja-JP\ShareItLater\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\ko-KR\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\ko-KR\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\ko-KR\ShareItLater\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\ko-KR\ShareItLater\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\nl-NL\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\nl-NL\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\nl-NL\ShareItLater\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\nl-NL\ShareItLater\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\pl-PL\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\pl-PL\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\pl-PL\ShareItLater\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\pl-PL\ShareItLater\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\pt-BR\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\pt-BR\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\pt-BR\ShareItLater\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\pt-BR\ShareItLater\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\ru-RU\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\ru-RU\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\ru-RU\ShareItLater\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\ru-RU\ShareItLater\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\sv-SE\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\sv-SE\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\sv-SE\ShareItLater\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\sv-SE\ShareItLater\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\zh-CN\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\zh-CN\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\zh-CN\ShareItLater\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\zh-CN\ShareItLater\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\zh-TW\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\zh-TW\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\zh-TW\ShareItLater\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\AppData\Roaming\Sony Corporation\PMB\Uploader\Resources\zh-TW\ShareItLater\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Ash Senior Pics\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Ash Senior Pics\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Ashlyn Homecoming\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Ashlyn Homecoming\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\audio\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\audio\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\audio.htc\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\audio.htc\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\audio.htc\alarms\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\audio.htc\alarms\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\audio.htc\notifications\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\audio.htc\notifications\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\audio.htc\ringtones\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\audio.htc\ringtones\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Boston\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Boston\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\GooseWorks\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\GooseWorks\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Jeff's backup\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Jeff's backup\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Jeff's backup\DCIM\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Jeff's backup\DCIM\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Jeff's backup\DCIM\Camera\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Jeff's backup\DCIM\Camera\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Jeff's backup\International ROM\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Jeff's backup\International ROM\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Jeff's backup\KitKat4.4\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Jeff's backup\KitKat4.4\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Music\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Music\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Office\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Office\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Office\updates\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Office\updates\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Paint\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Paint\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\PDFs\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\PDFs\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\PDFs\Census PDFs\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\PDFs\Census PDFs\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Photos\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Photos\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Recover\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Recover\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Asking Alexandria\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Asking Alexandria\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Balanced Bull_Reloaded\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Balanced Bull_Reloaded\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Balanced Bull_Reloaded\Balanced Bull_ Reloaded\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Balanced Bull_Reloaded\Balanced Bull_ Reloaded\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Bless The Child v3\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Bless The Child v3\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Day Of Reckoning\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Day Of Reckoning\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Dead By April v2.2\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Dead By April v2.2\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Eclipse v2\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Eclipse v2\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Feed The Machine\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Feed The Machine\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Ktoonsified\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Ktoonsified\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Nightmare To Remember\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Nightmare To Remember\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Project Daylight\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Project Daylight\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Project Daylight\Day Light Edition Wallpapers\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Project Daylight\Day Light Edition Wallpapers\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Project_Icarus\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Project_Icarus\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Project_Icarus\Extras\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Project_Icarus\Extras\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Sleeping Dragon\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Sleeping Dragon\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Sleeping Dragon\Extras\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Sleeping Dragon\Extras\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Smooth Criminal\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Smooth Criminal\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Smooth Operator V2\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Smooth Operator V2\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Super Battery Saver 3.0\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Super Battery Saver 3.0\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Super Bull 2.1\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Super Bull 2.1\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Undisputed 2\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\Undisputed 2\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\What Lies Beneath\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4\KTweaker_shop\What Lies Beneath\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4 All-In_one\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4 All-In_one\DECRYPT_INSTRUCTION.TXT"
sh=74FACDDF0E4BDB1BDDD53B66488B29C568EF836A ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.EP trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4 All-In_one\I545ALL-IN-ONE-TOOL\pwn"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4TWBlackApks\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\S4TWBlackApks\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Sony Camcorder\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Sony Camcorder\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Sony Camcorder\Music\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Sony Camcorder\Music\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Trailer Pics\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Trailer Pics\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\ultradefrag-portable-6.0.2.amd64\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\ultradefrag-portable-6.0.2.amd64\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\ultradefrag-portable-6.0.2.amd64\options\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\ultradefrag-portable-6.0.2.amd64\options\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\ultradefrag-portable-6.0.2.amd64\scripts\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\ultradefrag-portable-6.0.2.amd64\scripts\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Videos\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Videos\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Videos\5-19-2012\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Videos\5-19-2012\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Zips\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Zips\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Zips\tools\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Desktop\Zips\tools\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\EaseUS Data Recovery Wizard Professional 6.0 + Serial\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\EaseUS Data Recovery Wizard Professional 6.0 + Serial\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\23F063209\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\23F063209\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\23F063209\2013-12-04 (06.28.48)\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\23F063209\2013-12-04 (06.28.48)\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\23F063209\2013-12-04 (06.28.48)\.system\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\23F063209\2013-12-04 (06.28.48)\.system\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\23F063209\2013-12-04 (06.28.48)\.system\sqlite\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\23F063209\2013-12-04 (06.28.48)\.system\sqlite\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\23F063209\2014-05-01 (18.51.03)\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\23F063209\2014-05-01 (18.51.03)\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\23F063209\2014-05-01 (18.51.03)\.system\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\23F063209\2014-05-01 (18.51.03)\.system\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\23F063209\2014-05-01 (18.51.03)\.system\sqlite\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\23F063209\2014-05-01 (18.51.03)\.system\sqlite\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\23F063209\2014-07-11 (19.57.14)\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\23F063209\2014-07-11 (19.57.14)\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\23F063209\2014-07-11 (19.57.14)\.system\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\23F063209\2014-07-11 (19.57.14)\.system\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\23F063209\2014-07-11 (19.57.14)\.system\sqlite\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\Garmin\Backups\23F063209\2014-07-11 (19.57.14)\.system\sqlite\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\My Data Sources\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\My Data Sources\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\My Scans\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\My Scans\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\My Scans\2013-03 (Mar)\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\My Scans\2013-03 (Mar)\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\My Scans\2014-06 (Jun)\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Documents\My Scans\2014-06 (Jun)\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Dropbox\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Dropbox\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Dropbox\Android\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Dropbox\Android\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Dropbox\Photos\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Dropbox\Photos\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Dropbox\Photos\Sample Album\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Dropbox\Photos\Sample Album\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Music\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Music\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Music\Bruce Springsteen\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Music\Bruce Springsteen\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Music\Bruce Springsteen\High Hopes\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Music\Bruce Springsteen\High Hopes\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Music\Miranda Lambert\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Music\Miranda Lambert\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Music\Miranda Lambert\Platinum\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Music\Miranda Lambert\Platinum\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Music\Unknown\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Music\Unknown\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Music\Unknown\Born & Raised\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Music\Unknown\Born & Raised\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Music\Unknown artist\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Music\Unknown artist\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Music\Unknown artist\Unknown album (6-17-2012 1-15-48 PM)\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Music\Unknown artist\Unknown album (6-17-2012 1-15-48 PM)\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Music\Unknown artist\Unknown album (6-17-2012 2-29-03 PM)\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Music\Unknown artist\Unknown album (6-17-2012 2-29-03 PM)\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Pictures\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Pictures\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Pictures\2013-05-04\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Pictures\2013-05-04\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Pictures\My Scans\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Pictures\My Scans\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Pictures\My Scans\2013-04 (Apr)\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Pictures\My Scans\2013-04 (Apr)\DECRYPT_INSTRUCTION.TXT"
sh=FAB211A413439AB5D2482DEC7391B8BBD9724AB3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Pictures\My Scans\2014-03 (Mar)\DECRYPT_INSTRUCTION.HTML"
sh=4465E8B6A89ED842BF1E28F2FB61DA09609FA6FD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR trojan" ac=I fn="C:\Users\TeamTkac\Pictures\My Scans\2014-03 (Mar)\DECRYPT_INSTRUCTION.TXT"
 


  • 0

#14
jt4211

jt4211

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Security Check log:

 

Results of screen317's Security Check version 0.99.93

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Antivirus

Antivirus out of date!

`````````Anti-malware/Other Utilities Check:`````````

Java 7 Update 71

Adobe Reader 10.1.13 Adobe Reader out of Date!

Google Chrome (39.0.2171.71)

Google Chrome (39.0.2171.95)

Google Chrome (DECRYPT_INSTRUCTION.HTML..)

Google Chrome (DECRYPT_INSTRUCTION.TXT..)

Google Chrome (plugins...)

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbam.exe

Malwarebytes Anti-Malware mbamscheduler.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast avastui.exe

AVAST Software Avast ng vbox\AvastVBoxSVC.exe

AVAST Software Avast ng ngservice.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````


  • 0

#15
jt4211

jt4211

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Pystryker - system still running good without lag and all those rogue svchost.exe's !!


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP