Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible malware/spyware - sluggish computer [Solved]


  • This topic is locked This topic is locked

#1
pepsiprincess

pepsiprincess

    Member

  • Member
  • PipPip
  • 23 posts

Hello thanks in advance for your help.

 

My daughters PC is having problems, it is sluggish, has popups from something called crime watch, and programs that I am unsure what they are or just unable to remove. When I try to remove them it gives me an error message.

 

The programs that I am not sure about or unable to remove are.. 

uniblue speed up my pc

supporter 1.80

regclean pro

plus hd 2.2

opryze lp mod tool

lottso deluxe

free rides game player

free download manager

chicken invaders 3

chainz 2 relinked

ask tool bar

 

I ran malware bytes and it had over 4000 things that were quarantined and removed. I am unsure where to go from here.

 

Again, thanks so much for your help

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by new (administrator) on WINDOWS on 17-03-2015 23:00:24
Running from C:\Users\new\Desktop
Loaded Profiles: new (Available profiles: new & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Catalytix Web Services) C:\Users\thomas\AppData\Local\ArcadeGiant\cat\CatWSPrx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\rcore.exe
() C:\Users\thomas\AppData\Local\ConvertAd\CASrv.exe
() C:\Users\thomas\AppData\Roaming\VOPackage\VOsrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Mathematical Applications) C:\ProgramData\onZoUFFII\YbQryGMeoG.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(PriceMeter) C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mathematical Applications) C:\ProgramData\onZoUFFII\dat\KkHUNLztltL.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe [232368 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [fst_us_176] => [X]
HKLM-x32\...\Run: [BlockAndSurf] => C:\Program Files (x86)\di5BlockAndSurf\BlockAndSurf.exe
HKLM-x32\...\Run: [ConvertAd] => C:\Users\thomas\AppData\Local\ConvertAd\ConvertAd.exe [1838080 2015-02-07] ()
HKLM-x32\...\Run: [gmsd_us_186] => [X]
HKLM-x32\...\Run: [gmsd_us_206] => [X]
HKLM-x32\...\Run: [gmsd_us_329] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1644680 2013-02-08] (Ask)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2577598248-3465682323-2258817992-1003\...\MountPoints2: {d537cacd-bb91-11e4-bf86-2016d8c64df9} - "F:\VZW_Software_upgrade_assistant.exe" 
AppInit_DLLs: C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL => C:\Program Files (x86)\Supporter\Supporter_x64.dll [4365824 2014-07-24] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\new\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (No File)
Startup: C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Users\new\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
Startup: C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
Startup: C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
ShortcutTarget: SmartWeb.lnk -> C:\Users\new\AppData\Local\SmartWeb\SmartWebHelper.exe (No File)
Startup: C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
ShortcutTarget: StormWatchApp.lnk -> C:\Users\new\AppData\Local\StormWatch\StormWatchApp.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=346074ad6
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=346074ad6
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
HKU\S-1-5-21-2577598248-3465682323-2258817992-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-2577598248-3465682323-2258817992-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2577598248-3465682323-2258817992-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft..../HPNOT13/1&OSP=
URLSearchHook: HKLM-x32 - (No Name) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - No File
URLSearchHook: HKLM-x32 - (No Name) - {78fad561-2f55-4bcd-b896-786662704334} - No File
URLSearchHook: HKU\S-1-5-21-2577598248-3465682323-2258817992-1003 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://rocket-find.c...r=520380837&ir=
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.v9.com...q={searchTerms}
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com...q={searchTerms}
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2577598248-3465682323-2258817992-1003 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = 
SearchScopes: HKU\S-1-5-21-2577598248-3465682323-2258817992-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2577598248-3465682323-2258817992-1003 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = 
SearchScopes: HKU\S-1-5-21-2577598248-3465682323-2258817992-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-02-08] (Ask)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-02-08] (Ask)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll [2009-12-27] (Exent Technologies Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 -> C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll [2014-07-21] (PriceMeter)
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 -> C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll [2014-07-21] (PriceMeter)
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-03-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-03-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-03-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-03-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-03-26]
FF HKLM-x32\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\new\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-25]
CHR Extension: (YouTube) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-25]
CHR Extension: (Google Search) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-25]
CHR Extension: (No Name) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-25]
CHR HKLM-x32\...\Chrome\Extension: [aaaaiihjniipljfegaknmbkneamnoajd] - C:\Users\thomas\AppData\Local\bearsharemusicboxtoolbar181\GC\toolbar.crx [2014-01-27]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2013-01-14]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2013-01-14]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2013-01-14]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2013-01-14]
CHR HKLM-x32\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx [2013-04-06]
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\thomas\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-07-22]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2013-01-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-12] (Advanced Micro Devices, Inc.) [File not signed]
S3 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-11-01] (Kaspersky Lab ZAO)
S2 be0fb33b; c:\Program Files (x86)\Supporter\SupporterSvc.dll [174416 2014-07-24] () [File not signed]
R2 CatWSPrx; C:\Users\thomas\AppData\Local\ArcadeGiant\cat\CatWSPrx.exe [1344104 2014-12-09] (Catalytix Web Services)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [38712 2013-01-10] (Hewlett-Packard)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [3427208 2014-07-21] (Cherished Technololgy LIMITED)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-15] (Electronic Arts)
S2 pricemeterliveUpdate; C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504 2014-07-21] (PriceMeter)
S3 pricemeterliveUpdatem; C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504 2014-07-21] (PriceMeter)
R2 rcores; C:\WINDOWS\rcore.exe [4686848 2015-02-02] () [File not signed]
R2 serverca; C:\Users\thomas\AppData\Local\ConvertAd\CASrv.exe [165888 2015-02-07] () [File not signed]
R2 servervo; C:\Users\thomas\AppData\Roaming\VOPackage\VOsrv.exe [71168 2014-07-21] () [File not signed] <==== ATTENTION
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-03-31] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 YbQryGMeoG; C:\ProgramData\onZoUFFII\YbQryGMeoG.exe [2733896 2015-01-06] (Mathematical Applications)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-22] (Advanced Micro Devices)
R2 CatWSw8; C:\WINDOWS\system32\Drivers\CatWSw864.sys [42392 2014-12-09] (Catalytix Web Services)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2013-11-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-11-01] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-11-01] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-04-23] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-04-23] (Kaspersky Lab ZAO)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R2 X5XSEx_Pr143; C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S1 wpnfd_1_10_0_6; system32\drivers\wpnfd_1_10_0_6.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-17 23:00 - 2015-03-17 23:01 - 00025481 _____ () C:\Users\new\Desktop\FRST.txt
2015-03-17 21:27 - 2015-03-17 23:00 - 00000000 ____D () C:\FRST
2015-03-17 21:26 - 2015-03-17 21:25 - 02095616 _____ (Farbar) C:\Users\new\Desktop\FRST64.exe
2015-03-17 18:11 - 2015-03-17 21:14 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-17 18:10 - 2015-03-17 18:10 - 00001078 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-17 18:10 - 2015-03-17 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-17 18:08 - 2015-03-17 18:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-17 18:08 - 2015-03-17 18:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-17 18:08 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-17 18:08 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-17 18:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-16 22:49 - 2015-03-16 22:49 - 00000000 _____ () C:\END
2015-03-16 22:34 - 2015-03-17 23:03 - 00000000 ____D () C:\Users\new\AppData\Local\CrimeWatch
2015-03-16 22:15 - 2015-03-16 22:15 - 00000000 ____D () C:\Program Files (x86)\predm
2015-03-16 18:13 - 2015-03-16 18:13 - 00000000 ____D () C:\Program Files (x86)\Ask.com
2015-03-16 03:32 - 2015-02-19 23:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-16 03:32 - 2015-02-19 22:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-16 03:32 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-16 03:32 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-16 03:32 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-16 03:32 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-16 03:32 - 2014-10-28 22:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-03-16 03:32 - 2014-10-28 22:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-03-16 03:32 - 2014-10-28 22:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-03-16 03:32 - 2014-10-28 22:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-03-16 03:32 - 2014-10-28 22:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-03-16 03:32 - 2014-10-28 22:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-03-16 03:16 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-16 02:52 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-16 02:52 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-16 02:47 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-16 02:47 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-16 02:46 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-16 02:46 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-16 02:46 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-16 02:46 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-16 02:46 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-16 02:43 - 2015-02-06 19:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-16 02:38 - 2015-03-05 22:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-16 02:38 - 2015-03-05 22:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-16 02:38 - 2015-02-25 19:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-16 02:37 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-16 02:37 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-16 02:37 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-03-16 02:37 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-03-16 02:37 - 2014-10-28 21:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-03-16 02:37 - 2014-10-28 21:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-03-16 02:37 - 2014-10-28 21:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-03-16 02:37 - 2014-10-28 21:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-03-16 02:36 - 2015-01-30 19:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-16 02:36 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-16 02:23 - 2015-02-05 21:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-16 02:22 - 2015-02-05 21:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-16 02:22 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-16 02:22 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-16 02:22 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-16 02:22 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-16 02:22 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-16 02:22 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-16 02:22 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-16 02:22 - 2014-10-28 21:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2015-03-16 02:21 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-16 02:21 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-16 02:21 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-16 02:20 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-16 02:20 - 2014-10-28 22:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2015-03-16 02:20 - 2014-10-28 22:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2015-03-16 02:20 - 2014-10-28 21:13 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-03-16 02:20 - 2014-10-28 20:55 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-03-16 02:14 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-16 02:14 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-16 02:14 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-16 02:14 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-16 02:13 - 2015-01-28 11:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-16 02:13 - 2015-01-28 11:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-16 02:13 - 2015-01-28 11:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-16 02:10 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-16 02:10 - 2015-01-28 21:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-16 02:10 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-16 02:10 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-16 02:10 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-16 02:10 - 2014-10-28 23:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-16 02:10 - 2014-10-28 22:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-16 02:10 - 2014-10-28 21:51 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-03-16 02:10 - 2014-10-28 21:20 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-03-16 02:09 - 2014-10-28 22:43 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe
2015-03-16 02:09 - 2014-10-28 22:34 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-03-16 02:09 - 2014-10-28 22:04 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll
2015-03-16 02:09 - 2014-10-28 21:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe
2015-03-16 02:09 - 2014-10-28 21:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2015-03-16 02:09 - 2014-10-28 21:45 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2015-03-16 02:09 - 2014-10-28 21:28 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2015-03-16 02:09 - 2014-10-28 21:15 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2015-03-16 02:09 - 2014-10-28 20:55 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2015-03-16 02:09 - 2014-10-28 20:44 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2015-03-16 02:09 - 2014-10-28 20:41 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2015-03-16 02:09 - 2014-10-28 20:35 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2015-03-16 02:08 - 2015-01-29 23:01 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-16 02:02 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-16 02:02 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-16 02:02 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-16 02:02 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-16 02:02 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-16 02:02 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-16 02:02 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-16 02:02 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-16 02:02 - 2014-10-28 21:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2015-03-16 02:02 - 2014-10-28 20:59 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll
2015-03-16 01:59 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-16 01:59 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-16 01:59 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-16 01:59 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-16 01:59 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-16 01:58 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-16 01:58 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-16 01:58 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-16 01:58 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-16 01:58 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-16 01:58 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-16 01:58 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-16 01:58 - 2015-02-19 22:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-16 01:58 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-16 01:58 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-16 01:58 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-16 01:58 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-16 01:58 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-16 01:58 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-16 01:58 - 2015-02-19 21:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-16 01:58 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-16 01:58 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-16 01:58 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-16 01:58 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-16 01:58 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-16 01:58 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-16 01:58 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-16 01:58 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-16 01:58 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-16 01:58 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-16 01:58 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-16 01:58 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-16 01:58 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-16 01:58 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-16 01:58 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-16 01:58 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-16 01:58 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-16 01:52 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-16 01:52 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-16 00:35 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-16 00:35 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-16 00:15 - 2015-03-16 00:15 - 00000004 _____ () C:\Users\new\AppData\Roaming\appdataFr2.bin
2015-03-15 23:54 - 2015-03-16 21:47 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-15 23:47 - 2015-03-16 21:49 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-03-15 23:47 - 2015-03-15 23:47 - 00003958 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-03-15 23:47 - 2015-03-15 23:47 - 00000000 ____D () C:\Users\new\AppData\Local\globalUpdate
2015-03-15 23:40 - 2015-03-17 18:00 - 00000000 ____D () C:\Users\new\AppData\Local\SmartWeb
2015-03-15 23:28 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-15 23:28 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-15 23:28 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-15 23:28 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-15 23:27 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-15 23:27 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-15 23:27 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-15 22:58 - 2015-03-16 00:10 - 00002226 _____ () C:\Users\new\Desktop\Google Chrome.lnk
2015-03-15 22:57 - 2015-03-17 19:53 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BE9A6BAC-E9F1-4025-AFA3-2D296E99610E}
2015-03-15 22:57 - 2015-03-15 22:57 - 00000000 __SHD () C:\Users\new\AppData\Local\EmieUserList
2015-03-15 22:57 - 2015-03-15 22:57 - 00000000 __SHD () C:\Users\new\AppData\Local\EmieSiteList
2015-03-15 22:57 - 2015-03-15 22:57 - 00000000 __SHD () C:\Users\new\AppData\Local\EmieBrowserModeList
2015-03-15 22:53 - 2015-03-15 22:53 - 00000000 ____D () C:\Users\new\AppData\Roaming\Origin
2015-03-15 22:53 - 2015-03-15 22:53 - 00000000 ____D () C:\Users\new\AppData\Local\Origin
2015-03-15 22:39 - 2015-03-15 22:39 - 00000000 ____D () C:\Users\new\AppData\Local\Windows Live
2015-03-02 12:44 - 2015-03-02 12:44 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2015-03-02 12:37 - 2015-03-02 12:37 - 00000000 ____D () C:\Users\new\AppData\Roaming\WebApp
2015-03-02 12:36 - 2015-03-02 12:37 - 00000000 ____D () C:\Users\new\Documents\CyberLink
2015-03-02 12:36 - 2015-03-02 12:36 - 00000000 ____D () C:\Users\new\AppData\Roaming\CyberLink
2015-03-02 12:05 - 2015-03-02 12:05 - 00000000 ____D () C:\Users\new\Documents\My Games
2015-03-02 12:00 - 2015-03-02 12:00 - 00000000 ____D () C:\Users\new\AppData\Local\Apple
2015-02-25 11:26 - 2015-03-16 22:32 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-02-25 11:16 - 2015-02-25 11:16 - 00000000 ____D () C:\Users\new\AppData\Local\Big Fish
2015-02-25 11:12 - 2015-02-25 11:12 - 00000000 ___HD () C:\Users\Public\Temp
2015-02-25 11:05 - 2015-02-25 11:05 - 00003376 _____ () C:\WINDOWS\System32\Tasks\Installer_shopperpro
2015-02-25 11:05 - 2015-02-25 11:05 - 00003348 _____ () C:\WINDOWS\System32\Tasks\Installer_ytd
2015-02-25 11:03 - 2015-02-25 11:03 - 00000000 ____D () C:\Users\new\AppData\Roaming\Macromedia
2015-02-25 11:01 - 2015-02-25 11:25 - 00000000 __SHD () C:\AI_RecycleBin
2015-02-25 11:01 - 2015-02-25 11:01 - 00000000 ____D () C:\Users\new\AppData\Local\CrashRpt
2015-02-25 11:01 - 2015-02-25 11:01 - 00000000 ____D () C:\ProgramData\PastaLeadsAgent
2015-02-25 11:01 - 2015-02-02 11:42 - 04686848 _____ () C:\WINDOWS\rcore.exe
2015-02-25 10:59 - 2015-02-25 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-02-25 10:59 - 2015-02-25 10:59 - 00000000 ____D () C:\Program Files\Common Files\PastaLeads
2015-02-25 10:58 - 2015-02-25 10:58 - 00000000 ____D () C:\Users\new\AppData\Roaming\Pro PC Cleaner
2015-02-23 15:32 - 2015-03-15 22:38 - 00000000 ____D () C:\Users\new\AppData\Roaming\Apple Computer
2015-02-23 15:32 - 2015-02-23 15:32 - 00000000 ____D () C:\Users\new\AppData\Local\Apple Computer
2015-02-23 14:43 - 2015-03-17 23:04 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2577598248-3465682323-2258817992-1003
2015-02-23 14:43 - 2015-03-17 22:23 - 00000000 ___DO () C:\Users\new\OneDrive
2015-02-23 14:38 - 2015-02-23 14:38 - 00000000 ____D () C:\Users\new\AppData\Local\Power2Go8
2015-02-23 14:37 - 2015-02-23 14:37 - 00000000 ____D () C:\Users\new\AppData\Roaming\Synaptics
2015-02-23 14:34 - 2015-03-16 18:14 - 00000000 ____D () C:\Users\new\AppData\Roaming\Systweak
2015-02-23 14:34 - 2015-03-15 22:58 - 00001082 _____ () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-23 14:34 - 2015-03-15 22:58 - 00000000 ____D () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-23 14:34 - 2015-02-23 14:34 - 00000000 ____D () C:\Users\new\AppData\Roaming\Adobe
2015-02-23 14:34 - 2015-02-23 14:34 - 00000000 ____D () C:\Users\new\AppData\Local\VirtualStore
2015-02-23 14:34 - 2015-02-23 14:34 - 00000000 ____D () C:\Users\new\AppData\Local\speed browser
2015-02-23 14:34 - 2015-02-23 14:34 - 00000000 ____D () C:\Users\new\AppData\Local\Google
2015-02-23 14:33 - 2015-02-23 14:43 - 00000000 ____D () C:\Users\new\AppData\Local\Packages
2015-02-23 14:31 - 2015-02-23 14:31 - 00000020 ___SH () C:\Users\new\ntuser.ini
2015-02-23 14:31 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-02-23 14:31 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-02-23 14:29 - 2015-03-17 22:19 - 00000000 ____D () C:\Users\new
2015-02-23 14:29 - 2014-11-14 11:04 - 00000000 ___RD () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-23 14:29 - 2014-09-25 14:26 - 00000000 ___RD () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-23 14:29 - 2014-03-31 02:03 - 00000000 ____D () C:\Users\new\Documents\hp.system.package.metadata
2015-02-23 14:29 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-23 14:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-18 21:55 - 2015-02-18 21:59 - 00006189 _____ () C:\Users\thomas\Desktop\META.BIN
2015-02-15 13:00 - 2015-03-16 22:19 - 00000000 ____D () C:\Users\thomas\AppData\Local\gmsd_us_206
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-17 23:01 - 2015-01-06 14:46 - 00000350 _____ () C:\WINDOWS\Tasks\AgSupport.job
2015-03-17 23:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-17 22:53 - 2014-07-21 18:53 - 00000314 _____ () C:\WINDOWS\Tasks\Rocket Updater.job
2015-03-17 22:48 - 2014-07-21 18:43 - 00000984 _____ () C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
2015-03-17 22:44 - 2014-03-31 02:32 - 01729025 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-17 22:42 - 2014-07-21 18:42 - 00000314 _____ () C:\WINDOWS\Tasks\Price Meter Updater.job
2015-03-17 22:34 - 2013-05-15 20:56 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-17 22:32 - 2015-01-06 14:46 - 00000280 _____ () C:\WINDOWS\Tasks\ArcadeGiant Updater.job
2015-03-17 22:29 - 2014-08-27 23:11 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-17 22:25 - 2013-11-14 03:28 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-17 22:20 - 2013-07-29 15:42 - 00001928 _____ () C:\WINDOWS\Tasks\Plus-HD-2.2-chromeinstaller.job
2015-03-17 22:19 - 2014-07-21 18:43 - 00000980 _____ () C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
2015-03-17 22:19 - 2013-07-29 15:42 - 00001852 _____ () C:\WINDOWS\Tasks\Plus-HD-2.2-firefoxinstaller.job
2015-03-17 22:19 - 2013-07-29 15:42 - 00001308 _____ () C:\WINDOWS\Tasks\Plus-HD-2.2-updater.job
2015-03-17 22:19 - 2013-07-29 15:42 - 00001220 _____ () C:\WINDOWS\Tasks\Plus-HD-2.2-codedownloader.job
2015-03-17 22:19 - 2013-06-26 18:32 - 00000356 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC.job
2015-03-17 22:19 - 2013-05-15 22:04 - 00000268 _____ () C:\WINDOWS\Tasks\DriverScanner.job
2015-03-17 22:19 - 2013-05-15 21:49 - 00000360 _____ () C:\WINDOWS\Tasks\dsmonitor.job
2015-03-17 22:17 - 2013-08-22 10:46 - 00374012 _____ () C:\WINDOWS\setupact.log
2015-03-17 22:17 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-17 21:25 - 2014-07-21 17:36 - 00000364 _____ () C:\WINDOWS\Tasks\bench-S-1-5-21-2577598248-3465682323-2258817992-1002.job
2015-03-17 21:12 - 2015-01-06 14:46 - 00008432 _____ () C:\WINDOWS\SysWOW64\CatWSPrx.ini
2015-03-17 21:12 - 2015-01-06 14:46 - 00004512 _____ () C:\WINDOWS\SysWOW64\CatWSPrxOff.ini
2015-03-17 21:12 - 2015-01-06 14:46 - 00004512 _____ () C:\WINDOWS\system32\CatWSPrxOff.ini
2015-03-17 21:12 - 2013-11-14 03:20 - 00032418 _____ () C:\WINDOWS\PFRO.log
2015-03-17 21:11 - 2013-08-22 09:25 - 04194304 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-17 20:14 - 2014-06-07 23:01 - 00000950 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2577598248-3465682323-2258817992-1002UA.job
2015-03-17 11:20 - 2015-01-19 21:26 - 00003090 _____ () C:\WINDOWS\System32\Tasks\RegClean Pro
2015-03-17 11:03 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-16 22:36 - 2015-01-19 20:52 - 00004024 _____ () C:\WINDOWS\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-03-16 22:34 - 2013-07-31 01:07 - 00000000 ____D () C:\Users\thomas\AppData\Local\Conduit
2015-03-16 22:15 - 2015-02-07 19:13 - 00000000 ____D () C:\Users\thomas\AppData\Local\gmsd_us_186
2015-03-16 22:00 - 2013-08-22 10:44 - 00337808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-16 21:57 - 2014-07-24 20:11 - 00000000 ____D () C:\ProgramData\cosstminn
2015-03-16 21:57 - 2014-07-21 17:36 - 00000000 ____D () C:\Program Files (x86)\Bench
2015-03-16 21:55 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-16 21:55 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-16 21:55 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-16 21:55 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-16 21:55 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-16 21:55 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-16 21:55 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-16 21:54 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-16 21:24 - 2014-04-08 00:13 - 00000000 ____D () C:\ProgramData\Systweak
2015-03-16 21:14 - 2014-07-21 17:37 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-03-16 21:05 - 2014-07-24 16:22 - 00000000 ____D () C:\Users\thomas\AppData\Local\fst_us_176
2015-03-16 21:04 - 2014-07-24 20:11 - 00000000 ____D () C:\ProgramData\88e37c61633f8e2f
2015-03-16 21:04 - 2014-07-24 20:11 - 00000000 ____D () C:\Program Files (x86)\cosstminn
2015-03-16 19:24 - 2013-08-27 14:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-16 18:58 - 2013-03-21 01:30 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-16 03:44 - 2013-07-29 15:41 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-2.2
2015-03-16 00:06 - 2014-03-31 01:55 - 00000000 ____D () C:\Users\Guest
2015-03-16 00:01 - 2014-08-27 11:18 - 00000000 ____D () C:\Program Files (x90)
2015-03-15 23:41 - 2012-10-19 22:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-15 23:41 - 2012-10-19 22:46 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-03-15 23:14 - 2014-06-07 23:01 - 00000928 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2577598248-3465682323-2258817992-1002Core.job
2015-03-15 22:53 - 2014-11-10 20:14 - 00000000 ____D () C:\ProgramData\Origin
2015-03-15 22:52 - 2014-11-10 20:14 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-04 17:24 - 2014-12-11 07:47 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-04 17:24 - 2014-12-11 07:47 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-03 09:17 - 2014-06-12 15:44 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-02 13:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-02 12:16 - 2012-10-19 22:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-02 12:13 - 2012-10-19 22:48 - 00000000 ____D () C:\Program Files (x86)\HP Games
2015-03-02 12:11 - 2012-10-19 22:46 - 00000000 ____D () C:\ProgramData\WildTangent
2015-03-02 12:09 - 2014-11-10 20:20 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-02-25 12:53 - 2014-06-23 20:19 - 00000000 ____D () C:\ProgramData\Big Fish
2015-02-25 12:53 - 2014-06-23 19:56 - 00000000 ____D () C:\BigFishCache
2015-02-25 11:17 - 2013-01-26 07:07 - 00000000 ____D () C:\ProgramData\Temp
2015-02-23 14:33 - 2014-11-09 20:22 - 00000000 ____D () C:\Users\thomas\AppData\Local\Gameo
2015-02-23 14:33 - 2014-03-31 01:55 - 00000000 ____D () C:\Users\thomas
2015-02-23 14:27 - 2014-11-11 01:57 - 00001139 _____ () C:\Users\thomas\Desktop\Continue Live Installation.lnk
2015-02-23 14:21 - 2013-04-06 09:17 - 00000000 ____D () C:\Users\thomas\AppData\Roaming\Yontoo
2015-02-22 23:03 - 2013-03-15 20:27 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2577598248-3465682323-2258817992-1002
2015-02-21 11:30 - 2014-04-16 08:33 - 00000000 __RDO () C:\Users\thomas\SkyDrive
2015-02-18 21:53 - 2014-07-21 19:42 - 00000115 _____ () C:\Users\thomas\AppData\Roaming\WB.CFG
2015-02-15 19:11 - 2015-01-12 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speed browser
2015-02-15 19:11 - 2014-07-21 20:14 - 00001953 _____ () C:\Users\thomas\Desktop\StormFall.lnk
2015-02-15 19:11 - 2014-07-21 20:14 - 00001953 _____ () C:\Users\thomas\Desktop\Sparta.lnk
2015-02-15 19:11 - 2014-07-21 20:14 - 00000000 ____D () C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall
2015-02-15 19:11 - 2014-07-21 20:14 - 00000000 ____D () C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sparta
2015-02-15 19:11 - 2014-03-31 10:00 - 00002065 _____ () C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-15 19:11 - 2013-06-13 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
 
==================== Files in the root of some directories =======
 
2015-03-16 00:15 - 2015-03-16 00:15 - 0000004 _____ () C:\Users\new\AppData\Roaming\appdataFr2.bin
2013-03-15 20:20 - 2013-03-15 20:20 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2013-05-29 11:11 - 2013-05-29 11:11 - 4325376 _____ () C:\ProgramData\ReadOnlyInstaller.msi
2013-06-21 21:26 - 2013-06-21 21:26 - 0033958 _____ () C:\ProgramData\uninstaller.exe
 
Files to move or delete:
====================
C:\ProgramData\uninstaller.exe
C:\Users\Public\AlexaNSISPlugin.11292.dll
 
 
Some content of TEMP:
====================
C:\Users\new\AppData\Local\Temp\6379.exe
C:\Users\new\AppData\Local\Temp\bitool.dll
C:\Users\new\AppData\Local\Temp\COMAP.EXE
C:\Users\new\AppData\Local\Temp\eauninstall.exe
C:\Users\new\AppData\Local\Temp\mytmpinstaller.exe
C:\Users\new\AppData\Local\Temp\nsc2D8A.exe
C:\Users\new\AppData\Local\Temp\SC4_UNINST.EXE
C:\Users\new\AppData\Local\Temp\SimCity 4_uninst.exe
C:\Users\new\AppData\Local\Temp\tbInte.dll
C:\Users\new\AppData\Local\Temp\Uninstall.exe
C:\Users\new\AppData\Local\Temp\{A93C912D-ECB4-4215-871D-3BB8C2D47EF1}-41.0.2272.89_chrome_installer.exe
C:\Users\thomas\AppData\Local\Temp\air5106.exe
C:\Users\thomas\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\thomas\AppData\Local\Temp\CNC4LauncherUpdate.exe
C:\Users\thomas\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\thomas\AppData\Local\Temp\nsc95C6.exe
C:\Users\thomas\AppData\Local\Temp\nsf4E3E.exe
C:\Users\thomas\AppData\Local\Temp\nsjEA6D.exe
C:\Users\thomas\AppData\Local\Temp\nsoA529.exe
C:\Users\thomas\AppData\Local\Temp\nspF878.exe
C:\Users\thomas\AppData\Local\Temp\nsq36EC.exe
C:\Users\thomas\AppData\Local\Temp\nsxD412.exe
C:\Users\thomas\AppData\Local\Temp\nszB4B1.exe
C:\Users\thomas\AppData\Local\Temp\setup.exe
C:\Users\thomas\AppData\Local\Temp\Uninstall.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-17 21:36
 
==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by new at 2015-03-17 23:05:23
Running from C:\Users\new\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Disabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{039B859F-360B-58D8-F86F-C277BA6ED7D8}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.15.0 - Ask.com) <==== ATTENTION
Call of Duty Game of the Year Edition (HKLM-x32\...\Call of Duty Game of the Year Edition) (Version:  - )
Chainz 2 Relinked (HKLM-x32\...\exent_663050) (Version:  - )
Chicken Invaders 3 (HKLM-x32\...\exent_742650) (Version:  - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriverScanner (HKLM-x32\...\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1) (Version: 4.0.10.0 - Uniblue Systems Ltd)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free Download Manager 3.8 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Free Ride Games Player (HKLM-x32\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version:  - Exent Technologies Ltd) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.7.271 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{711EA7BB-5FF5-487F-8379-46BB5696FE40}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Lottso Deluxe (HKLM-x32\...\exent_696450) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
oPryzeLP MC360 Mod Tool (HKLM-x32\...\oPryzeLP MC360 Mod Tool) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
Plus-HD-2.2 (HKLM-x32\...\Plus-HD-2.2) (Version: 1.27.153.10 - Plus HD) <==== ATTENTION
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29034 - Realtek Semiconductor Corp.)
RegClean-Pro (HKLM-x32\...\RegClean-Pro_is1) (Version: 6.21 - systweak.com) <==== ATTENTION
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - Atari)
Supporter 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}) (Version:  - Costmin) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Transformers Universe (HKLM\...\{EAB5ACD3-43C0-4B3E-931A-CA61520934AD}) (Version: 1.0.0.0 - Jagex Ltd)
Uniblue SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 5.3.3.0 - Uniblue Systems Ltd) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
29-01-2015 18:51:03 Windows Update
06-02-2015 10:06:20 Windows Update
11-02-2015 22:42:44 Windows Update
23-02-2015 14:20:34 Windows Modules Installer
25-02-2015 12:58:50 Removed The Sims 3
02-03-2015 12:14:20 Removed The Sims 3 High-End Loft Stuff
15-03-2015 23:10:38 Removed Internet Explorer Toolbar 4.7 by SweetPacks
17-03-2015 22:21:35 Removed Apple Software Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2015-03-16 21:14 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A2949BF-257F-43FE-AA3D-A228C21AB9D9} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {0EDC4CA5-8CDE-46D2-80F0-EE3E6C3A876F} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {13935A12-A501-4AE0-846D-292598971E6C} - System32\Tasks\Plus-HD-2.2-firefoxinstaller => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe [2013-07-29] (Plus HD) <==== ATTENTION
Task: {1E606546-403A-4E4F-99DF-A7DA64FA8AFF} - System32\Tasks\Plus-HD-2.2-updater => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exe [2013-07-29] (Plus HD) <==== ATTENTION
Task: {1E950C78-8A46-41F5-86E4-5C1956519448} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {2D1BA7BE-481C-4090-8737-C0720A23833D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-10] (Google Inc.)
Task: {3014FCB9-2513-4DC1-88CC-0A3026C4CDA9} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {37CF0A8F-36E4-44F1-AA21-1082F27AB20A} - System32\Tasks\Installer_shopperpro => C:\Users\new\AppData\Local\Installer\Installshopperpro_23424\DCytdkiegutl_gutlk_setup.exe [2015-02-25] () <==== ATTENTION
Task: {4021813B-9723-4FC5-A212-4A964C1E2B40} - System32\Tasks\AgSupport => Rundll32.exe C:\Users\thomas\AppData\Local\ARCADE~1\AgHelp.dll,Start <==== ATTENTION
Task: {44B6CFEA-B4C2-491B-B27D-B282DE573267} - System32\Tasks\Plus-HD-2.2-codedownloader => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe [2013-07-29] (Plus HD) <==== ATTENTION
Task: {45232348-EB6E-41F2-87B7-458552D66CF5} - System32\Tasks\Installer_ytd => C:\Users\new\AppData\Local\Installer\Installytd_17096\DCytdkiegutl_gutlk_setup.exe [2015-02-25] ()
Task: {4A404198-AD03-4779-8F60-C2802D5FAA4F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2577598248-3465682323-2258817992-1002Core => C:\Users\thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-07] (Facebook Inc.)
Task: {52AFF2B0-32C1-4178-BD7A-7130F2A9853B} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\new\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {539FCB1E-7D22-4B73-B58F-C5C763B2C8B7} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {5C5AA8FC-223D-4ABD-988B-7CB7880A439F} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {6ED0C73E-5543-4110-AB8C-FDE4F33E35EC} - System32\Tasks\Price Meter Updater => C:\Users\thomas\AppData\Roaming\PriceMeterUpdater\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {729E7566-E9DB-4225-BA6C-745E9B5D0409} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {7517B753-D4C0-4EF8-9C13-25CAB5BB367B} - System32\Tasks\gameo_update => C:\Users\thomas\AppData\Roaming\Gameo\gameo.exe [2014-12-31] ()
Task: {79C291F6-5570-4B38-8472-AEBA23FA56C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {7A7C20FC-CCF7-444C-A6CD-ED18DBE1F4E3} - System32\Tasks\Plus-HD-2.2-chromeinstaller => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe [2013-07-29] (Plus HD) <==== ATTENTION
Task: {7C2A9F49-D93E-4AC4-8884-F00E5630C7A6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {80CDF769-271D-4784-B7AA-F680FC8169D4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-16] (Microsoft Corporation)
Task: {81B58D28-61D1-43B7-B811-56EAB1E3795A} - System32\Tasks\ArcadeGiant Updater => C:\Users\thomas\AppData\Local\ArcadeGiant\updater.exe [2015-01-06] (ArcadeGiant) <==== ATTENTION
Task: {9EBFF151-84F3-4C41-B69D-2BAE593353E1} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RCP\RegCleanPro.exe [2014-12-08] () <==== ATTENTION
Task: {B6A5EAD2-461D-4E3E-8902-EDB39E00343C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {C4F92A7A-C211-4A4F-B394-511D5FE65AAA} - System32\Tasks\bench-S-1-5-21-2577598248-3465682323-2258817992-1002 => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: {C5153D49-887E-47A9-9BE0-79E724AF3AFD} - System32\Tasks\dsmonitor => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2013-01-16] (Uniblue Systems Ltd)
Task: {C79BD71F-2B36-4131-8806-BE831A058160} - System32\Tasks\Rocket Updater => C:\Users\thomas\AppData\Roaming\RocketUpdater\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {CBC1FAB9-19D3-4B68-90CC-346D1389F2A6} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {CD51BE66-F934-4C51-99E1-ED739ED83835} - System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [2014-07-21] (PriceMeter) <==== ATTENTION
Task: {D90D73E0-BE41-42AD-A7B0-CD7C268055B4} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {DDCA6065-2BE5-41C5-A33B-45AD737FFFAB} - System32\Tasks\pricemeterdownloader => C:\Users\thomas\AppData\Local\PriceMeter\pricemeterd.exe [2014-07-21] (PriceMeter) <==== ATTENTION
Task: {DE227071-125A-4EEC-ADDF-E252A3D66982} - System32\Tasks\SpeedUpMyPC => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-08-03] (Uniblue Systems Ltd) <==== ATTENTION
Task: {DF087DD6-917D-411C-94D6-088B90B93354} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {E95543CB-E017-4A4B-81CE-3A9E1E19A505} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-10] (Google Inc.)
Task: {EDC4B3FB-3A28-47F5-8E4D-3F6BBD0EF550} - System32\Tasks\{BF921254-8C4D-483A-A4F7-D03232D88B12} => pcalua.exe -a C:\Users\thomas\Downloads\Minecraft-Download.exe -d C:\Users\thomas\Downloads
Task: {F6B53486-347C-41F2-8973-575D88B8E30D} - System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [2014-07-21] (PriceMeter) <==== ATTENTION
Task: {F7F2E4F9-1484-4171-89A8-BB4ED9D22B55} - System32\Tasks\TidyNetwork Update => C:\Users\thomas\AppData\Local\TidyNetwork\petnupdate.exe [2014-03-30] ()
Task: {FCD4B765-99C9-497B-A6C1-F70596124AEA} - System32\Tasks\DriverScanner => C:\Program Files (x86)\Uniblue\DriverScanner\driverscanner.exe [2013-01-16] (Uniblue Systems Ltd)
Task: {FEBD903C-5D74-49E9-A02D-94196285ABA1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2577598248-3465682323-2258817992-1002UA => C:\Users\thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-07] (Facebook Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AgSupport.job => C:\Windows\system32\rundll32.exe8C:\Users\thomas\AppData\Local\ARCADE~1\AgHelp.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ArcadeGiant Updater.job => C:\Users\thomas\AppData\Local\ArcadeGiant\updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\bench-S-1-5-21-2577598248-3465682323-2258817992-1002.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DriverScanner.job => C:\PROGRA~2\Uniblue\DRIVER~1\driverscanner.exe
Task: C:\WINDOWS\Tasks\dsmonitor.job => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2577598248-3465682323-2258817992-1002Core.job => C:\Users\thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2577598248-3465682323-2258817992-1002UA.job => C:\Users\thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Plus-HD-2.2-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe/installcrx /agentregpath='Plus-HD-2.2' /extensionfilepath C:\Program Files (x86)\Plus-HD-2.2\33036.crx' /appid=33036 /srcid='000206' /subid='0' /zdata='0' /bic=4787FDD6E56D4BF7BD991F0E272A176DIE /verifier=dff7ace101c18410a31a1bda439b8e01 /installerversion=1_27_153 /installerfullversion=1.27.153.10 /installationtime=1375126912 /statsdomain=http:/stats.statsdatasrv.com /errorsdomain=http:/errors.statsdatasrv.com <==== ATTENTION
Task: C:\WINDOWS\Tasks\Plus-HD-2.2-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe±/reinstallapp /agentregpath='Plus-HD-2.2' /appid=33036 /srcid='000206' /subid='0' /zdata='0' /bic=4787FDD6E56D4BF7BD991F0E272A176DIE /verifier=dff7ace101c18410a31a1bda439b8e01 /installerversion=1_27_153 /installerfullversion=1.27.153.10 /installationtime=1375126912 /statsdomain=http:/stats.statsdatasrv.com /errorsdomain=http:/errors.statsdatasrv.com /codedownloaddomain=http:/app-static.crossrider.com <==== ATTENTION
Task: C:\WINDOWS\Tasks\Plus-HD-2.2-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exeë/installxpi /agentregpath='Plus-HD-2.2' /extensionfilepath C:\Program Files (x86)\Plus-HD-2.2\33036.xpi' /appid=33036 /srcid='000206' /subid='0' /zdata='0' /bic=4787FDD6E56D4BF7BD991F0E272A176DIE /verifier=dff7ace101c18410a31a1bda439b8e01 /installerversion=1_27_153 /installerfullversion=1.27.153.10 /installationtime=1375126912 /statsdomain=http:/stats.statsdatasrv.com /errorsdomain=http:/errors.statsdatasrv.com /waitforbrowser=300 /[email protected]973-936f-860cd2a102a9.com /extensionversion=0.91 /prefsbranch=a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036 /updateurl=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/33036.rdf <==== ATTENTION
Task: C:\WINDOWS\Tasks\Plus-HD-2.2-updater.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exeä/runupdater /agentregpath='Plus-HD-2.2' /appid=33036 /srcid='000206' /subid='0' /zdata='0' /bic=4787FDD6E56D4BF7BD991F0E272A176DIE /verifier=dff7ace101c18410a31a1bda439b8e01 /installerversion=1_27_153 /installationtime=1375126912 /statsdomain=http:/stats.statsdatasrv.com /errorsdomain=http:/errors.statsdatasrv.com /monetizationdomain=http:/stats.myappsync.com /geoserviceurl=http:/ipgeoapi.com/ /updatejsondomain=http:/update.statsdatasrv.com <==== ATTENTION
Task: C:\WINDOWS\Tasks\Price Meter Updater.job => C:\Users\thomas\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Rocket Updater.job => C:\Users\thomas\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedUpMyPC.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2012-09-12 21:20 - 2012-09-12 21:20 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-02-25 11:01 - 2015-02-02 11:42 - 04686848 _____ () C:\WINDOWS\rcore.exe
2015-01-19 20:58 - 2015-02-07 21:30 - 00165888 _____ () C:\Users\thomas\AppData\Local\ConvertAd\CASrv.exe
2014-07-21 17:46 - 2014-07-21 17:46 - 00071168 _____ () C:\Users\thomas\AppData\Roaming\VOPackage\VOsrv.exe
2014-07-17 17:29 - 2014-07-21 17:35 - 00732040 _____ () C:\Program Files (x86)\SupTab\HpUI.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe
2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe
2014-07-17 17:29 - 2014-07-21 17:36 - 00106376 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll
2013-01-10 13:38 - 2013-01-10 13:38 - 00124728 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2013-01-10 13:38 - 2013-01-10 13:38 - 00051512 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2013-01-10 13:38 - 2013-01-10 13:38 - 00018432 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\PowerDVD.dll
2013-05-09 08:42 - 2013-05-09 08:42 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\System.Data.SQLite.dll
2013-01-10 13:37 - 2013-01-10 13:37 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2014-07-17 17:29 - 2014-07-21 17:36 - 00093576 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
2013-01-26 07:19 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 15:34 - 2012-06-08 15:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-03-16 05:03 - 2015-03-07 02:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-16 05:03 - 2015-03-07 02:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-16 05:07 - 2015-03-07 02:13 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll
2015-03-16 05:05 - 2015-03-07 02:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nnxwgpgc.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vqlvazsn.sys:changelist
AlternateDataStreams: C:\ProgramData\Temp:1F96ED45
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:6764D965
AlternateDataStreams: C:\Users\new\OneDrive:ms-properties
AlternateDataStreams: C:\Users\thomas\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\thomas\SkyDrive (2).old:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSPrx => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSw8 => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2577598248-3465682323-2258817992-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1 - 205.171.2.226
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "ApnUpdater"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BlockAndSurf"
HKLM\...\StartupApproved\Run32: => "BService"
HKLM\...\StartupApproved\Run32: => "BService64"
HKLM\...\StartupApproved\Run32: => "Bench Settings Cleaner"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Bench Communicator Watcher"
HKLM\...\StartupApproved\Run32: => "Wd"
HKLM\...\StartupApproved\Run32: => "ConvertAd"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2577598248-3465682323-2258817992-500 - Administrator - Disabled)
Guest (S-1-5-21-2577598248-3465682323-2258817992-501 - Limited - Disabled) => C:\Users\Guest
new (S-1-5-21-2577598248-3465682323-2258817992-1003 - Administrator - Enabled) => C:\Users\new
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/17/2015 10:52:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SET33D1.tmp, version: 11.0.0.28844, time stamp: 0x4250bcf6
Faulting module name: SET33D1.tmp, version: 11.0.0.28844, time stamp: 0x4250bcf6
Exception code: 0xc0000005
Fault offset: 0x0000742e
Faulting process id: 0x1a80
Faulting application start time: 0xSET33D1.tmp0
Faulting application path: SET33D1.tmp1
Faulting module path: SET33D1.tmp2
Report Id: SET33D1.tmp3
Faulting package full name: SET33D1.tmp4
Faulting package-relative application ID: SET33D1.tmp5
 
Error: (03/17/2015 10:45:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SET616B.tmp, version: 11.0.0.28844, time stamp: 0x4250bcf6
Faulting module name: SET616B.tmp, version: 11.0.0.28844, time stamp: 0x4250bcf6
Exception code: 0xc0000005
Fault offset: 0x0000742e
Faulting process id: 0x14c8
Faulting application start time: 0xSET616B.tmp0
Faulting application path: SET616B.tmp1
Faulting module path: SET616B.tmp2
Report Id: SET616B.tmp3
Faulting package full name: SET616B.tmp4
Faulting package-relative application ID: SET616B.tmp5
 
Error: (03/17/2015 10:44:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SET95AE.tmp, version: 11.0.0.28844, time stamp: 0x4250bcf6
Faulting module name: SET95AE.tmp, version: 11.0.0.28844, time stamp: 0x4250bcf6
Exception code: 0xc0000005
Fault offset: 0x0000742e
Faulting process id: 0x14a0
Faulting application start time: 0xSET95AE.tmp0
Faulting application path: SET95AE.tmp1
Faulting module path: SET95AE.tmp2
Report Id: SET95AE.tmp3
Faulting package full name: SET95AE.tmp4
Faulting package-relative application ID: SET95AE.tmp5
 
Error: (03/17/2015 10:31:49 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: WINDOWS)
Description: Application or service 'Apple Mobile Device' could not be restarted.
 
Error: (03/17/2015 10:24:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 888
 
Start Time: 01d06121ef864584
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: e5954d91-cd15-11e4-bf97-d89d677fb433
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (03/17/2015 09:11:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/17/2015 09:11:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/17/2015 05:37:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SETF2B3.tmp, version: 11.0.0.28844, time stamp: 0x4250bcf6
Faulting module name: SETF2B3.tmp, version: 11.0.0.28844, time stamp: 0x4250bcf6
Exception code: 0xc0000005
Fault offset: 0x0000742e
Faulting process id: 0x17c0
Faulting application start time: 0xSETF2B3.tmp0
Faulting application path: SETF2B3.tmp1
Faulting module path: SETF2B3.tmp2
Report Id: SETF2B3.tmp3
Faulting package full name: SETF2B3.tmp4
Faulting package-relative application ID: SETF2B3.tmp5
 
Error: (03/17/2015 11:16:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 10a8
 
Start Time: 01d060c490403d0e
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 86c607e5-ccb8-11e4-bf94-d89d677fb433
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (03/16/2015 10:01:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider ProtectionManagement attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored.
 
 
System errors:
=============
Error: (03/17/2015 10:41:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Computer Backup (MyPC Backup) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/17/2015 10:31:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error: 
%%1053
 
Error: (03/17/2015 10:31:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
 
Error: (03/17/2015 10:17:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 
%%31
 
Error: (03/17/2015 10:17:04 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
 
Error: (03/17/2015 10:17:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:56:32 PM on ‎3/‎17/‎2015 was unexpected.
 
Error: (03/17/2015 09:56:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 
%%31
 
Error: (03/17/2015 09:56:33 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
 
Error: (03/17/2015 09:12:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 
%%31
 
Error: (03/17/2015 09:12:38 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
 
 
Microsoft Office Sessions:
=========================
Error: (03/17/2015 10:52:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SET33D1.tmp11.0.0.288444250bcf6SET33D1.tmp11.0.0.288444250bcf6c00000050000742e1a8001d061269df49ebeC:\Users\new\AppData\Local\Temp\SET33D1.tmpC:\Users\new\AppData\Local\Temp\SET33D1.tmpdbeb1384-cd19-11e4-bf97-d89d677fb433
 
Error: (03/17/2015 10:45:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SET616B.tmp11.0.0.288444250bcf6SET616B.tmp11.0.0.288444250bcf6c00000050000742e14c801d0612593746945C:\Users\new\AppData\Local\Temp\SET616B.tmpC:\Users\new\AppData\Local\Temp\SET616B.tmpd15a2de4-cd18-11e4-bf97-d89d677fb433
 
Error: (03/17/2015 10:44:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SET95AE.tmp11.0.0.288444250bcf6SET95AE.tmp11.0.0.288444250bcf6c00000050000742e14a001d06125747cfa0bC:\Users\new\AppData\Local\Temp\SET95AE.tmpC:\Users\new\AppData\Local\Temp\SET95AE.tmpb28681b3-cd18-11e4-bf97-d89d677fb433
 
Error: (03/17/2015 10:31:49 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: WINDOWS)
Description: 0AppleMobileDeviceService.exeApple Mobile Device03026217817320
 
Error: (03/17/2015 10:24:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068988801d06121ef8645844294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exee5954d91-cd15-11e4-bf97-d89d677fb433microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (03/17/2015 09:11:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
 
Error: (03/17/2015 09:11:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
 
Error: (03/17/2015 05:37:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SETF2B3.tmp11.0.0.288444250bcf6SETF2B3.tmp11.0.0.288444250bcf6c00000050000742e17c001d060fa880a4588C:\Users\new\AppData\Local\Temp\SETF2B3.tmpC:\Users\new\AppData\Local\Temp\SETF2B3.tmpc64602ef-cced-11e4-bf94-d89d677fb433
 
Error: (03/17/2015 11:16:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068910a801d060c490403d0e4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe86c607e5-ccb8-11e4-bf94-d89d677fb433microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (03/16/2015 10:01:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-11 15:11:49.178
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-11 15:11:48.506
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-11 15:11:47.842
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-11 15:11:47.154
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-11 15:11:46.491
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-11 15:11:45.835
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-11 15:11:29.445
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-11 15:11:28.773
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-11 15:11:27.991
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-11 15:11:27.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD E2-1800 APU with Radeon™ HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 3682.26 MB
Available physical RAM: 2148.88 MB
Total Pagefile: 7010.26 MB
Available Pagefile: 5111.26 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:442.44 GB) (Free:359 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:22.11 GB) (Free:2.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C2C9F703)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 

 


Edited by pepsiprincess, 17 March 2015 - 09:23 PM.

  • 0

Advertisements


#2
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

Hello pepsiprincess and welcome to GeeksToGo.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please run FRST again and post the new log.

Logs to include with next post:

AdwCleaner log
JRT.txt
FRST.txt


Thanks

Satchfan

 


  • 0

#3
pepsiprincess

pepsiprincess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Thanks for your quick reply! Attached are the logs you requested. 

Attached Files


  • 0

#4
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

There are still a lot of infections on the computer but we need to know where they’re coming from so I need some more scans.

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.
Please post the contents of the RKreport.txt in your next reply.

===================================================

Run TDSSKiller

Please download TDSSKiller.zip

  • extract it to your desktop
  • double click TDSSKiller.exe
  • press Start Scan


    only if Malicious objects are found then ensure Cure is selected -  Note: If Cure is not available, please choose Skip instead : do not change it to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly
     

  • click Continue > Reboot now
  • copy and paste the log in your next reply
  • a copy of the log will be saved automatically to the root of the drive (typically C:\) called TDSSKiller_*** (*** denotes version & date)

Additional information:

If you get the warning about a file “UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ([color="#FF0000”]TDSS File System([/color]) - please choose [color="#FF0000”]Skip[/color].

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue and then reboot to finish the cleaning process.

[color="#FF0000”]Remember[/color], if Cure is not available, choose Skip instead; [color="#FF0000”]do not choose “Delete” unless instructed[/color].

Logs to include with next post:

RKreport.txt
TDSSKiller log


Thanks

Satchfan

 


  • 0

#5
pepsiprincess

pepsiprincess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here are the logs you asked for.
 
 
19:35:43.0553 0x04f8  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
19:35:43.0553 0x04f8  UEFI system
19:35:50.0459 0x04f8  ============================================================
19:35:50.0459 0x04f8  Current date / time: 2015/03/18 19:35:50.0459
19:35:50.0459 0x04f8  SystemInfo:
19:35:50.0459 0x04f8  
19:35:50.0459 0x04f8  OS Version: 6.3.9600 ServicePack: 0.0
19:35:50.0459 0x04f8  Product type: Workstation
19:35:50.0459 0x04f8  ComputerName: WINDOWS
19:35:50.0459 0x04f8  UserName: new
19:35:50.0459 0x04f8  Windows directory: C:\WINDOWS
19:35:50.0459 0x04f8  System windows directory: C:\WINDOWS
19:35:50.0459 0x04f8  Running under WOW64
19:35:50.0459 0x04f8  Processor architecture: Intel x64
19:35:50.0459 0x04f8  Number of processors: 2
19:35:50.0459 0x04f8  Page size: 0x1000
19:35:50.0459 0x04f8  Boot type: Normal boot
19:35:50.0459 0x04f8  ============================================================
19:35:54.0568 0x04f8  KLMD registered as C:\WINDOWS\system32\drivers\74246816.sys
19:35:58.0412 0x04f8  System UUID: {E10A70AC-4EAF-E027-E9BD-581B4AB6214C}
19:36:01.0474 0x04f8  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:36:01.0490 0x04f8  ============================================================
19:36:01.0490 0x04f8  \Device\Harddisk0\DR0:
19:36:01.0506 0x04f8  GPT partitions:
19:36:01.0506 0x04f8  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {44DAD86C-6882-4D68-884F-CD21D2B7C0E6}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
19:36:01.0506 0x04f8  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {4E9593AC-C331-429A-AE5D-BFA774C14CA0}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x82000
19:36:01.0506 0x04f8  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {8D477275-209B-4201-A966-57D036E422CB}, Name: Microsoft reserved partition, StartLBA 0x14A800, BlocksNum 0x40000
19:36:01.0506 0x04f8  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {22E2109D-52ED-48FB-B5F3-7425EA239605}, Name: Basic data partition, StartLBA 0x18A800, BlocksNum 0x374E3000
19:36:01.0506 0x04f8  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {122E347D-705A-4457-BE8F-4D0CDD7BAA48}, Name: , StartLBA 0x3766D800, BlocksNum 0xE1000
19:36:01.0506 0x04f8  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {94A5045D-CCD7-4FE9-AC41-4A7B433412C2}, Name: Basic data partition, StartLBA 0x3774E800, BlocksNum 0x2C37800
19:36:01.0506 0x04f8  MBR partitions:
19:36:01.0506 0x04f8  ============================================================
19:36:01.0521 0x04f8  C: <-> \Device\Harddisk0\DR0\Partition4
19:36:01.0600 0x04f8  D: <-> \Device\Harddisk0\DR0\Partition6
19:36:01.0600 0x04f8  ============================================================
19:36:01.0600 0x04f8  Initialize success
19:36:01.0600 0x04f8  ============================================================
19:36:05.0627 0x0d1c  ============================================================
19:36:05.0627 0x0d1c  Scan started
19:36:05.0627 0x0d1c  Mode: Manual; 
19:36:05.0627 0x0d1c  ============================================================
19:36:05.0627 0x0d1c  KSN ping started
19:36:10.0252 0x0d1c  KSN ping finished: true
19:36:11.0892 0x0d1c  ================ Scan system memory ========================
19:36:11.0892 0x0d1c  System memory - ok
19:36:11.0892 0x0d1c  ================ Scan services =============================
19:36:12.0236 0x0d1c  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
19:36:12.0252 0x0d1c  1394ohci - ok
19:36:12.0330 0x0d1c  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
19:36:12.0345 0x0d1c  3ware - ok
19:36:12.0455 0x0d1c  [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
19:36:12.0502 0x0d1c  ACPI - ok
19:36:12.0549 0x0d1c  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
19:36:12.0549 0x0d1c  acpiex - ok
19:36:12.0580 0x0d1c  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
19:36:12.0595 0x0d1c  acpipagr - ok
19:36:12.0642 0x0d1c  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
19:36:12.0642 0x0d1c  AcpiPmi - ok
19:36:12.0689 0x0d1c  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
19:36:12.0705 0x0d1c  acpitime - ok
19:36:12.0892 0x0d1c  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:36:12.0908 0x0d1c  AdobeFlashPlayerUpdateSvc - ok
19:36:13.0017 0x0d1c  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
19:36:13.0080 0x0d1c  ADP80XX - ok
19:36:13.0174 0x0d1c  [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
19:36:13.0189 0x0d1c  AeLookupSvc - ok
19:36:13.0314 0x0d1c  [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
19:36:13.0330 0x0d1c  AERTFilters - ok
19:36:13.0424 0x0d1c  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
19:36:13.0470 0x0d1c  AFD - ok
19:36:13.0517 0x0d1c  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
19:36:13.0517 0x0d1c  agp440 - ok
19:36:13.0564 0x0d1c  [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
19:36:13.0580 0x0d1c  ahcache - ok
19:36:13.0627 0x0d1c  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG             C:\WINDOWS\System32\alg.exe
19:36:13.0642 0x0d1c  ALG - ok
19:36:13.0705 0x0d1c  [ 66B54471B5856E314947881E28263A6D, 2D60706B52A2CE98FF806337D62CD010C1DEB2AEDDF899C7B67173928B2D7C4C ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
19:36:13.0736 0x0d1c  AMD External Events Utility - ok
19:36:13.0767 0x0d1c  AMD FUEL Service - ok
19:36:13.0814 0x0d1c  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
19:36:13.0830 0x0d1c  AmdK8 - ok
19:36:15.0017 0x0d1c  [ FBB35875FEFE53D4280259842069ED72, B1A1B5799A6C50C244182CD201A1E9FCB7BE3B5ED4BB2E2E6BCF8E1BF53B75DB ] amdkmdag        C:\WINDOWS\system32\DRIVERS\atikmdag.sys
19:36:16.0033 0x0d1c  amdkmdag - ok
19:36:16.0189 0x0d1c  [ A32BCAD9377E3B75D034CAFBA463A0AE, F504895D9C9CD1B4607806BCAF15A1CBFBAC2E5824903277A1350C9F35045602 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
19:36:16.0236 0x0d1c  amdkmdap - ok
19:36:16.0283 0x0d1c  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
19:36:16.0283 0x0d1c  AmdPPM - ok
19:36:16.0346 0x0d1c  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
19:36:16.0361 0x0d1c  amdsata - ok
19:36:16.0408 0x0d1c  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
19:36:16.0424 0x0d1c  amdsbs - ok
19:36:16.0455 0x0d1c  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
19:36:16.0455 0x0d1c  amdxata - ok
19:36:16.0533 0x0d1c  [ E907C9355E822799B0A7D06110CE683A, DD309C74942DC7A2ADF886767D2B8AD46C265193BD3D6469DB173799CFFE1CED ] amd_sata        C:\WINDOWS\system32\drivers\amd_sata.sys
19:36:16.0533 0x0d1c  amd_sata - ok
19:36:16.0564 0x0d1c  [ 15FD758D7E1B9887262D7101509AE892, BFFCFF1AF2182E4DF71928C2683D26818576C3844244D3945D45012B09CE49F9 ] amd_xata        C:\WINDOWS\system32\drivers\amd_xata.sys
19:36:16.0564 0x0d1c  amd_xata - ok
19:36:16.0658 0x0d1c  [ 9DCB42905F1EBF9CEC57EE5DF0BDA965, 4C888AAD0DDE01565FD7FBB6B70A500158CF2E4CECF9ADD4AFD302A993587269 ] AppHostSvc      C:\WINDOWS\system32\inetsrv\apphostsvc.dll
19:36:16.0658 0x0d1c  AppHostSvc - ok
19:36:16.0720 0x0d1c  [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID           C:\WINDOWS\system32\drivers\appid.sys
19:36:16.0736 0x0d1c  AppID - ok
19:36:16.0799 0x0d1c  [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
19:36:16.0799 0x0d1c  AppIDSvc - ok
19:36:16.0845 0x0d1c  [ 034ED41F13D9C1845C1E081F05B640DB, E4E17BA0B22C464DE60A6BF68D4D035D1B838DE4F0361029DED1AE00503E135C ] Appinfo         C:\WINDOWS\System32\appinfo.dll
19:36:16.0861 0x0d1c  Appinfo - ok
19:36:16.0970 0x0d1c  [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
19:36:17.0017 0x0d1c  AppReadiness - ok
19:36:17.0158 0x0d1c  [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
19:36:17.0267 0x0d1c  AppXSvc - ok
19:36:17.0330 0x0d1c  [ 44695679881DEB85CAD7C249B151066E, A44413ACA911DDB5757DE9F9ECC3968979C47617CF9DF81B24E7ECDE7E0D54BC ] APXACC          C:\WINDOWS\system32\DRIVERS\appexDrv.sys
19:36:17.0345 0x0d1c  APXACC - ok
19:36:17.0392 0x0d1c  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
19:36:17.0392 0x0d1c  arcsas - ok
19:36:17.0564 0x0d1c  [ AA2E8C6B8D7EA7BAF04C988801927F48, 4B82043F1B9C67CDCDC71102F7AEE05EEA8F9775A5CB33AE80F4DCDB42521C40 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:36:17.0596 0x0d1c  aspnet_state - ok
19:36:17.0642 0x0d1c  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
19:36:17.0658 0x0d1c  atapi - ok
19:36:18.0017 0x0d1c  [ 2C7676F892E88FD190F08D98048C7C6C, 44C13C103F61DA4D1A3823D37344F8C9465A611A9560808CE928925FB69604F7 ] athr            C:\WINDOWS\system32\DRIVERS\athw8x.sys
19:36:18.0299 0x0d1c  athr - ok
19:36:18.0424 0x0d1c  [ 87DAD8D354E312DB16636DC71EB39E5E, 904C874799BF30F06BFC725A59040C6E1B7D176011DA41D1ACBE4CAB20369671 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdW86.sys
19:36:18.0439 0x0d1c  AtiHDAudioService - ok
19:36:18.0486 0x0d1c  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
19:36:18.0517 0x0d1c  AudioEndpointBuilder - ok
19:36:18.0627 0x0d1c  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
19:36:18.0705 0x0d1c  Audiosrv - ok
19:36:18.0861 0x0d1c  [ 15D2DB9BFA8E833ED31FAB2BB088FDDA, 6198C0A5DA01DA146A9A054C3C882A1DBF9BA84466EBFDDA1C1062EF36F9B34B ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
19:36:18.0892 0x0d1c  AVP - ok
19:36:18.0955 0x0d1c  [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
19:36:18.0970 0x0d1c  AxInstSV - ok
19:36:19.0064 0x0d1c  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
19:36:19.0111 0x0d1c  b06bdrv - ok
19:36:19.0158 0x0d1c  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
19:36:19.0158 0x0d1c  BasicDisplay - ok
19:36:19.0220 0x0d1c  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
19:36:19.0220 0x0d1c  BasicRender - ok
19:36:19.0283 0x0d1c  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
19:36:19.0299 0x0d1c  bcmfn2 - ok
19:36:19.0361 0x0d1c  [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
19:36:19.0392 0x0d1c  BDESVC - ok
19:36:19.0455 0x0d1c  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:36:19.0455 0x0d1c  Beep - ok
19:36:19.0580 0x0d1c  [ 20FB137ADDE1255F15F265A7BD9579BE, 87B4D5C91EFEAD987AAC3491A4360F82824C46AFF958B6F4CAED7C12224EF159 ] BFE             C:\WINDOWS\System32\bfe.dll
19:36:19.0658 0x0d1c  BFE - ok
19:36:19.0799 0x0d1c  [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS            C:\WINDOWS\System32\qmgr.dll
19:36:19.0877 0x0d1c  BITS - ok
19:36:19.0924 0x0d1c  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
19:36:19.0939 0x0d1c  bowser - ok
19:36:20.0017 0x0d1c  [ E325BCD68EC0CF2E2EDD0AB7CC17C698, 4DEDEF91F6BD1CC8DBE118AC28CA6BD874449A053B9CDE9FFEB1C7B98501D938 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
19:36:20.0033 0x0d1c  BrokerInfrastructure - ok
19:36:20.0111 0x0d1c  [ 041A999E4FF9A7CDBE67357751881FB8, 356C52637EA715D6FA2B65BD311C9BF1635A582023434902EC2DE4A2448961F8 ] Browser         C:\WINDOWS\System32\browser.dll
19:36:20.0127 0x0d1c  Browser - ok
19:36:20.0189 0x0d1c  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
19:36:20.0189 0x0d1c  BthAvrcpTg - ok
19:36:20.0220 0x0d1c  [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
19:36:20.0236 0x0d1c  BthHFEnum - ok
19:36:20.0267 0x0d1c  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
19:36:20.0283 0x0d1c  bthhfhid - ok
19:36:20.0299 0x0d1c  [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
19:36:20.0314 0x0d1c  BTHMODEM - ok
19:36:20.0439 0x0d1c  [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv         C:\WINDOWS\system32\bthserv.dll
19:36:20.0455 0x0d1c  bthserv - ok
19:36:20.0517 0x0d1c  [ 10EF50A5B530C113ADD8F23C76E00771, DEB96AF70F39E03F5830B8CF4CD267400ABA32C4914569FF4D9A6F312DD9FC84 ] CatWSw8         C:\WINDOWS\system32\Drivers\CatWSw864.sys
19:36:20.0517 0x0d1c  CatWSw8 - ok
19:36:20.0564 0x0d1c  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
19:36:20.0580 0x0d1c  cdfs - ok
19:36:20.0642 0x0d1c  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
19:36:20.0674 0x0d1c  cdrom - ok
19:36:20.0736 0x0d1c  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
19:36:20.0752 0x0d1c  CertPropSvc - ok
19:36:20.0814 0x0d1c  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
19:36:20.0814 0x0d1c  circlass - ok
19:36:20.0892 0x0d1c  [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
19:36:20.0924 0x0d1c  CLFS - ok
19:36:21.0017 0x0d1c  [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive  C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
19:36:21.0017 0x0d1c  CLVirtualDrive - ok
19:36:21.0049 0x0d1c  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
19:36:21.0049 0x0d1c  CmBatt - ok
19:36:21.0158 0x0d1c  [ 3930E508DDA46C1FF68FD963F350AA0A, BF63F9C7AB30E2A8199D65EDD6DCBB797C93A4A0B972373643FBE1C38BCFA697 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
19:36:21.0205 0x0d1c  CNG - ok
19:36:21.0252 0x0d1c  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
19:36:21.0267 0x0d1c  CompositeBus - ok
19:36:21.0283 0x0d1c  COMSysApp - ok
19:36:21.0345 0x0d1c  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
19:36:21.0345 0x0d1c  condrv - ok
19:36:21.0408 0x0d1c  [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
19:36:21.0423 0x0d1c  CryptSvc - ok
19:36:21.0486 0x0d1c  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
19:36:21.0486 0x0d1c  dam - ok
19:36:21.0611 0x0d1c  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:36:21.0674 0x0d1c  DcomLaunch - ok
19:36:21.0767 0x0d1c  [ D249C3A58A4FCF755EF4C94F7047E015, 68C044CE2DB93FB502F85F6E081EA164F6E6DCBA6B3EE2A5CBDA122065E522F8 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
19:36:21.0799 0x0d1c  defragsvc - ok
19:36:21.0892 0x0d1c  [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\WINDOWS\system32\das.dll
19:36:21.0939 0x0d1c  DeviceAssociationService - ok
19:36:21.0986 0x0d1c  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
19:36:22.0002 0x0d1c  DeviceInstall - ok
19:36:22.0049 0x0d1c  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
19:36:22.0064 0x0d1c  Dfsc - ok
19:36:22.0111 0x0d1c  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
19:36:22.0111 0x0d1c  dg_ssudbus - ok
19:36:22.0189 0x0d1c  [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
19:36:22.0220 0x0d1c  Dhcp - ok
19:36:22.0283 0x0d1c  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
19:36:22.0299 0x0d1c  disk - ok
19:36:22.0314 0x0d1c  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
19:36:22.0330 0x0d1c  dmvsc - ok
19:36:22.0392 0x0d1c  [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:36:22.0424 0x0d1c  Dnscache - ok
19:36:22.0486 0x0d1c  [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:36:22.0517 0x0d1c  dot3svc - ok
19:36:22.0595 0x0d1c  [ 27069CFFF29B7F04F4B1BB10154BE52B, 6869626F9A1D3F64224883C5E661638CEE893A3E29651C7B9302A03E52180415 ] dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
19:36:22.0611 0x0d1c  dot4 - ok
19:36:22.0658 0x0d1c  [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print       C:\WINDOWS\System32\drivers\Dot4Prt.sys
19:36:22.0658 0x0d1c  Dot4Print - ok
19:36:22.0689 0x0d1c  [ B7D595F2F464F7B628AD53F06547792C, F5D06A91EF54FBF56305FCC882B854350B266B2A005D80CC77AEBC2929440729 ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
19:36:22.0689 0x0d1c  dot4usb - ok
19:36:22.0736 0x0d1c  [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS             C:\WINDOWS\system32\dps.dll
19:36:22.0767 0x0d1c  DPS - ok
19:36:22.0814 0x0d1c  [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:36:22.0830 0x0d1c  drmkaud - ok
19:36:22.0892 0x0d1c  [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
19:36:22.0908 0x0d1c  DsmSvc - ok
19:36:23.0095 0x0d1c  [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
19:36:23.0220 0x0d1c  DXGKrnl - ok
19:36:23.0283 0x0d1c  [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
19:36:23.0299 0x0d1c  Eaphost - ok
19:36:23.0658 0x0d1c  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
19:36:23.0924 0x0d1c  ebdrv - ok
19:36:24.0002 0x0d1c  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS             C:\WINDOWS\System32\lsass.exe
19:36:24.0017 0x0d1c  EFS - ok
19:36:24.0064 0x0d1c  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
19:36:24.0080 0x0d1c  EhStorClass - ok
19:36:24.0111 0x0d1c  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
19:36:24.0127 0x0d1c  EhStorTcgDrv - ok
19:36:24.0158 0x0d1c  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
19:36:24.0158 0x0d1c  ErrDev - ok
19:36:24.0267 0x0d1c  [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem     C:\WINDOWS\system32\es.dll
19:36:24.0314 0x0d1c  EventSystem - ok
19:36:24.0361 0x0d1c  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
19:36:24.0377 0x0d1c  exfat - ok
19:36:24.0455 0x0d1c  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
19:36:24.0470 0x0d1c  fastfat - ok
19:36:24.0580 0x0d1c  [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax             C:\WINDOWS\system32\fxssvc.exe
19:36:24.0642 0x0d1c  Fax - ok
19:36:24.0674 0x0d1c  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
19:36:24.0689 0x0d1c  fdc - ok
19:36:24.0736 0x0d1c  [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
19:36:24.0736 0x0d1c  fdPHost - ok
19:36:24.0767 0x0d1c  [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
19:36:24.0767 0x0d1c  FDResPub - ok
19:36:24.0830 0x0d1c  [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
19:36:24.0845 0x0d1c  fhsvc - ok
19:36:24.0908 0x0d1c  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
19:36:24.0924 0x0d1c  FileInfo - ok
19:36:24.0971 0x0d1c  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
19:36:24.0971 0x0d1c  Filetrace - ok
19:36:25.0002 0x0d1c  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
19:36:25.0017 0x0d1c  flpydisk - ok
19:36:25.0095 0x0d1c  [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
19:36:25.0127 0x0d1c  FltMgr - ok
19:36:25.0283 0x0d1c  [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache       C:\WINDOWS\system32\FntCache.dll
19:36:25.0408 0x0d1c  FontCache - ok
19:36:25.0502 0x0d1c  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:36:25.0517 0x0d1c  FontCache3.0.0.0 - ok
19:36:25.0596 0x0d1c  [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
19:36:25.0611 0x0d1c  FsDepends - ok
19:36:25.0642 0x0d1c  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:36:25.0642 0x0d1c  Fs_Rec - ok
19:36:25.0767 0x0d1c  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
19:36:25.0814 0x0d1c  fvevol - ok
19:36:25.0861 0x0d1c  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
19:36:25.0861 0x0d1c  FxPPM - ok
19:36:25.0892 0x0d1c  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
19:36:25.0908 0x0d1c  gagp30kx - ok
19:36:25.0955 0x0d1c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:36:25.0970 0x0d1c  GEARAspiWDM - ok
19:36:26.0033 0x0d1c  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
19:36:26.0033 0x0d1c  gencounter - ok
19:36:26.0080 0x0d1c  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
19:36:26.0095 0x0d1c  GPIOClx0101 - ok
19:36:26.0252 0x0d1c  [ 69DB09F0263C637DA8568D404842466A, D042194266978AAD31E04DAF7018CD50754077212DC74A4D8AFF6BFEE80CDD20 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
19:36:26.0361 0x0d1c  gpsvc - ok
19:36:26.0470 0x0d1c  [ BE99918C2211431C6424EFFD087FD9C7, 2994D8B89E41A3C1D6BA01B032C3B16EF11401D57BBD45C124F7B00004705D19 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:36:26.0470 0x0d1c  gupdate - ok
19:36:26.0502 0x0d1c  [ BE99918C2211431C6424EFFD087FD9C7, 2994D8B89E41A3C1D6BA01B032C3B16EF11401D57BBD45C124F7B00004705D19 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:36:26.0502 0x0d1c  gupdatem - ok
19:36:26.0564 0x0d1c  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
19:36:26.0580 0x0d1c  HDAudBus - ok
19:36:26.0642 0x0d1c  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
19:36:26.0642 0x0d1c  HidBatt - ok
19:36:26.0689 0x0d1c  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
19:36:26.0705 0x0d1c  HidBth - ok
19:36:26.0736 0x0d1c  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
19:36:26.0736 0x0d1c  hidi2c - ok
19:36:26.0783 0x0d1c  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
19:36:26.0799 0x0d1c  HidIr - ok
19:36:26.0861 0x0d1c  [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv         C:\WINDOWS\system32\hidserv.dll
19:36:26.0861 0x0d1c  hidserv - ok
19:36:26.0908 0x0d1c  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
19:36:26.0908 0x0d1c  HidUsb - ok
19:36:26.0986 0x0d1c  [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
19:36:27.0002 0x0d1c  hkmsvc - ok
19:36:27.0049 0x0d1c  [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
19:36:27.0080 0x0d1c  HomeGroupListener - ok
19:36:27.0158 0x0d1c  [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
19:36:27.0205 0x0d1c  HomeGroupProvider - ok
19:36:27.0267 0x0d1c  [ BB1FC298BE53AAB1E110F6E786BD8AC5, C2DA2C3CE96D5F8B50013063B5EF7BED7478636896C709A7AF34855B2E69B9F1 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
19:36:27.0283 0x0d1c  HP Support Assistant Service - ok
19:36:27.0361 0x0d1c  [ AA985AF8CB15E752AE608A76E6B11DAC, 21185569DD2633F25D746AB9B8FD9C19D1CE78B69E19475E89840C2F639754B2 ] HPConnectedRemote C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
19:36:27.0361 0x0d1c  HPConnectedRemote - ok
19:36:27.0486 0x0d1c  [ 9B7EDD3FE7C211C36E921D34D18A3A0A, 03A450F85A042F9668D1560FA2B8B89783568C87CDB1A8685CDA2AC9FE3761C3 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
19:36:27.0564 0x0d1c  hpqwmiex - ok
19:36:27.0627 0x0d1c  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
19:36:27.0627 0x0d1c  HpSAMD - ok
19:36:27.0658 0x0d1c  [ 3C5B2067338E4EFDADE94E4A72728F23, 72E21FA1E660F9405A5E39B0F89AB21C60F20BAC13247567EF7139AC130F1897 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
19:36:27.0674 0x0d1c  HPWMISVC - ok
19:36:27.0799 0x0d1c  [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
19:36:27.0892 0x0d1c  HTTP - ok
19:36:27.0955 0x0d1c  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
19:36:27.0970 0x0d1c  hwpolicy - ok
19:36:27.0986 0x0d1c  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
19:36:28.0002 0x0d1c  hyperkbd - ok
19:36:28.0049 0x0d1c  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
19:36:28.0049 0x0d1c  HyperVideo - ok
19:36:28.0080 0x0d1c  [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
19:36:28.0095 0x0d1c  i8042prt - ok
19:36:28.0127 0x0d1c  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
19:36:28.0142 0x0d1c  iaLPSSi_GPIO - ok
19:36:28.0174 0x0d1c  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
19:36:28.0189 0x0d1c  iaLPSSi_I2C - ok
19:36:28.0283 0x0d1c  [ 6C91E425ACE29594BD574DE38AC9B76D, 697784E4C7AF08B1F35662D8AD871E6890CECE22B6E64985B7C1A66C10DA390D ] iaStorA         C:\WINDOWS\System32\drivers\iaStorA.sys
19:36:28.0345 0x0d1c  iaStorA - ok
19:36:28.0439 0x0d1c  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
19:36:28.0486 0x0d1c  iaStorAV - ok
19:36:28.0549 0x0d1c  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
19:36:28.0580 0x0d1c  iaStorV - ok
19:36:28.0845 0x0d1c  [ 5AD5A7781BE907D6E2D75CA1DADAA97B, 355234ED6E49A1080CFFC9C18D185DA653A00C6B79B204368A971EACE5A416A9 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
19:36:29.0033 0x0d1c  IconMan_R - ok
19:36:29.0064 0x0d1c  IEEtwCollectorService - ok
19:36:29.0236 0x0d1c  [ DEA76F90F9777E3427D70E380222B23B, B917BA423896A12E45623E3D494CA03317A6FC612CA433C62C897524DC3E756B ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
19:36:29.0330 0x0d1c  IKEEXT - ok
19:36:29.0767 0x0d1c  [ C2F868881D48A568B525255F084EF063, EFB1704AE223CF886EDA5F1411C8178EDE4B5E1F7EE373E3DA89A6EA1A57D91D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
19:36:30.0080 0x0d1c  IntcAzAudAddService - ok
19:36:30.0158 0x0d1c  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
19:36:30.0158 0x0d1c  intelide - ok
19:36:30.0205 0x0d1c  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
19:36:30.0220 0x0d1c  intelpep - ok
19:36:30.0252 0x0d1c  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
19:36:30.0267 0x0d1c  intelppm - ok
19:36:30.0314 0x0d1c  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:36:30.0330 0x0d1c  IpFilterDriver - ok
19:36:30.0455 0x0d1c  [ ACFEE9487693C2BD573DFCA71D98E17C, A347FD476147CD3568EEE6993B46AFC05A66A4269094CA51572D0FD013FCB535 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
19:36:30.0533 0x0d1c  iphlpsvc - ok
19:36:30.0580 0x0d1c  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
19:36:30.0595 0x0d1c  IPMIDRV - ok
19:36:30.0658 0x0d1c  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
19:36:30.0674 0x0d1c  IPNAT - ok
19:36:30.0689 0x0d1c  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
19:36:30.0705 0x0d1c  IRENUM - ok
19:36:30.0767 0x0d1c  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
19:36:30.0767 0x0d1c  isapnp - ok
19:36:30.0861 0x0d1c  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
19:36:30.0892 0x0d1c  iScsiPrt - ok
19:36:30.0924 0x0d1c  [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
19:36:30.0924 0x0d1c  kbdclass - ok
19:36:30.0971 0x0d1c  [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
19:36:30.0971 0x0d1c  kbdhid - ok
19:36:31.0002 0x0d1c  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
19:36:31.0002 0x0d1c  kdnic - ok
19:36:31.0033 0x0d1c  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso          C:\WINDOWS\system32\lsass.exe
19:36:31.0049 0x0d1c  KeyIso - ok
19:36:31.0127 0x0d1c  [ 795EC29BA21F1D948FD6FD740C00B599, 780900717A812C5DB78C67057010BD62DF2C756C087599A6F8C67CB4EFA7518C ] kl1             C:\WINDOWS\system32\DRIVERS\kl1.sys
19:36:31.0174 0x0d1c  kl1 - ok
19:36:31.0205 0x0d1c  [ F2EB9202FCCC81E0902D3C5A70037A44, 9554851BB68228500E69536B0C484B32FC92B85A76A7F1F268549212D0D5CFCA ] klelam          C:\WINDOWS\system32\DRIVERS\klelam.sys
19:36:31.0205 0x0d1c  klelam - ok
19:36:31.0314 0x0d1c  [ 5F247D87B44E26AED440A063A7A4FDB7, BC2BAD216A9262105CAF0F20BF539B92CB66FD0EB67AB8FAE45B0249E9F59C57 ] KLIF            C:\WINDOWS\system32\DRIVERS\klif.sys
19:36:31.0361 0x0d1c  KLIF - ok
19:36:31.0392 0x0d1c  [ B6822DEFE601629F19E0A2D7F0D623F2, FD71A2AA3FC4698B5436D185E2F2A3EB6A111AE8F35606E1658E2D18CE744F13 ] KLIM6           C:\WINDOWS\system32\DRIVERS\klim6.sys
19:36:31.0392 0x0d1c  KLIM6 - ok
19:36:31.0424 0x0d1c  [ AEEC4E904850525C4D4552AF4A971BA3, C8E5267A5CE244096162118DFE72D2EA494DD34ECAEC74B7EB0DF770761E06C0 ] klkbdflt        C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
19:36:31.0424 0x0d1c  klkbdflt - ok
19:36:31.0486 0x0d1c  [ 8849D8F6259D3494E8C5C9482EE40A08, 62C60FD28916407AEF3C4F8B8FF7E5FCDFAE261E772E672E3E06F0D0CA6D6729 ] klmouflt        C:\WINDOWS\system32\DRIVERS\klmouflt.sys
19:36:31.0486 0x0d1c  klmouflt - ok
19:36:31.0517 0x0d1c  [ 781EFBB7BDE229C1615892E2A2D98721, 82D017AE1ADE75075F83B62256A9DC14F6D764ADF6E79CF2717854BCA5F5F1C5 ] klwfp           C:\WINDOWS\system32\DRIVERS\klwfp.sys
19:36:31.0517 0x0d1c  klwfp - ok
19:36:31.0564 0x0d1c  [ 07071C1E3CD8F0F9114AAC8B072CA1E5, F72E49D9A77BBE28B135D5DDBD9037083D90400A6D61DA45B5D53C4ACFFAF932 ] KMWDFILTER      C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
19:36:31.0564 0x0d1c  KMWDFILTER - ok
19:36:31.0611 0x0d1c  [ 1FCB657B581CC4DF17FD6571F93602DE, D5D95773D19AA47BA619D149FD6068198E2AA05C219C3936E327B3DFFDE6B10C ] kneps           C:\WINDOWS\system32\DRIVERS\kneps.sys
19:36:31.0627 0x0d1c  kneps - ok
19:36:31.0705 0x0d1c  [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
19:36:31.0705 0x0d1c  KSecDD - ok
19:36:31.0783 0x0d1c  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
19:36:31.0799 0x0d1c  KSecPkg - ok
19:36:31.0846 0x0d1c  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
19:36:31.0861 0x0d1c  ksthunk - ok
19:36:31.0939 0x0d1c  [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
19:36:31.0971 0x0d1c  KtmRm - ok
19:36:32.0064 0x0d1c  [ 793EACA6BAE9F481C2059BCB3743EB4A, 2624905C6B6A1227BD1CAC7D4FE55A5F6543E1278DAB31EC553748472D180D1D ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
19:36:32.0095 0x0d1c  LanmanServer - ok
19:36:32.0189 0x0d1c  [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
19:36:32.0221 0x0d1c  LanmanWorkstation - ok
19:36:32.0314 0x0d1c  [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
19:36:32.0361 0x0d1c  lfsvc - ok
19:36:32.0392 0x0d1c  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
19:36:32.0408 0x0d1c  lltdio - ok
19:36:32.0486 0x0d1c  [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
19:36:32.0517 0x0d1c  lltdsvc - ok
19:36:32.0580 0x0d1c  [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
19:36:32.0580 0x0d1c  lmhosts - ok
19:36:32.0642 0x0d1c  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
19:36:32.0658 0x0d1c  LSI_SAS - ok
19:36:32.0705 0x0d1c  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
19:36:32.0705 0x0d1c  LSI_SAS2 - ok
19:36:32.0736 0x0d1c  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
19:36:32.0752 0x0d1c  LSI_SAS3 - ok
19:36:32.0783 0x0d1c  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
19:36:32.0783 0x0d1c  LSI_SSS - ok
19:36:32.0908 0x0d1c  [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM             C:\WINDOWS\System32\lsm.dll
19:36:32.0970 0x0d1c  LSM - ok
19:36:33.0033 0x0d1c  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
19:36:33.0049 0x0d1c  luafv - ok
19:36:33.0142 0x0d1c  [ 1704A8189EE5580AB147CFD25C5C8770, DFA076FD36B5CC844D4BE3B865E9A1F809E14CCB1D78D82A2D8D8EE38210E6EB ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
19:36:33.0158 0x0d1c  McComponentHostService - ok
19:36:33.0221 0x0d1c  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
19:36:33.0221 0x0d1c  megasas - ok
19:36:33.0299 0x0d1c  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
19:36:33.0345 0x0d1c  megasr - ok
19:36:33.0408 0x0d1c  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS           C:\WINDOWS\system32\mmcss.dll
19:36:33.0424 0x0d1c  MMCSS - ok
19:36:33.0471 0x0d1c  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
19:36:33.0471 0x0d1c  Modem - ok
19:36:33.0502 0x0d1c  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
19:36:33.0517 0x0d1c  monitor - ok
19:36:33.0549 0x0d1c  [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
19:36:33.0549 0x0d1c  mouclass - ok
19:36:33.0611 0x0d1c  [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
19:36:33.0611 0x0d1c  mouhid - ok
19:36:33.0658 0x0d1c  [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
19:36:33.0658 0x0d1c  mountmgr - ok
19:36:33.0689 0x0d1c  [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
19:36:33.0705 0x0d1c  mpsdrv - ok
19:36:33.0830 0x0d1c  [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
19:36:33.0908 0x0d1c  MpsSvc - ok
19:36:33.0986 0x0d1c  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
19:36:34.0002 0x0d1c  MRxDAV - ok
19:36:34.0111 0x0d1c  [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:36:34.0142 0x0d1c  mrxsmb - ok
19:36:34.0205 0x0d1c  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
19:36:34.0236 0x0d1c  mrxsmb10 - ok
19:36:34.0299 0x0d1c  [ C910E5D18958914A66F0E45689D0B40A, AD7C91DD8A60A511E580DD56BACC97F85075A539E7C5D95040A8F870A621DAF4 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
19:36:34.0314 0x0d1c  mrxsmb20 - ok
19:36:34.0361 0x0d1c  [ E0927EFA25D473367C3341B9F5969779, B77A162BD3334557623674373D8EC2BE7CC0B359DF06304E467ABFFEE0530271 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
19:36:34.0377 0x0d1c  MsBridge - ok
19:36:34.0439 0x0d1c  [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
19:36:34.0455 0x0d1c  MSDTC - ok
19:36:34.0533 0x0d1c  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:36:34.0533 0x0d1c  Msfs - ok
19:36:34.0596 0x0d1c  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
19:36:34.0596 0x0d1c  msgpiowin32 - ok
19:36:34.0627 0x0d1c  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
19:36:34.0627 0x0d1c  mshidkmdf - ok
19:36:34.0658 0x0d1c  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
19:36:34.0674 0x0d1c  mshidumdf - ok
19:36:34.0721 0x0d1c  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
19:36:34.0721 0x0d1c  msisadrv - ok
19:36:34.0783 0x0d1c  [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
19:36:34.0799 0x0d1c  MSiSCSI - ok
19:36:34.0830 0x0d1c  msiserver - ok
19:36:34.0877 0x0d1c  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:36:34.0892 0x0d1c  MSKSSRV - ok
19:36:34.0939 0x0d1c  [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
19:36:34.0955 0x0d1c  MsLldp - ok
19:36:34.0970 0x0d1c  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:36:34.0986 0x0d1c  MSPCLOCK - ok
19:36:35.0002 0x0d1c  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:36:35.0002 0x0d1c  MSPQM - ok
19:36:35.0080 0x0d1c  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
19:36:35.0111 0x0d1c  MsRPC - ok
19:36:35.0158 0x0d1c  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
19:36:35.0174 0x0d1c  mssmbios - ok
19:36:35.0205 0x0d1c  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
19:36:35.0205 0x0d1c  MSTEE - ok
19:36:35.0236 0x0d1c  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
19:36:35.0252 0x0d1c  MTConfig - ok
19:36:35.0299 0x0d1c  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
19:36:35.0314 0x0d1c  Mup - ok
19:36:35.0346 0x0d1c  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
19:36:35.0346 0x0d1c  mvumis - ok
19:36:35.0439 0x0d1c  [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent        C:\WINDOWS\system32\qagentRT.dll
19:36:35.0486 0x0d1c  napagent - ok
19:36:35.0580 0x0d1c  [ 26ACA481FAFEC59FE311D719E3027BBA, 16A24CCA95A38BDFE970580159F6ACAA13FF1B74CF2290B1B020D909F90D3347 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
19:36:35.0627 0x0d1c  NativeWifiP - ok
19:36:35.0689 0x0d1c  [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
19:36:35.0705 0x0d1c  NcaSvc - ok
19:36:35.0752 0x0d1c  [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
19:36:35.0767 0x0d1c  NcbService - ok
19:36:35.0799 0x0d1c  [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
19:36:35.0814 0x0d1c  NcdAutoSetup - ok
19:36:35.0955 0x0d1c  [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
19:36:36.0049 0x0d1c  NDIS - ok
19:36:36.0111 0x0d1c  [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
19:36:36.0111 0x0d1c  NdisCap - ok
19:36:36.0158 0x0d1c  [ B1AA3B19A2E596A59224F893E01A5A75, E08696CA5E087E51AC3E64D4FB8490EEADD612DDF30C9A94DD1BD1BA124B71B7 ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
19:36:36.0174 0x0d1c  NdisImPlatform - ok
19:36:36.0221 0x0d1c  [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:36:36.0236 0x0d1c  NdisTapi - ok
19:36:36.0252 0x0d1c  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:36:36.0267 0x0d1c  Ndisuio - ok
19:36:36.0299 0x0d1c  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
19:36:36.0299 0x0d1c  NdisVirtualBus - ok
19:36:36.0345 0x0d1c  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:36:36.0377 0x0d1c  NdisWan - ok
19:36:36.0408 0x0d1c  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:36:36.0424 0x0d1c  NdisWanLegacy - ok
19:36:36.0471 0x0d1c  [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:36:36.0471 0x0d1c  NDProxy - ok
19:36:36.0517 0x0d1c  [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
19:36:36.0533 0x0d1c  Ndu - ok
19:36:36.0580 0x0d1c  [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl         C:\WINDOWS\system32\DRIVERS\netaapl64.sys
19:36:36.0580 0x0d1c  Netaapl - ok
19:36:36.0611 0x0d1c  [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:36:36.0611 0x0d1c  NetBIOS - ok
19:36:36.0705 0x0d1c  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
19:36:36.0720 0x0d1c  NetBT - ok
19:36:36.0752 0x0d1c  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon        C:\WINDOWS\system32\lsass.exe
19:36:36.0767 0x0d1c  Netlogon - ok
19:36:36.0830 0x0d1c  [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman          C:\WINDOWS\System32\netman.dll
19:36:36.0861 0x0d1c  Netman - ok
19:36:36.0955 0x0d1c  [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
19:36:37.0002 0x0d1c  netprofm - ok
19:36:37.0096 0x0d1c  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:36:37.0142 0x0d1c  NetTcpPortSharing - ok
19:36:37.0252 0x0d1c  [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc          C:\WINDOWS\system32\DRIVERS\netvsc63.sys
19:36:37.0267 0x0d1c  netvsc - ok
19:36:37.0361 0x0d1c  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
19:36:37.0392 0x0d1c  NlaSvc - ok
19:36:37.0424 0x0d1c  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:36:37.0439 0x0d1c  Npfs - ok
19:36:37.0486 0x0d1c  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
19:36:37.0486 0x0d1c  npsvctrig - ok
19:36:37.0549 0x0d1c  [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi             C:\WINDOWS\system32\nsisvc.dll
19:36:37.0549 0x0d1c  nsi - ok
19:36:37.0580 0x0d1c  [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
19:36:37.0595 0x0d1c  nsiproxy - ok
19:36:37.0845 0x0d1c  [ 038C77D577900EE39410662478BB0D50, A33AAFD5750245C17A47EC71F3C6EAD2E0925CAD34C65AB3E6CEE44756C668E6 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:36:38.0017 0x0d1c  Ntfs - ok
19:36:38.0080 0x0d1c  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:36:38.0096 0x0d1c  Null - ok
19:36:38.0127 0x0d1c  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
19:36:38.0142 0x0d1c  nvraid - ok
19:36:38.0174 0x0d1c  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
19:36:38.0189 0x0d1c  nvstor - ok
19:36:38.0236 0x0d1c  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
19:36:38.0252 0x0d1c  nv_agp - ok
19:36:38.0580 0x0d1c  [ 4E2D0656946F2A19FED1C60E0E4FC1AF, 5551D5BD89EB650C5485BBB58DAA5473044B7C967B72687A27430FA9A1E812FE ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
19:36:38.0736 0x0d1c  Origin Client Service - ok
19:36:38.0830 0x0d1c  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
19:36:38.0877 0x0d1c  p2pimsvc - ok
19:36:38.0955 0x0d1c  [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
19:36:39.0002 0x0d1c  p2psvc - ok
19:36:39.0064 0x0d1c  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
19:36:39.0080 0x0d1c  Parport - ok
19:36:39.0111 0x0d1c  [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
19:36:39.0127 0x0d1c  partmgr - ok
19:36:39.0205 0x0d1c  [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
19:36:39.0236 0x0d1c  PcaSvc - ok
19:36:39.0330 0x0d1c  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
19:36:39.0361 0x0d1c  pci - ok
19:36:39.0392 0x0d1c  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
19:36:39.0392 0x0d1c  pciide - ok
19:36:39.0455 0x0d1c  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
19:36:39.0471 0x0d1c  pcmcia - ok
19:36:39.0502 0x0d1c  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
19:36:39.0517 0x0d1c  pcw - ok
19:36:39.0580 0x0d1c  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
19:36:39.0580 0x0d1c  pdc - ok
19:36:39.0689 0x0d1c  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
19:36:39.0752 0x0d1c  PEAUTH - ok
19:36:39.0908 0x0d1c  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
19:36:39.0924 0x0d1c  PerfHost - ok
19:36:40.0158 0x0d1c  [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla             C:\WINDOWS\system32\pla.dll
19:36:40.0283 0x0d1c  pla - ok
19:36:40.0330 0x0d1c  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
19:36:40.0361 0x0d1c  PlugPlay - ok
19:36:40.0408 0x0d1c  [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
19:36:40.0408 0x0d1c  PNRPAutoReg - ok
19:36:40.0486 0x0d1c  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
19:36:40.0517 0x0d1c  PNRPsvc - ok
19:36:40.0596 0x0d1c  [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
19:36:40.0642 0x0d1c  PolicyAgent - ok
19:36:40.0721 0x0d1c  [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power           C:\WINDOWS\system32\umpo.dll
19:36:40.0736 0x0d1c  Power - ok
19:36:41.0064 0x0d1c  [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
19:36:41.0346 0x0d1c  PrintNotify - ok
19:36:41.0424 0x0d1c  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
19:36:41.0439 0x0d1c  Processor - ok
19:36:41.0502 0x0d1c  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
19:36:41.0533 0x0d1c  ProfSvc - ok
19:36:41.0596 0x0d1c  [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
19:36:41.0596 0x0d1c  Psched - ok
19:36:41.0674 0x0d1c  [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE           C:\WINDOWS\system32\qwave.dll
19:36:41.0705 0x0d1c  QWAVE - ok
19:36:41.0736 0x0d1c  [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
19:36:41.0736 0x0d1c  QWAVEdrv - ok
19:36:41.0799 0x0d1c  [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:36:41.0799 0x0d1c  RasAcd - ok
19:36:41.0861 0x0d1c  [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:36:41.0877 0x0d1c  RasAuto - ok
19:36:41.0970 0x0d1c  [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:36:42.0017 0x0d1c  RasMan - ok
19:36:42.0049 0x0d1c  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:36:42.0064 0x0d1c  RasPppoe - ok
19:36:42.0142 0x0d1c  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:36:42.0189 0x0d1c  rdbss - ok
19:36:42.0236 0x0d1c  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
19:36:42.0252 0x0d1c  rdpbus - ok
19:36:42.0314 0x0d1c  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
19:36:42.0330 0x0d1c  RDPDR - ok
19:36:42.0377 0x0d1c  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
19:36:42.0392 0x0d1c  RdpVideoMiniport - ok
19:36:42.0455 0x0d1c  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
19:36:42.0486 0x0d1c  rdyboost - ok
19:36:42.0627 0x0d1c  [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
19:36:42.0705 0x0d1c  ReFS - ok
19:36:42.0767 0x0d1c  [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:36:42.0799 0x0d1c  RemoteAccess - ok
19:36:42.0861 0x0d1c  [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:36:42.0877 0x0d1c  RemoteRegistry - ok
19:36:42.0939 0x0d1c  [ 7B04C9843921AB1F695FB395422C5360, C9B02BE0384357FD242613C2A12029B45322AF9A795CD69F33500CA7530899A7 ] RimUsb          C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys
19:36:42.0939 0x0d1c  RimUsb - ok
19:36:43.0002 0x0d1c  [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
19:36:43.0017 0x0d1c  RpcEptMapper - ok
19:36:43.0080 0x0d1c  [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator      C:\WINDOWS\system32\locator.exe
19:36:43.0080 0x0d1c  RpcLocator - ok
19:36:43.0189 0x0d1c  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
19:36:43.0252 0x0d1c  RpcSs - ok
19:36:43.0346 0x0d1c  [ 8EAAC43684B9DE3F1532767EEB3DCA97, 70B0383649D489875BB6C2723557A598311995A02F87270740A353705B335ACD ] RSP2STOR        C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys
19:36:43.0361 0x0d1c  RSP2STOR - ok
19:36:43.0408 0x0d1c  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
19:36:43.0424 0x0d1c  rspndr - ok
19:36:43.0502 0x0d1c  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
19:36:43.0549 0x0d1c  RTL8168 - ok
19:36:43.0580 0x0d1c  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
19:36:43.0596 0x0d1c  s3cap - ok
19:36:43.0642 0x0d1c  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs           C:\WINDOWS\system32\lsass.exe
19:36:43.0658 0x0d1c  SamSs - ok
19:36:43.0721 0x0d1c  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
19:36:43.0721 0x0d1c  sbp2port - ok
19:36:43.0783 0x0d1c  [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
19:36:43.0814 0x0d1c  SCardSvr - ok
19:36:43.0846 0x0d1c  [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
19:36:43.0861 0x0d1c  ScDeviceEnum - ok
19:36:43.0924 0x0d1c  [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
19:36:43.0939 0x0d1c  scfilter - ok
19:36:44.0096 0x0d1c  [ D3AE5DB16EAF913860EC28654CE00E6B, AD76B6044F7247C6E86F6DCB7CFD6B25BCA2B9F09A97A419F043A999E66726A2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:36:44.0205 0x0d1c  Schedule - ok
19:36:44.0283 0x0d1c  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
19:36:44.0283 0x0d1c  SCPolicySvc - ok
19:36:44.0361 0x0d1c  [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
19:36:44.0392 0x0d1c  sdbus - ok
19:36:44.0455 0x0d1c  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
19:36:44.0471 0x0d1c  sdstor - ok
19:36:44.0533 0x0d1c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
19:36:44.0533 0x0d1c  secdrv - ok
19:36:44.0596 0x0d1c  [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon        C:\WINDOWS\system32\seclogon.dll
19:36:44.0611 0x0d1c  seclogon - ok
19:36:44.0642 0x0d1c  [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS            C:\WINDOWS\System32\sens.dll
19:36:44.0658 0x0d1c  SENS - ok
19:36:44.0705 0x0d1c  [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
19:36:44.0736 0x0d1c  SensrSvc - ok
19:36:44.0799 0x0d1c  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
19:36:44.0799 0x0d1c  SerCx - ok
19:36:44.0861 0x0d1c  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
19:36:44.0877 0x0d1c  SerCx2 - ok
19:36:44.0908 0x0d1c  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
19:36:44.0908 0x0d1c  Serenum - ok
19:36:44.0955 0x0d1c  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
19:36:44.0971 0x0d1c  Serial - ok
19:36:45.0002 0x0d1c  [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
19:36:45.0017 0x0d1c  sermouse - ok
19:36:45.0111 0x0d1c  [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
19:36:45.0142 0x0d1c  SessionEnv - ok
19:36:45.0174 0x0d1c  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
19:36:45.0174 0x0d1c  sfloppy - ok
19:36:45.0267 0x0d1c  [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
19:36:45.0314 0x0d1c  SharedAccess - ok
19:36:45.0439 0x0d1c  [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:36:45.0502 0x0d1c  ShellHWDetection - ok
19:36:45.0549 0x0d1c  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
19:36:45.0549 0x0d1c  SiSRaid2 - ok
19:36:45.0580 0x0d1c  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
19:36:45.0596 0x0d1c  SiSRaid4 - ok
19:36:45.0658 0x0d1c  [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost         C:\WINDOWS\System32\smphost.dll
19:36:45.0658 0x0d1c  smphost - ok
19:36:45.0721 0x0d1c  [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
19:36:45.0736 0x0d1c  SNMPTRAP - ok
19:36:45.0830 0x0d1c  [ 240C5C3793206725AA05665851E8C214, 96ADFB85EB1623EB00C251C1C6A1F441A1795F0EBFD10B17DD1CA58E3AE8A90D ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
19:36:45.0861 0x0d1c  spaceport - ok
19:36:45.0924 0x0d1c  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
19:36:45.0924 0x0d1c  SpbCx - ok
19:36:46.0033 0x0d1c  [ 42FEA9E0BA9761D9E65A4F167D91515B, 9A34CE83F3ACD50608671BDABE5E475F8E0C8335D3B8B7B3D7E84B2A319FA29F ] Spooler         C:\WINDOWS\System32\spoolsv.exe
19:36:46.0096 0x0d1c  Spooler - ok
19:36:46.0736 0x0d1c  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
19:36:47.0221 0x0d1c  sppsvc - ok
19:36:47.0455 0x0d1c  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:36:47.0486 0x0d1c  srv - ok
19:36:47.0580 0x0d1c  [ 5BED3AB69797C8786EF70AEA8C33748B, 0474EE6C43D437CBA9848BCF25D1341B122D7E9F371A0FF3C62C83D14B2CB095 ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
19:36:47.0627 0x0d1c  srv2 - ok
19:36:47.0705 0x0d1c  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
19:36:47.0736 0x0d1c  srvnet - ok
19:36:47.0799 0x0d1c  [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:36:47.0830 0x0d1c  SSDPSRV - ok
19:36:47.0892 0x0d1c  [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
19:36:47.0924 0x0d1c  SstpSvc - ok
19:36:47.0986 0x0d1c  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
19:36:48.0002 0x0d1c  ssudmdm - ok
19:36:48.0049 0x0d1c  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
19:36:48.0064 0x0d1c  stexstor - ok
19:36:48.0174 0x0d1c  [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
19:36:48.0221 0x0d1c  stisvc - ok
19:36:48.0267 0x0d1c  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
19:36:48.0267 0x0d1c  storahci - ok
19:36:48.0314 0x0d1c  [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt         C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
19:36:48.0314 0x0d1c  storflt - ok
19:36:48.0377 0x0d1c  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
19:36:48.0392 0x0d1c  stornvme - ok
19:36:48.0439 0x0d1c  [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
19:36:48.0455 0x0d1c  StorSvc - ok
19:36:48.0486 0x0d1c  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
19:36:48.0486 0x0d1c  storvsc - ok
19:36:48.0549 0x0d1c  [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc           C:\WINDOWS\system32\svsvc.dll
19:36:48.0549 0x0d1c  svsvc - ok
19:36:48.0611 0x0d1c  [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
19:36:48.0611 0x0d1c  swenum - ok
19:36:48.0721 0x0d1c  [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv           C:\WINDOWS\System32\swprv.dll
19:36:48.0783 0x0d1c  swprv - ok
19:36:48.0877 0x0d1c  [ 1C9BC67929C728DED1091CA19C3F7D41, 78C7EA28E339FCDBD74470938298E33AB41A14CEE967E1B82CE1D11C54594135 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:36:48.0924 0x0d1c  SynTP - ok
19:36:49.0096 0x0d1c  [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain         C:\WINDOWS\system32\sysmain.dll
19:36:49.0189 0x0d1c  SysMain - ok
19:36:49.0283 0x0d1c  [ FD4EA8E9232ADD51DC31C295DDEF2768, 3EA40D7376AB5AA5DA2BCF4745C79F7BF819363466967ECC3CD15ADECBFD7244 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
19:36:49.0314 0x0d1c  SystemEventsBroker - ok
19:36:49.0361 0x0d1c  [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
19:36:49.0392 0x0d1c  TabletInputService - ok
19:36:49.0439 0x0d1c  [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:36:49.0471 0x0d1c  TapiSrv - ok
19:36:49.0752 0x0d1c  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
19:36:49.0955 0x0d1c  Tcpip - ok
19:36:50.0205 0x0d1c  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:36:50.0392 0x0d1c  TCPIP6 - ok
19:36:50.0455 0x0d1c  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
19:36:50.0471 0x0d1c  tcpipreg - ok
19:36:50.0533 0x0d1c  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
19:36:50.0549 0x0d1c  tdx - ok
19:36:50.0611 0x0d1c  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
19:36:50.0611 0x0d1c  terminpt - ok
19:36:50.0752 0x0d1c  [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService     C:\WINDOWS\System32\termsrv.dll
19:36:50.0846 0x0d1c  TermService - ok
19:36:50.0908 0x0d1c  [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes          C:\WINDOWS\system32\themeservice.dll
19:36:50.0924 0x0d1c  Themes - ok
19:36:50.0971 0x0d1c  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
19:36:50.0986 0x0d1c  THREADORDER - ok
19:36:51.0033 0x0d1c  [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
19:36:51.0064 0x0d1c  TimeBroker - ok
19:36:51.0127 0x0d1c  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
19:36:51.0158 0x0d1c  TPM - ok
19:36:51.0236 0x0d1c  [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
19:36:51.0252 0x0d1c  TrkWks - ok
19:36:51.0330 0x0d1c  [ FD44FA80DA03EA144153A76DEBBB61B4, 0C46717F489A415A583470DAE8CF58E47BC307B9CB0F9DB6C4EDF33B7525475C ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
19:36:51.0330 0x0d1c  TrueSight - ok
19:36:51.0408 0x0d1c  [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
19:36:51.0424 0x0d1c  TrustedInstaller - ok
19:36:51.0471 0x0d1c  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
19:36:51.0471 0x0d1c  TsUsbFlt - ok
19:36:51.0533 0x0d1c  [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
19:36:51.0533 0x0d1c  TsUsbGD - ok
19:36:51.0564 0x0d1c  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
19:36:51.0580 0x0d1c  tunnel - ok
19:36:51.0627 0x0d1c  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
19:36:51.0627 0x0d1c  uagp35 - ok
19:36:51.0689 0x0d1c  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
19:36:51.0705 0x0d1c  UASPStor - ok
19:36:51.0783 0x0d1c  [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
19:36:51.0799 0x0d1c  UCX01000 - ok
19:36:51.0861 0x0d1c  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
19:36:51.0877 0x0d1c  udfs - ok
19:36:51.0924 0x0d1c  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
19:36:51.0924 0x0d1c  UEFI - ok
19:36:52.0002 0x0d1c  [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
19:36:52.0017 0x0d1c  UI0Detect - ok
19:36:52.0064 0x0d1c  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
19:36:52.0080 0x0d1c  uliagpkx - ok
19:36:52.0111 0x0d1c  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
19:36:52.0127 0x0d1c  umbus - ok
19:36:52.0158 0x0d1c  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
19:36:52.0158 0x0d1c  UmPass - ok
19:36:52.0236 0x0d1c  [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
19:36:52.0267 0x0d1c  UmRdpService - ok
19:36:52.0346 0x0d1c  [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:36:52.0377 0x0d1c  upnphost - ok
19:36:52.0439 0x0d1c  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
19:36:52.0439 0x0d1c  USBAAPL64 - ok
19:36:52.0502 0x0d1c  [ DF355EB0199198728027962DCFCDE5FB, 9E158BD07389B4CFF99674716647FA3AABEECBD1A98EDF20E544E099A99A8768 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
19:36:52.0517 0x0d1c  usbaudio - ok
19:36:52.0580 0x0d1c  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
19:36:52.0596 0x0d1c  usbccgp - ok
19:36:52.0658 0x0d1c  [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
19:36:52.0674 0x0d1c  usbcir - ok
19:36:52.0721 0x0d1c  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
19:36:52.0736 0x0d1c  usbehci - ok
19:36:52.0783 0x0d1c  [ 4875DC63E548812C75D4FDEF84970C89, 6A29306BAB6F95F0384E16533A9588A654A6E3CFC35D55A4CEB2B14EF34EEE19 ] usbfilter       C:\WINDOWS\system32\DRIVERS\usbfilter.sys
19:36:52.0799 0x0d1c  usbfilter - ok
19:36:52.0877 0x0d1c  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
19:36:52.0924 0x0d1c  usbhub - ok
19:36:53.0033 0x0d1c  [ 65392F3F3F65E4C6CC82A0F4F8A0B051, C11B662A28D95820717DFFC6B76DBB755E4876009A2342E5E3992DE32D6BFF61 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
19:36:53.0064 0x0d1c  USBHUB3 - ok
19:36:53.0143 0x0d1c  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
19:36:53.0158 0x0d1c  usbohci - ok
19:36:53.0189 0x0d1c  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
19:36:53.0189 0x0d1c  usbprint - ok
19:36:53.0267 0x0d1c  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
19:36:53.0283 0x0d1c  USBSTOR - ok
19:36:53.0346 0x0d1c  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
19:36:53.0346 0x0d1c  usbuhci - ok
19:36:53.0424 0x0d1c  [ 18F744E8CCEB2670040EBAF7AD77B8C6, C5E2DF4EA0D946B4DA67DE29FA9D0F079DED35EC59B98E532C4C2D5F8E86DA0A ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
19:36:53.0439 0x0d1c  usbvideo - ok
19:36:53.0533 0x0d1c  [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
19:36:53.0564 0x0d1c  USBXHCI - ok
19:36:53.0611 0x0d1c  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
19:36:53.0611 0x0d1c  VaultSvc - ok
19:36:53.0674 0x0d1c  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
19:36:53.0674 0x0d1c  vdrvroot - ok
19:36:53.0846 0x0d1c  [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds             C:\WINDOWS\System32\vds.exe
19:36:53.0955 0x0d1c  vds - ok
19:36:54.0033 0x0d1c  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
19:36:54.0049 0x0d1c  VerifierExt - ok
19:36:54.0158 0x0d1c  [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
19:36:54.0205 0x0d1c  vhdmp - ok
19:36:54.0252 0x0d1c  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
19:36:54.0252 0x0d1c  viaide - ok
19:36:54.0299 0x0d1c  [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
19:36:54.0299 0x0d1c  vmbus - ok
19:36:54.0330 0x0d1c  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
19:36:54.0330 0x0d1c  VMBusHID - ok
19:36:54.0439 0x0d1c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
19:36:54.0486 0x0d1c  vmicguestinterface - ok
19:36:54.0549 0x0d1c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
19:36:54.0596 0x0d1c  vmicheartbeat - ok
19:36:54.0642 0x0d1c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
19:36:54.0689 0x0d1c  vmickvpexchange - ok
19:36:54.0752 0x0d1c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
19:36:54.0799 0x0d1c  vmicrdv - ok
19:36:54.0861 0x0d1c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
19:36:54.0908 0x0d1c  vmicshutdown - ok
19:36:54.0955 0x0d1c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
19:36:55.0002 0x0d1c  vmictimesync - ok
19:36:55.0064 0x0d1c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
19:36:55.0111 0x0d1c  vmicvss - ok
19:36:55.0189 0x0d1c  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
19:36:55.0205 0x0d1c  volmgr - ok
19:36:55.0252 0x0d1c  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
19:36:55.0283 0x0d1c  volmgrx - ok
19:36:55.0377 0x0d1c  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
19:36:55.0408 0x0d1c  volsnap - ok
19:36:55.0486 0x0d1c  [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
19:36:55.0486 0x0d1c  vpci - ok
19:36:55.0564 0x0d1c  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
19:36:55.0580 0x0d1c  vsmraid - ok
19:36:55.0767 0x0d1c  [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS             C:\WINDOWS\system32\vssvc.exe
19:36:55.0892 0x0d1c  VSS - ok
19:36:55.0955 0x0d1c  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
19:36:55.0986 0x0d1c  VSTXRAID - ok
19:36:56.0064 0x0d1c  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
19:36:56.0080 0x0d1c  vwifibus - ok
19:36:56.0158 0x0d1c  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
19:36:56.0174 0x0d1c  vwififlt - ok
19:36:56.0221 0x0d1c  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
19:36:56.0236 0x0d1c  vwifimp - ok
19:36:56.0314 0x0d1c  [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time         C:\WINDOWS\system32\w32time.dll
19:36:56.0361 0x0d1c  W32Time - ok
19:36:56.0471 0x0d1c  [ 8E553C859C83784DEC08B10AFC3EAC92, 41D8DBA1500DBD3AC9783169ACF545805EF05069F12866238992A30794369254 ] w3logsvc        C:\WINDOWS\system32\inetsrv\w3logsvc.dll
19:36:56.0471 0x0d1c  w3logsvc - ok
19:36:56.0549 0x0d1c  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
19:36:56.0549 0x0d1c  WacomPen - ok
19:36:56.0674 0x0d1c  [ 9BAE40BD31E3EE0B0C70BEF167E0A2BC, 2419AC815C95F2629E1832973501983D06F788728755605D42D6C8565C3CBBF1 ] WAS             C:\WINDOWS\system32\inetsrv\iisw3adm.dll
19:36:56.0721 0x0d1c  WAS - ok
19:36:56.0908 0x0d1c  [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
19:36:57.0033 0x0d1c  wbengine - ok
19:36:57.0142 0x0d1c  [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
19:36:57.0189 0x0d1c  WbioSrvc - ok
19:36:57.0267 0x0d1c  [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
19:36:57.0314 0x0d1c  Wcmsvc - ok
19:36:57.0408 0x0d1c  [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
19:36:57.0439 0x0d1c  wcncsvc - ok
19:36:57.0486 0x0d1c  [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
19:36:57.0486 0x0d1c  WcsPlugInService - ok
19:36:57.0533 0x0d1c  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
19:36:57.0533 0x0d1c  WdBoot - ok
19:36:57.0642 0x0d1c  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
19:36:57.0705 0x0d1c  Wdf01000 - ok
19:36:57.0767 0x0d1c  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
19:36:57.0783 0x0d1c  WdFilter - ok
19:36:57.0846 0x0d1c  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
19:36:57.0861 0x0d1c  WdiServiceHost - ok
19:36:57.0877 0x0d1c  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
19:36:57.0892 0x0d1c  WdiSystemHost - ok
19:36:57.0939 0x0d1c  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
19:36:57.0939 0x0d1c  WdNisDrv - ok
19:36:58.0002 0x0d1c  WdNisSvc - ok
19:36:58.0080 0x0d1c  [ 91B18D7A1702ED589E67C6C81052B955, 5D1DA8B86106A28E50BBCCB36527CC130D41201F5BE1D3DC5F1D6F7ECCF807BA ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:36:58.0096 0x0d1c  WebClient - ok
19:36:58.0174 0x0d1c  [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
19:36:58.0205 0x0d1c  Wecsvc - ok
19:36:58.0236 0x0d1c  [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
19:36:58.0252 0x0d1c  WEPHOSTSVC - ok
19:36:58.0314 0x0d1c  [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
19:36:58.0330 0x0d1c  wercplsupport - ok
19:36:58.0393 0x0d1c  [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
19:36:58.0408 0x0d1c  WerSvc - ok
19:36:58.0455 0x0d1c  [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
19:36:58.0471 0x0d1c  WFPLWFS - ok
19:36:58.0518 0x0d1c  [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
19:36:58.0533 0x0d1c  WiaRpc - ok
19:36:58.0611 0x0d1c  [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
19:36:58.0611 0x0d1c  WIMMount - ok
19:36:58.0627 0x0d1c  WinDefend - ok
19:36:58.0767 0x0d1c  [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
19:36:58.0846 0x0d1c  WinHttpAutoProxySvc - ok
19:36:59.0002 0x0d1c  [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:36:59.0017 0x0d1c  Winmgmt - ok
19:36:59.0299 0x0d1c  [ 9CE162EB9057CF079736F4DD00FC0D6C, 412C34557866D2A3B3CDAFA5A03B87C01AACF75E349802E511098B20137028D9 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
19:36:59.0502 0x0d1c  WinRM - ok
19:36:59.0627 0x0d1c  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\WINDOWS\system32\DRIVERS\WinUsb.sys
19:36:59.0627 0x0d1c  WinUsb - ok
19:36:59.0689 0x0d1c  [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] WirelessButtonDriver C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys
19:36:59.0689 0x0d1c  WirelessButtonDriver - ok
19:36:59.0877 0x0d1c  [ 3F5EF31C6AA204B099EE76497DF80A26, CBE648A4E7E1D98A3D8C72582C1CB3C2FD2329EAA24EE4DCAD271AAA6F4D82CE ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
19:37:00.0002 0x0d1c  WlanSvc - ok
19:37:00.0205 0x0d1c  [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
19:37:00.0330 0x0d1c  wlidsvc - ok
19:37:00.0393 0x0d1c  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
19:37:00.0393 0x0d1c  WmiAcpi - ok
19:37:00.0471 0x0d1c  [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
19:37:00.0486 0x0d1c  wmiApSrv - ok
19:37:00.0518 0x0d1c  WMPNetworkSvc - ok
19:37:00.0564 0x0d1c  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
19:37:00.0580 0x0d1c  Wof - ok
19:37:00.0783 0x0d1c  [ 61BF52E9FFAB27A0B6D621BE26088373, 81291D52C381360E69D51E7DEB05CFAC651A7E9EF781CA23062C0583D0C94708 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
19:37:00.0908 0x0d1c  workfolderssvc - ok
19:37:00.0971 0x0d1c  [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
19:37:00.0971 0x0d1c  wpcfltr - ok
19:37:01.0018 0x0d1c  [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
19:37:01.0033 0x0d1c  WPCSvc - ok
19:37:01.0096 0x0d1c  [ 618A19EB31ECA7B7F2AA0207BAF598A5, CB18CF9B781EAB3D775F8201F294A7135E058D6C963D2CC759DCA14D95EED538 ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
19:37:01.0111 0x0d1c  WPDBusEnum - ok
19:37:01.0174 0x0d1c  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
19:37:01.0174 0x0d1c  WpdUpFltr - ok
19:37:01.0221 0x0d1c  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
19:37:01.0221 0x0d1c  ws2ifsl - ok
19:37:01.0283 0x0d1c  [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
19:37:01.0299 0x0d1c  wscsvc - ok
19:37:01.0330 0x0d1c  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
19:37:01.0330 0x0d1c  WSDPrintDevice - ok
19:37:01.0361 0x0d1c  WSearch - ok
19:37:01.0721 0x0d1c  [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService       C:\WINDOWS\System32\WSService.dll
19:37:01.0986 0x0d1c  WSService - ok
19:37:02.0361 0x0d1c  [ DCD090318EC800CF6275C6835900B0C6, 9E72762EEE46CC0606B909850E6D22E9C8E5C88E82F7C974B2B7C1E5160BEBA7 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
19:37:02.0643 0x0d1c  wuauserv - ok
19:37:02.0721 0x0d1c  [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
19:37:02.0736 0x0d1c  WudfPf - ok
19:37:02.0783 0x0d1c  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
19:37:02.0799 0x0d1c  WUDFRd - ok
19:37:02.0846 0x0d1c  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP    C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
19:37:02.0861 0x0d1c  WUDFSensorLP - ok
19:37:02.0908 0x0d1c  [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
19:37:02.0924 0x0d1c  wudfsvc - ok
19:37:02.0955 0x0d1c  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
19:37:02.0986 0x0d1c  WUDFWpdFs - ok
19:37:03.0017 0x0d1c  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
19:37:03.0033 0x0d1c  WUDFWpdMtp - ok
19:37:03.0127 0x0d1c  [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
19:37:03.0174 0x0d1c  WwanSvc - ok
19:37:03.0189 0x0d1c  X5XSEx_Pr143 - ok
19:37:03.0252 0x0d1c  [ A0F661902AFCAAD77CC2ED3894927A10, 0DCD860F7F4029EBFE1F409BA23CC8BAA55BC22084C81940FF170B665E4804BD ] xusb22          C:\WINDOWS\System32\drivers\xusb22.sys
19:37:03.0267 0x0d1c  xusb22 - ok
19:37:03.0314 0x0d1c  ================ Scan global ===============================
19:37:03.0393 0x0d1c  [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\WINDOWS\system32\basesrv.dll
19:37:03.0471 0x0d1c  [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\WINDOWS\system32\winsrv.dll
19:37:03.0549 0x0d1c  [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\WINDOWS\system32\sxssrv.dll
19:37:03.0642 0x0d1c  [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\WINDOWS\system32\services.exe
19:37:03.0674 0x0d1c  [ Global ] - ok
19:37:03.0674 0x0d1c  ================ Scan MBR ==================================
19:37:03.0689 0x0d1c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
19:37:03.0814 0x0d1c  \Device\Harddisk0\DR0 - ok
19:37:03.0814 0x0d1c  ================ Scan VBR ==================================
19:37:03.0830 0x0d1c  [ 0A8596BBE8B035FA0E26D94C5E3C8267 ] \Device\Harddisk0\DR0\Partition1
19:37:03.0846 0x0d1c  \Device\Harddisk0\DR0\Partition1 - ok
19:37:03.0877 0x0d1c  [ 6854A37AEB976C1F7A6526DF00630524 ] \Device\Harddisk0\DR0\Partition2
19:37:03.0893 0x0d1c  \Device\Harddisk0\DR0\Partition2 - ok
19:37:03.0924 0x0d1c  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
19:37:03.0924 0x0d1c  \Device\Harddisk0\DR0\Partition3 - ok
19:37:03.0939 0x0d1c  [ 09F653369466D372526EF7E3D0A70BA6 ] \Device\Harddisk0\DR0\Partition4
19:37:03.0939 0x0d1c  \Device\Harddisk0\DR0\Partition4 - ok
19:37:03.0986 0x0d1c  [ 33B4684BDD617CD65B538A8A1A9B20DD ] \Device\Harddisk0\DR0\Partition5
19:37:04.0002 0x0d1c  \Device\Harddisk0\DR0\Partition5 - ok
19:37:04.0033 0x0d1c  [ C3D51B54A0D38B47C844F97349DC4CA6 ] \Device\Harddisk0\DR0\Partition6
19:37:04.0049 0x0d1c  \Device\Harddisk0\DR0\Partition6 - ok
19:37:04.0049 0x0d1c  ================ Scan generic autorun ======================
19:37:04.0736 0x0d1c  [ AF04B6DDF123991C625472494BC1221C, D02BEC96FF466187130B5868DCB70E56CEE25101A8889A1AEF3CFE60ECBE6DC6 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
19:37:05.0221 0x0d1c  RTHDVCPL - ok
19:37:05.0252 0x0d1c  SynTPEnh - ok
19:37:05.0377 0x0d1c  [ 28CC78243A2EF270473BD479D63286CF, 905BB2FA35E6180DB98111653D3E288E0DFD8653193B01177EFF2290F20F4C0F ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
19:37:05.0439 0x0d1c  StartCCC - ok
19:37:05.0580 0x0d1c  [ D35AC3FFDBF9FAB743024FC88AA90056, FCF39545D3F9C21E444C5A9E02B33B809E5545F6886123D034C6AF35AD11C1EB ] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
19:37:05.0611 0x0d1c  CLVirtualDrive - ok
19:37:05.0674 0x0d1c  [ A2221900B57AEC20577996744FA4A56A, AFEF9176DBA86CDB16A7E84AD0DF6433D4F5865948774FB6B619CBEBEC004592 ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
19:37:05.0689 0x0d1c  RemoteControl10 - ok
19:37:05.0783 0x0d1c  [ 6198A9BC15ED77F318D5DDD1918CF1D1, 6C7E619BB053F09021F5867E3A70A3A2890E2318CF1A5CE294A5F894CB3A4890 ] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
19:37:05.0830 0x0d1c  HP Quick Launch - ok
19:37:05.0908 0x0d1c  [ 37195C4ADED891DD880193A8A9B33628, 55E86B74582F2E67F2E0441502347E7D115129E7639B179F36576E8263027641 ] C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
19:37:05.0924 0x0d1c  SunJavaUpdateSched - ok
19:37:06.0096 0x0d1c  [ BD8CF1A88019ACB735D0F958E0711912, AF0FF66B53D13421BFBF12D2FAC36682A12B9CBF5A9747C40AB8A51A0B041CBA ] C:\Users\thomas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
19:37:06.0127 0x0d1c  SkyDrive - ok
19:37:06.0127 0x0d1c  Exetender - ok
19:37:06.0142 0x0d1c  SpeedUpMyPC - ok
19:37:06.0736 0x0d1c  [ EFDF8DB140D71AE9E5C88A75F03B7EA9, C15872BD0D16576EA6A6CCC93BD24C00BA3794A42A5CCB1C59F9C769BBB2B70B ] C:\Program Files (x86)\Free Download Manager\fdm.exe
19:37:07.0299 0x0d1c  Free Download Manager - ok
19:37:07.0314 0x0d1c  Optimizer Pro - ok
19:37:07.0408 0x0d1c  [ 2A3FB4C98F139038E23330D2439DB8A4, DE9253AD362B03FA5D3D4912662398E5C4AC76F7274B83E51C251A6921A5B838 ] C:\Users\thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe
19:37:07.0424 0x0d1c  Facebook Update - ok
19:37:07.0439 0x0d1c  Steam - ok
19:37:07.0861 0x0d1c  [ 2457344535A189B6950D339FE011650B, 3D5B3C5550B5D3E2F09E1848274E0807834730721699D1C8F4539AB6024E0ED8 ] C:\Program Files (x86)\Origin\Origin.exe
19:37:08.0142 0x0d1c  EADM - ok
19:37:08.0283 0x0d1c  [ D5543E09953C8A8B12801A3A7AFEE155, A22BFD6C709EDC4811C5E0BDAD7ABD89E56E1C4D5BECADA4A997E878C0CE3249 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
19:37:08.0283 0x0d1c  iCloudServices - ok
19:37:08.0439 0x0d1c  [ 2A3FB4C98F139038E23330D2439DB8A4, DE9253AD362B03FA5D3D4912662398E5C4AC76F7274B83E51C251A6921A5B838 ] C:\Users\Guest\AppData\Local\Facebook\Update\FacebookUpdate.exe
19:37:08.0455 0x0d1c  Facebook Update - ok
19:37:08.0455 0x0d1c  Waiting for KSN requests completion. In queue: 113
19:37:09.0471 0x0d1c  Waiting for KSN requests completion. In queue: 113
19:37:10.0486 0x0d1c  Waiting for KSN requests completion. In queue: 113
19:37:11.0580 0x0d1c  AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\wmiav.exe ( 13.0.1.4190 ), 0x44010 ( disabled : outofdate )
19:37:11.0611 0x0d1c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x61100 ( enabled : updated )
19:37:11.0627 0x0d1c  FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\wmifw.exe ( 13.0.1.4190 ), 0x40010 ( disabled )
19:37:11.0643 0x0d1c  Win FW state via NFP2: enabled
19:37:14.0393 0x0d1c  ============================================================
19:37:14.0393 0x0d1c  Scan finished
19:37:14.0393 0x0d1c  ============================================================
19:37:14.0424 0x0620  Detected object count: 0
19:37:14.0424 0x0620  Actual detected object count: 0
 
 
RogueKiller V10.5.5.0 [Mar 16 2015] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : new [Administrator]
Started from : C:\Users\new\Downloads\RogueKiller.exe
Mode : Scan -- Date : 03/18/2015  19:29:22
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 16 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49243;https=127.0.0.1:49243  -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49243;https=127.0.0.1:49243  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49243;https=127.0.0.1:49243  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49243;https=127.0.0.1:49243  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{82429A10-0E52-42B3-A109-A4B2069E89E4} | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{82429A10-0E52-42B3-A109-A4B2069E89E4} | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 4 ¤¤¤
[Suspicious.Path] JYLS.job -- C:\Users\new\AppData\Roaming\JYLS.exe (/infocmdline=hmVUDCKQ0FLIITxc7XgzUQFKJQfwE9HDSI5efSe8/a/UeFblV6+3OPj7dh1l4mPAzLpMT0gWI7wgaZxXYFqOHZv6Zz89UL2vxHU4zEusMFWihKcbO2ZH8gCjM7eniyTTVlgeaIVOajM41o43630T5+Xr5gbAa18E1aQo+isr+IQWihDM5YwbCnGsCLyeH2/NE4JNhYteGukkbWgjapiN8oqEl3rTgLzmYxUxCFgL9Vyq2jjV1opJjOn+9BfxFOswoAy9aItUrpcKYU3yyrRFt388oor9Ka9kSD92b7L3cUf1hrdfF+R/94tr8WgxboPlp3G7uLwRiNeVGyyP438iDq7h+aLlDnemnVNWv3mVcu7VekdWYhBdWVZmSNOZ/VPugG/m5yZuKypbZd79GdgVjCVncp4d9pbeFIcnfISJvtCiCQ/t2tQjoI9jjVExE1l+o7/I3DbAtUPrRbT4LpzRq23W7uhy21K0sgDdhffy045a8xN4QJ5goVdg6myGdQT3) -> Found
[Suspicious.Path] \\HWRSGVIQ -- "C:\ProgramData\383e68074e2b4b0590fa738a6c625340\383e68074e2b4b0590fa738a6c625340.exe" -> Found
[Suspicious.Path] \\Installer_shopperpro -- C:\Users\new\AppData\Local\Installer\Installshopperpro_23424\DCytdkiegutl_gutlk_setup.exe (/S /SCHEDULE /MAG=GUTLK /pn=shopperpro /pixGuid=bdbd675b-a868-4835-a6df-719418e0f45a /sub=338 /Reason=Network) -> Found
[Suspicious.Path] \\JYLS -- C:\Users\new\AppData\Roaming\JYLS.exe (/infocmdline=hmVUDCKQ0FLIITxc7XgzUQFKJQfwE9HDSI5efSe8/a/UeFblV6+3OPj7dh1l4mPAzLpMT0gWI7wgaZxXYFqOHZv6Zz89UL2vxHU4zEusMFWihKcbO2ZH8gCjM7eniyTTVlgeaIVOajM41o43630T5+Xr5gbAa18E1aQo+isr+IQWihDM5YwbCnGsCLyeH2/NE4JNhYteGukkbWgjapiN8oqEl3rTgLzmYxUxCFgL9Vyq2jjV1opJjOn+9BfxFOswoAy9aItUrpcKYU3yyrRFt388oor9Ka9kSD92b7L3cUf1hrdfF+R/94tr8WgxboPlp3G7uLwRiNeVGyyP438iDq7h+aLlDnemnVNWv3mVcu7VekdWYhBdWVZmSNOZ/VPugG/m5yZuKypbZd79GdgVjCVncp4d9pbeFIcnfISJvtCiCQ/t2tQjoI9jjVExE1l+o7/I3DbAtUPrRbT4LpzRq23W7uhy21K0sgDdhffy045a8xN4QJ5goVdg6myGdQT3) -> Found
 
¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] IMVU.lnk -- C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [[email protected]] C:\Users\new\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe "--startup" -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 1 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Addr(Hook.IEAT)] (chrome.exe @ RPCRT4.dll) ntdll.dll - NtAlpcConnectPortEx : C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\prremote.dll @ 0x6abf0090
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050A7E380 SATA Disk Device +++++
--- User ---
[MBR] 9c85436432c089225eb6292c93990f5b
[BSP] 54afa302244040ed8fedf8e45708f05d : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 453062 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 929486848 | Size: 450 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 930408448 | Size: 22639 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
 
 
 
 

  • 0

#6
pepsiprincess

pepsiprincess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

I am slammed with popups again and, randomly the computer installed any protect and optimizer proarrow-10x10.png while I was sleeping.I could not use chrome so I hit ctrl alt delte and those two programs were listed along with anse875b and nsa2as.tmp


  • 0

#7
pepsiprincess

pepsiprincess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Sorry to add another post. Seems the computer has also installed several other things.

Anthems
consumer input
domain name Andersons
down space
lights camera 1.4 beta v18.03
Maximise scanning software
quick ref 1.10.0.9
S martweb

I was woke up by commercial and music because I left it running
  • 0

#8
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

Please uninstall the following programs:

Ask Toolbar
Free Ride Games Player
Java 7 Update 17
Kaspersky Internet Security
McAfee Security Scan Plus
Plus-HD-2.2
RegClean-Pro
Remote Desktop Access
Uniblue SpeedUpMyPC



===================================================

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

  • close all programs
  • double-click RogueKiller.exe - Windows 7: right-click the program and select Run as Administrator'
  • after it has completed it's prescan, click on Scan
  • click on the click on the “Registry” tab
  • make sure the following entries there are checked:


    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49243;https=127.0.0.1:49243  -> Found
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49243;https=127.0.0.1:49243  -> Found
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49243;https=127.0.0.1:49243  -> Found
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49243;https=127.0.0.1:49243  -> Found
     

  • click on the click on the “Tasks” tab and place a checkmark next to these:


    [Suspicious.Path] JYLS.job -- C:\Users\new\AppData\Roaming\JYLS.exe (/infocmdline=hmVUDCKQ0FLIITxc7XgzUQFKJQfwE9HDSI5efSe8/a/UeFblV6+3OPj7dh1l4mPAzLpMT0gWI7wgaZxXYFqOHZv6Zz89UL2vxHU4zEusMFWihKcbO2ZH8gCjM7eniyTTVlgeaIVOajM41o43630T5+Xr5gbAa18E1aQo+isr+IQWihDM5YwbCnGsCLyeH2/NE4JNhYteGukkbWgjapiN8oqEl3rTgLzmYxUxCFgL9Vyq2jjV1opJjOn+9BfxFOswoAy9aItUrpcKYU3yyrRFt388oor9Ka9kSD92b7L3cUf1hrdfF+R/94tr8WgxboPlp3G7uLwRiNeVGyyP438iDq7h+aLlDnemnVNWv3mVcu7VekdWYhBdWVZmSNOZ/VPugG/m5yZuKypbZd79GdgVjCVncp4d9pbeFIcnfISJvtCiCQ/t2tQjoI9jjVExE1l+o7/I3DbAtUPrRbT4LpzRq23W7uhy21K0sgDdhffy045a8xN4QJ5goVdg6myGdQT3) -> Found
    [Suspicious.Path] \\HWRSGVIQ -- "C:\ProgramData\383e68074e2b4b0590fa738a6c625340\383e68074e2b4b0590fa738a6c625340.exe" -> Found
    [Suspicious.Path] \\Installer_shopperpro -- C:\Users\new\AppData\Local\Installer\Installshopperpro_23424\DCytdkiegutl_gutlk_setup.exe (/S /SCHEDULE /MAG=GUTLK /pn=shopperpro /pixGuid=bdbd675b-a868-4835-a6df-719418e0f45a /sub=338 /Reason=Network) -> Found
    [Suspicious.Path] \\JYLS -- C:\Users\new\AppData\Roaming\JYLS.exe (/infocmdline=hmVUDCKQ0FLIITxc7XgzUQFKJQfwE9HDSI5efSe8/a/UeFblV6+3OPj7dh1l4mPAzLpMT0gWI7wgaZxXYFqOHZv6Zz89UL2vxHU4zEusMFWihKcbO2ZH8gCjM7eniyTTVlgeaIVOajM41o43630T5+Xr5gbAa18E1aQo+isr+IQWihDM5YwbCnGsCLyeH2/NE4JNhYteGukkbWgjapiN8oqEl3rTgLzmYxUxCFgL9Vyq2jjV1opJjOn+9BfxFOswoAy9aItUrpcKYU3yyrRFt388oor9Ka9kSD92b7L3cUf1hrdfF+R/94tr8WgxboPlp3G7uLwRiNeVGyyP438iDq7h+aLlDnemnVNWv3mVcu7VekdWYhBdWVZmSNOZ/VPugG/m5yZuKypbZd79GdgVjCVncp4d9pbeFIcnfISJvtCiCQ/t2tQjoI9jjVExE1l+o7/I3DbAtUPrRbT4LpzRq23W7uhy21K0sgDdhffy045a8xN4QJ5goVdg6myGdQT3) -> Found
     

  • on the click on the “Files” tab make sure the following entry is checked:


    [Suspicious.Path][File] IMVU.lnk -- C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [[email protected]] C:\Users\new\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe "--startup" -> Found
     

  • then press the Delete button and post the log it produces.

Can you tell me if there is any change

Satchfan

 


  • 0

#9
pepsiprincess

pepsiprincess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Here is the log you requested. Kapersky requires a password to uninstall. Some of them gave me an error when I tried to uninstall, missing a file.

 

Thanks again for your help. It is appreciated.

 

 

RogueKiller V10.5.5.0 [Mar 16 2015] by Adlice Software

 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : new [Administrator]
Started from : C:\Users\new\Desktop\RogueKiller.exe
Mode : Scan -- Date : 03/19/2015  09:01:50
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 22 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0} (C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\cpturlpassthru.dll) -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} (C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} (C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll) -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} (C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll) -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-2577598248-3465682323-2258817992-1003\Software\Microsoft\Windows\CurrentVersion\Run | Optimizer Pro : C:\Program Files (x86)\Optimizer Pro 3.64\OptProLauncher.exe  -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-2577598248-3465682323-2258817992-1003\Software\Microsoft\Windows\CurrentVersion\Run | Optimizer Pro : C:\Program Files (x86)\Optimizer Pro 3.64\OptProLauncher.exe  -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdate (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdatem (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lewibyni (C:\Users\new\AppData\Local\896928E7-1426724316-4728-A45B-B04C1DDAF6C0\cnsfA103.tmp) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mojeweju (C:\Users\new\AppData\Local\896928E7-1426725324-4728-A45B-B04C1DDAF6C0\insoB5B.tmp) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdate (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdatem (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lewibyni (C:\Users\new\AppData\Local\896928E7-1426724316-4728-A45B-B04C1DDAF6C0\cnsfA103.tmp) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mojeweju (C:\Users\new\AppData\Local\896928E7-1426725324-4728-A45B-B04C1DDAF6C0\insoB5B.tmp) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{82429A10-0E52-42B3-A109-A4B2069E89E4} | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{82429A10-0E52-42B3-A109-A4B2069E89E4} | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 4 (Driver: Not loaded [0x20]) ¤¤¤
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome.dll) KERNEL32.DLL - WriteFile : C:\Program Files (x86)\Lights Cinema 1.4betaV18.03\59a03ebc-97e4-40ff-a344-331b65c0ab8f.dll @ 0x6bda9d30
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome.dll) KERNEL32.DLL - CloseHandle : C:\Program Files (x86)\Lights Cinema 1.4betaV18.03\59a03ebc-97e4-40ff-a344-331b65c0ab8f.dll @ 0x6bda9c50
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome.dll) KERNEL32.DLL - ReadFile : C:\Program Files (x86)\Lights Cinema 1.4betaV18.03\59a03ebc-97e4-40ff-a344-331b65c0ab8f.dll @ 0x6bda9e50
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome.dll) KERNEL32.DLL - GetQueuedCompletionStatus : C:\Program Files (x86)\Lights Cinema 1.4betaV18.03\59a03ebc-97e4-40ff-a344-331b65c0ab8f.dll @ 0x6bda9f40
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050A7E380 SATA Disk Device +++++
--- User ---
[MBR] 9c85436432c089225eb6292c93990f5b
[BSP] 54afa302244040ed8fedf8e45708f05d : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 453062 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 929486848 | Size: 450 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 930408448 | Size: 22639 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_DEL_03192015_083528.log - RKreport_SCN_03182015_192922.log - RKreport_SCN_03192015_081204.log

  • 0

#10
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

To remove Kaspersky, see this.

 

Download TFC to your desktop

  • close any open windows
  • double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run
  • click the Start button to begin the process
  • allow TFC to run uninterrupted
  • the program should not take long to finish it's job
  • once its finished it should automatically reboot your machine
  • if it doesn't, manually reboot to ensure a complete clean.

====================================================

Please download SystemLook from one of the links below and save it to your Desktop.

SystemLook (32-bit)
SystemLook (64-bit)

  • double-click SystemLook.exe to run it
  • copy the content of the following codebox into the main textfield - please make sure you include the colon, (:), at the beginning:
    :filefind
    *Lights Cinema*
    *Crossrider*
    
    :folderfind
    *Lights Cinema*
    *Crossrider*
    
    :Regfind
    Lights Cinema
    Crossrider
    
  • click the Look button to start the scan
  • when finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Please also run RogueKiller again and send the new log.

Satchfan

 


  • 0

Advertisements


#11
pepsiprincess

pepsiprincess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Here are the logs you requested. Sorry for the delay I work during the day. Thanks again for your help.

 

RogueKiller V10.5.5.0 [Mar 16 2015] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : new [Administrator]
Started from : C:\Users\new\Desktop\RogueKiller.exe
Mode : Scan -- Date : 03/19/2015  19:53:29
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 16 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49243;https=127.0.0.1:49243  -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49243;https=127.0.0.1:49243  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49243;https=127.0.0.1:49243  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49243;https=127.0.0.1:49243  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{82429A10-0E52-42B3-A109-A4B2069E89E4} | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{82429A10-0E52-42B3-A109-A4B2069E89E4} | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050A7E380 SATA Disk Device +++++
--- User ---
[MBR] 9c85436432c089225eb6292c93990f5b
[BSP] 54afa302244040ed8fedf8e45708f05d : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 453062 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 929486848 | Size: 450 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 930408448 | Size: 22639 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_DEL_03192015_083528.log - RKreport_SCN_03182015_192922.log - RKreport_SCN_03192015_081204.log - RKreport_SCN_03192015_090150.log
 
SystemLook 04.09.10 by jpshortstuff
Log created at 19:21 on 19/03/2015 by new
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*Lights Cinema*"
No files found.
 
Searching for "*Crossrider*"
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.31_0\crossriderManifest.json --a---- 710 bytes [01:56 04/08/2014] [01:56 04/08/2014] 95EA09A6E27A200C202C8BB5C003B097
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.31_0\js\lib\crossriderAPI.js --a---- 11136 bytes [01:56 04/08/2014] [01:56 04/08/2014] 52A9B60F6516F4D5D0C9191861B025FC
C:\Users\thomas\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.31_0\crossriderManifest.json --a---- 710 bytes [18:19 26/07/2014] [18:19 26/07/2014] 95EA09A6E27A200C202C8BB5C003B097
C:\Users\thomas\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.31_0\js\lib\crossriderAPI.js --a---- 11136 bytes [18:19 26/07/2014] [18:19 26/07/2014] 52A9B60F6516F4D5D0C9191861B025FC
 
========== folderfind ==========
 
Searching for "*Lights Cinema*"
No folders found.
 
Searching for "*Crossrider*"
No folders found.
 
========== Regfind ==========
 
Searching for "Lights Cinema"
[HKEY_CURRENT_USER\Software\Lights Cinema 1.4betaV18.03-nv-ie]
[HKEY_USERS\.DEFAULT\Software\Lights Cinema 1.4betaV18.03-nv]
[HKEY_USERS\.DEFAULT\Software\Lights Cinema 1.4betaV18.03-nv-ie]
[HKEY_USERS\S-1-5-21-2577598248-3465682323-2258817992-1003\Software\Lights Cinema 1.4betaV18.03-nv-ie]
[HKEY_USERS\S-1-5-18\Software\Lights Cinema 1.4betaV18.03-nv]
[HKEY_USERS\S-1-5-18\Software\Lights Cinema 1.4betaV18.03-nv-ie]
 
Searching for "Crossrider"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AppDataLow\Software\Crossrider]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_]
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_]
[HKEY_USERS\S-1-5-21-2577598248-3465682323-2258817992-1003\Software\AppDataLow\Software\Crossrider]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_]
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_]
 
-= EOF =-

 


  • 0

#12
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

  • close all programs
  • double-click RogueKiller.exe - Windows 7: right-click the program and select Run as Administrator'
  • after it has completed it's prescan, click on Scan
  • click on the click on the “Registry” tab
  • make sure the following entries there are checked:


    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49243;https=127.0.0.1:49243  -> Found
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49243;https=127.0.0.1:49243  -> Found
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49243;https=127.0.0.1:49243  -> Found
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49243;https=127.0.0.1:49243  -> Found
     

  • then press the Delete button and post the log it produces.

===================================================

Please run AdwCleaner and FRST again, (in that order please), and send the new logs.

Logs to include with next post:

New Rogue Killer log
New AdwCleaner log
New FRST.txt


Thanks

Satchfan

 


  • 0

#13
pepsiprincess

pepsiprincess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thanks again for your help, here are the logs you requested. When I ran rogue killer and deleted the entries you asked it said..
 
Replaced on the first 4, deleted on the 5th, and error 2 on the last 3. Is that normal?
 
RogueKiller V10.5.5.0 [Mar 16 2015] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : new [Administrator]
Started from : C:\Users\new\Desktop\RogueKiller.exe
Mode : Delete -- Date : 03/20/2015  18:30:41
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 16 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49243;https=127.0.0.1:49243  -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49243;https=127.0.0.1:49243  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49243;https=127.0.0.1:49243  -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49243;https=127.0.0.1:49243  -> ERROR [2]
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{82429A10-0E52-42B3-A109-A4B2069E89E4} | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{82429A10-0E52-42B3-A109-A4B2069E89E4} | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)]  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050A7E380 SATA Disk Device +++++
--- User ---
[MBR] 9c85436432c089225eb6292c93990f5b
[BSP] 54afa302244040ed8fedf8e45708f05d : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 453062 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 929486848 | Size: 450 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 930408448 | Size: 22639 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_DEL_03192015_083528.log - RKreport_SCN_03182015_192922.log - RKreport_SCN_03192015_081204.log - RKreport_SCN_03192015_090150.log
RKreport_SCN_03192015_195329.log - RKreport_SCN_03202015_181131.log
 
 
 
 
 
 
# AdwCleaner v4.112 - Logfile created 20/03/2015 at 18:34:37
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : new - WINDOWS
# Running from : C:\Users\new\Desktop\adwcleaner_4.112.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : qrnfd_1_10_0_9
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
File Found : C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
File Found : C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Found : C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Found : C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
File Found : C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\ProgramData\18d7677000003b57
Folder Found : C:\Users\new\AppData\Local\globalUpdate
Folder Found : C:\Users\new\AppData\Local\SmartWeb
Folder Found : C:\Users\new\AppData\Roaming\AnyProtectEx
 
***** [ Scheduled tasks ] *****
 
Task Found : APSnotifierPP1
Task Found : APSnotifierPP2
Task Found : APSnotifierPP3
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\GAMESDESKTOP
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\QuickRef_1.10.0.9
Key Found : HKLM\SOFTWARE\Tutorials
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v41.0.2272.89
 
*************************
 
AdwCleaner[R0].txt - [35104 bytes] - [18/03/2015 07:42:42]
AdwCleaner[R1].txt - [2669 bytes] - [20/03/2015 18:34:37]
AdwCleaner[S0].txt - [34393 bytes] - [18/03/2015 07:55:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2788 bytes] ##########
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by new at 2015-03-20 18:51:42
Running from C:\Users\new\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{039B859F-360B-58D8-F86F-C277BA6ED7D8}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Call of Duty Game of the Year Edition (HKLM-x32\...\Call of Duty Game of the Year Edition) (Version:  - )
Chainz 2 Relinked (HKLM-x32\...\exent_663050) (Version:  - )
Chicken Invaders 3 (HKLM-x32\...\exent_742650) (Version:  - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free Download Manager 3.8 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.7.271 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{711EA7BB-5FF5-487F-8379-46BB5696FE40}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Lottso Deluxe (HKLM-x32\...\exent_696450) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
oPryzeLP MC360 Mod Tool (HKLM-x32\...\oPryzeLP MC360 Mod Tool) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29034 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - Atari)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Transformers Universe (HKLM\...\{EAB5ACD3-43C0-4B3E-931A-CA61520934AD}) (Version: 1.0.0.0 - Jagex Ltd)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
02-03-2015 12:14:20 Removed The Sims 3 High-End Loft Stuff
15-03-2015 23:10:38 Removed Internet Explorer Toolbar 4.7 by SweetPacks
17-03-2015 22:21:35 Removed Apple Software Update
19-03-2015 07:43:33 Removed Java 7 Update 17
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2015-03-16 21:14 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A2949BF-257F-43FE-AA3D-A228C21AB9D9} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {0EDC4CA5-8CDE-46D2-80F0-EE3E6C3A876F} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {1C02A065-2BE9-4F3A-9B26-FECE31DD4BAF} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {1E950C78-8A46-41F5-86E4-5C1956519448} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {2D1BA7BE-481C-4090-8737-C0720A23833D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-10] (Google Inc.)
Task: {4A404198-AD03-4779-8F60-C2802D5FAA4F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2577598248-3465682323-2258817992-1002Core => C:\Users\thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-07] (Facebook Inc.)
Task: {5D3EDCF2-C22D-4760-B6AA-6B5A2E891FB2} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {729E7566-E9DB-4225-BA6C-745E9B5D0409} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {79C291F6-5570-4B38-8472-AEBA23FA56C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {7C2A9F49-D93E-4AC4-8884-F00E5630C7A6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {7D19FDF5-697D-4C28-B394-55B0C56F2DA1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-16] (Microsoft Corporation)
Task: {B6A5EAD2-461D-4E3E-8902-EDB39E00343C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {BDA80B80-D203-4B46-A33C-A424203060B7} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {D90D73E0-BE41-42AD-A7B0-CD7C268055B4} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {DF087DD6-917D-411C-94D6-088B90B93354} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {E95543CB-E017-4A4B-81CE-3A9E1E19A505} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-10] (Google Inc.)
Task: {EDC4B3FB-3A28-47F5-8E4D-3F6BBD0EF550} - System32\Tasks\{BF921254-8C4D-483A-A4F7-D03232D88B12} => pcalua.exe -a C:\Users\thomas\Downloads\Minecraft-Download.exe -d C:\Users\thomas\Downloads
Task: {F7F2E4F9-1484-4171-89A8-BB4ED9D22B55} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {FEBD903C-5D74-49E9-A02D-94196285ABA1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2577598248-3465682323-2258817992-1002UA => C:\Users\thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-07] (Facebook Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2577598248-3465682323-2258817992-1002Core.job => C:\Users\thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2577598248-3465682323-2258817992-1002UA.job => C:\Users\thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2012-09-12 21:20 - 2012-09-12 21:20 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2013-01-10 13:38 - 2013-01-10 13:38 - 00124728 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2013-01-10 13:38 - 2013-01-10 13:38 - 00051512 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2013-01-10 13:38 - 2013-01-10 13:38 - 00018432 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\PowerDVD.dll
2013-05-09 08:42 - 2013-05-09 08:42 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\System.Data.SQLite.dll
2013-01-10 13:37 - 2013-01-10 13:37 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-01-26 07:19 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 15:34 - 2012-06-08 15:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-03-16 05:03 - 2015-03-07 02:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-16 05:03 - 2015-03-07 02:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-16 05:05 - 2015-03-07 02:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
2015-03-16 05:07 - 2015-03-07 02:13 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nnxwgpgc.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vqlvazsn.sys:changelist
AlternateDataStreams: C:\ProgramData\Temp:1F96ED45
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:6764D965
AlternateDataStreams: C:\Users\new\OneDrive:ms-properties
AlternateDataStreams: C:\Users\thomas\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\thomas\SkyDrive (2).old:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSPrx => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSw8 => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2577598248-3465682323-2258817992-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1 - 205.171.2.226
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "ApnUpdater"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BlockAndSurf"
HKLM\...\StartupApproved\Run32: => "BService"
HKLM\...\StartupApproved\Run32: => "BService64"
HKLM\...\StartupApproved\Run32: => "Bench Settings Cleaner"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Bench Communicator Watcher"
HKLM\...\StartupApproved\Run32: => "Wd"
HKLM\...\StartupApproved\Run32: => "ConvertAd"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2577598248-3465682323-2258817992-500 - Administrator - Disabled)
Guest (S-1-5-21-2577598248-3465682323-2258817992-501 - Limited - Disabled) => C:\Users\Guest
new (S-1-5-21-2577598248-3465682323-2258817992-1003 - Administrator - Enabled) => C:\Users\new
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/19/2015 06:14:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: qrsvc.exe, version: 1.10.0.9, time stamp: 0x54d51cc7
Faulting module name: qrsvc.exe, version: 1.10.0.9, time stamp: 0x54d51cc7
Exception code: 0xc0000409
Fault offset: 0x000250ec
Faulting process id: 0xe0
Faulting application start time: 0xqrsvc.exe0
Faulting application path: qrsvc.exe1
Faulting module path: qrsvc.exe2
Report Id: qrsvc.exe3
Faulting package full name: qrsvc.exe4
Faulting package-relative application ID: qrsvc.exe5
 
Error: (03/19/2015 06:00:48 PM) (Source: MsiInstaller) (EventID: 1013) (User: WINDOWS)
Description: Application: Kaspersky Internet Security 2013 -- Uninstallation password has not been specified or is incorrect.
 
Error: (03/19/2015 07:51:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SmartWebApp.exe, version: 8.0.9.2, time stamp: 0x54e31eaf
Faulting module name: SmartWebApp.exe, version: 8.0.9.2, time stamp: 0x54e31eaf
Exception code: 0xc000041d
Fault offset: 0x0000748a
Faulting process id: 0x19ec
Faulting application start time: 0xSmartWebApp.exe0
Faulting application path: SmartWebApp.exe1
Faulting module path: SmartWebApp.exe2
Report Id: SmartWebApp.exe3
Faulting package full name: SmartWebApp.exe4
Faulting package-relative application ID: SmartWebApp.exe5
 
Error: (03/19/2015 07:50:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SmartWebApp.exe, version: 8.0.9.2, time stamp: 0x54e31eaf
Faulting module name: SmartWebApp.exe, version: 8.0.9.2, time stamp: 0x54e31eaf
Exception code: 0xc0000005
Fault offset: 0x0000748a
Faulting process id: 0x19ec
Faulting application start time: 0xSmartWebApp.exe0
Faulting application path: SmartWebApp.exe1
Faulting module path: SmartWebApp.exe2
Report Id: SmartWebApp.exe3
Faulting package full name: SmartWebApp.exe4
Faulting package-relative application ID: SmartWebApp.exe5
 
Error: (03/19/2015 02:25:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nsf2582.tmp, version: 3.0.0.87, time stamp: 0x550a6bb8
Faulting module name: nsf2582.tmp, version: 3.0.0.87, time stamp: 0x550a6bb8
Exception code: 0xc00002b5
Fault offset: 0x00030375
Faulting process id: 0x136c
Faulting application start time: 0xnsf2582.tmp0
Faulting application path: nsf2582.tmp1
Faulting module path: nsf2582.tmp2
Report Id: nsf2582.tmp3
Faulting package full name: nsf2582.tmp4
Faulting package-relative application ID: nsf2582.tmp5
 
Error: (03/19/2015 02:25:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nsf2582.tmp, version: 3.0.0.87, time stamp: 0x550a6bb8
Faulting module name: nsf2582.tmp, version: 3.0.0.87, time stamp: 0x550a6bb8
Exception code: 0xc00001a5
Fault offset: 0x00071db8
Faulting process id: 0x136c
Faulting application start time: 0xnsf2582.tmp0
Faulting application path: nsf2582.tmp1
Faulting module path: nsf2582.tmp2
Report Id: nsf2582.tmp3
Faulting package full name: nsf2582.tmp4
Faulting package-relative application ID: nsf2582.tmp5
 
Error: (03/19/2015 02:11:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: fc8
 
Start Time: 01d0620ac184f430
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: b76cca03-cdfe-11e4-bf9c-d89d677fb433
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (03/19/2015 01:50:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nsh49C.tmp, version: 3.0.0.87, time stamp: 0x550a6395
Faulting module name: nsh49C.tmp, version: 3.0.0.87, time stamp: 0x550a6395
Exception code: 0xc00002b5
Fault offset: 0x00030375
Faulting process id: 0xafc
Faulting application start time: 0xnsh49C.tmp0
Faulting application path: nsh49C.tmp1
Faulting module path: nsh49C.tmp2
Report Id: nsh49C.tmp3
Faulting package full name: nsh49C.tmp4
Faulting package-relative application ID: nsh49C.tmp5
 
Error: (03/19/2015 01:50:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nsh49C.tmp, version: 3.0.0.87, time stamp: 0x550a6395
Faulting module name: nsh49C.tmp, version: 3.0.0.87, time stamp: 0x550a6395
Exception code: 0xc00001a5
Fault offset: 0x00071db8
Faulting process id: 0xafc
Faulting application start time: 0xnsh49C.tmp0
Faulting application path: nsh49C.tmp1
Faulting module path: nsh49C.tmp2
Report Id: nsh49C.tmp3
Faulting package full name: nsh49C.tmp4
Faulting package-relative application ID: nsh49C.tmp5
 
Error: (03/19/2015 00:40:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nsh259E.tmp, version: 3.0.0.87, time stamp: 0x550a52fa
Faulting module name: nsh259E.tmp, version: 3.0.0.87, time stamp: 0x550a52fa
Exception code: 0xc00002b5
Fault offset: 0x00030375
Faulting process id: 0x1174
Faulting application start time: 0xnsh259E.tmp0
Faulting application path: nsh259E.tmp1
Faulting module path: nsh259E.tmp2
Report Id: nsh259E.tmp3
Faulting package full name: nsh259E.tmp4
Faulting package-relative application ID: nsh259E.tmp5
 
 
System errors:
=============
Error: (03/20/2015 03:50:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Definition Update for Windows Defender - KB2267602 (Definition 1.193.3252.0).
 
Error: (03/20/2015 03:06:32 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
 
Error: (03/20/2015 03:06:19 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
 
Error: (03/19/2015 07:36:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys
 
Error: (03/19/2015 07:02:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The X5XSEx_Pr143 service failed to start due to the following error: 
%%3
 
Error: (03/19/2015 07:02:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Print Spooler service terminated with the following error: 
%%2147944140
 
Error: (03/19/2015 07:02:53 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.
 
Error: (03/19/2015 07:02:53 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.
 
Error: (03/19/2015 07:02:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 
%%31
 
Error: (03/19/2015 07:02:38 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
 
 
Microsoft Office Sessions:
=========================
Error: (03/19/2015 06:14:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: qrsvc.exe1.10.0.954d51cc7qrsvc.exe1.10.0.954d51cc7c0000409000250ece001d0620aa0a96a52C:\Program Files (x86)\QuickRef_1.10.0.9\Service\qrsvc.exeC:\Program Files (x86)\QuickRef_1.10.0.9\Service\qrsvc.exe55937f46-ce85-11e4-bf9c-d89d677fb433
 
Error: (03/19/2015 06:00:48 PM) (Source: MsiInstaller) (EventID: 1013) (User: WINDOWS)
Description: Application: Kaspersky Internet Security 2013 -- Uninstallation password has not been specified or is incorrect.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (03/19/2015 07:51:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SmartWebApp.exe8.0.9.254e31eafSmartWebApp.exe8.0.9.254e31eafc000041d0000748a19ec01d06238c581d05dC:\Users\new\AppData\Local\SmartWeb\SmartWebApp.exeC:\Users\new\AppData\Local\SmartWeb\SmartWebApp.exe3a680f74-ce2e-11e4-bf9c-d89d677fb433
 
Error: (03/19/2015 07:50:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SmartWebApp.exe8.0.9.254e31eafSmartWebApp.exe8.0.9.254e31eafc00000050000748a19ec01d06238c581d05dC:\Users\new\AppData\Local\SmartWeb\SmartWebApp.exeC:\Users\new\AppData\Local\SmartWeb\SmartWebApp.exe2d3611f5-ce2e-11e4-bf9c-d89d677fb433
 
Error: (03/19/2015 02:25:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nsf2582.tmp3.0.0.87550a6bb8nsf2582.tmp3.0.0.87550a6bb8c00002b500030375136c01d0620d75e8ce00C:\Users\new\AppData\Local\Temp\nsf2582.tmpC:\Users\new\AppData\Local\Temp\nsf2582.tmpbf8b6a70-ce00-11e4-bf9c-d89d677fb433
 
Error: (03/19/2015 02:25:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nsf2582.tmp3.0.0.87550a6bb8nsf2582.tmp3.0.0.87550a6bb8c00001a500071db8136c01d0620d75e8ce00C:\Users\new\AppData\Local\Temp\nsf2582.tmpC:\Users\new\AppData\Local\Temp\nsf2582.tmpb4540050-ce00-11e4-bf9c-d89d677fb433
 
Error: (03/19/2015 02:11:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689fc801d0620ac184f4304294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeb76cca03-cdfe-11e4-bf9c-d89d677fb433microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (03/19/2015 01:50:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nsh49C.tmp3.0.0.87550a6395nsh49C.tmp3.0.0.87550a6395c00002b500030375afc01d06208a19b55a3C:\Users\new\AppData\Local\Temp\nsh49C.tmpC:\Users\new\AppData\Local\Temp\nsh49C.tmpe4731b63-cdfb-11e4-bf9b-d89d677fb433
 
Error: (03/19/2015 01:50:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nsh49C.tmp3.0.0.87550a6395nsh49C.tmp3.0.0.87550a6395c00001a500071db8afc01d06208a19b55a3C:\Users\new\AppData\Local\Temp\nsh49C.tmpC:\Users\new\AppData\Local\Temp\nsh49C.tmpe06ac075-cdfb-11e4-bf9b-d89d677fb433
 
Error: (03/19/2015 00:40:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nsh259E.tmp3.0.0.87550a52fansh259E.tmp3.0.0.87550a52fac00002b500030375117401d061feb7c63d05C:\Users\new\AppData\Local\Temp\nsh259E.tmpC:\Users\new\AppData\Local\Temp\nsh259E.tmp0b7701c5-cdf2-11e4-bf9b-d89d677fb433
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-19 17:47:28.568
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-19 17:47:26.576
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-19 17:47:24.481
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-19 17:47:22.484
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-19 17:47:18.826
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-19 17:46:13.385
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-19 17:46:10.088
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-19 17:46:04.858
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-19 07:40:00.452
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-19 07:39:58.608
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD E2-1800 APU with Radeon™ HD Graphics
Percentage of memory in use: 52%
Total physical RAM: 3682.26 MB
Available physical RAM: 1748.29 MB
Total Pagefile: 7010.26 MB
Available Pagefile: 5109.94 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:442.44 GB) (Free:364.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:22.11 GB) (Free:2.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C2C9F703)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by new (administrator) on WINDOWS on 20-03-2015 18:45:07
Running from C:\Users\new\Desktop
Loaded Profiles: new (Available profiles: new & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [gmsd_us_335] => [X]
HKU\S-1-5-21-2577598248-3465682323-2258817992-1003\...\MountPoints2: {d537cacd-bb91-11e4-bf86-2016d8c64df9} - "F:\VZW_Software_upgrade_assistant.exe" 
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\new\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2577598248-3465682323-2258817992-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-2577598248-3465682323-2258817992-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2577598248-3465682323-2258817992-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft..../HPNOT13/1&OSP=
URLSearchHook: HKLM-x32 - (No Name) - {78fad561-2f55-4bcd-b896-786662704334} - No File
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2577598248-3465682323-2258817992-1003 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = 
SearchScopes: HKU\S-1-5-21-2577598248-3465682323-2258817992-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\BDL.dll [295808] (BD Inc.)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\BDL.dll [295808] (BD Inc.)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\BDL.dll [295808] (BD Inc.)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\BDL.dll [295808] (BD Inc.)
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\BDL.dll [295808] (BD Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\new\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-25]
CHR Extension: (YouTube) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-25]
CHR Extension: (Google Search) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-25]
CHR Extension: (No Name) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-12] (Advanced Micro Devices, Inc.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [38712 2013-01-10] (Hewlett-Packard)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-15] (Electronic Arts)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-03-31] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-22] (Advanced Micro Devices)
R2 CatWSw8; C:\WINDOWS\system32\Drivers\CatWSw864.sys [42392 2014-12-09] (Catalytix Web Services)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-19] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-20 18:45 - 2015-03-20 18:46 - 00013580 _____ () C:\Users\new\Desktop\FRST.txt
2015-03-20 18:31 - 2015-03-20 18:44 - 00007501 _____ () C:\Users\new\Desktop\New Text Document.txt
2015-03-20 02:47 - 2015-03-20 02:48 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\new\Desktop\tdsskiller.exe
2015-03-20 02:44 - 2015-03-20 02:44 - 01388672 _____ (Thisisu) C:\Users\new\Desktop\JRT.exe
2015-03-20 02:43 - 2015-03-20 02:43 - 02171392 _____ () C:\Users\new\Desktop\adwcleaner_4.112.exe
2015-03-19 19:20 - 2015-03-19 19:20 - 00096256 _____ () C:\Users\new\Desktop\SystemLook_x64.exe
2015-03-19 18:15 - 2015-03-19 18:15 - 00000000 ____D () C:\ProgramData\18d7677000003b57
2015-03-19 18:02 - 2015-03-19 18:02 - 00448512 _____ (OldTimer Tools) C:\Users\new\Desktop\TFC.exe
2015-03-19 17:48 - 2015-03-19 17:48 - 00000000 ____D () C:\Program Files (x86)\predm
2015-03-19 08:00 - 2015-03-18 19:12 - 15648856 _____ () C:\Users\new\Desktop\RogueKiller.exe
2015-03-19 02:40 - 2015-03-19 19:02 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP3.job
2015-03-19 02:40 - 2015-03-19 02:40 - 00002802 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP3
2015-03-19 02:40 - 2015-03-19 02:40 - 00002802 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP2
2015-03-19 02:35 - 2015-03-19 02:35 - 00613255 _____ (CMI Limited) C:\Users\new\AppData\Local\nsj63B8.tmp
2015-03-19 01:59 - 2015-03-20 02:40 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP2.job
2015-03-19 01:50 - 2015-03-19 19:02 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP1.job
2015-03-19 01:50 - 2015-03-19 02:39 - 00002804 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP1
2015-03-19 01:44 - 2015-03-19 01:44 - 00628688 _____ (CMI Limited) C:\Users\new\AppData\Local\nsm16EF.tmp
2015-03-19 01:44 - 2015-03-19 01:44 - 00000000 __SHD () C:\Users\new\AppData\Roaming\AnyProtectEx
2015-03-19 00:40 - 2015-03-19 07:50 - 00000000 ____D () C:\Users\new\AppData\Local\CrashDumps
2015-03-19 00:39 - 2015-03-19 02:07 - 00008688 _____ () C:\WINDOWS\SysWOW64\BasementDusterOff.ini
2015-03-19 00:39 - 2015-03-19 02:07 - 00008688 _____ () C:\WINDOWS\system32\BasementDusterOff.ini
2015-03-19 00:38 - 2015-03-16 11:21 - 00295808 _____ (BD Inc.) C:\WINDOWS\SysWOW64\BDL.dll
2015-03-19 00:37 - 2015-03-19 00:37 - 01874944 _____ (Cinema PlusV18.03) C:\Users\new\AppData\Roaming\PVYJW.exe
2015-03-19 00:36 - 2015-03-19 18:41 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-03-19 00:36 - 2015-03-19 00:45 - 00000000 _____ () C:\END
2015-03-19 00:36 - 2015-03-19 00:36 - 00000000 ____D () C:\Users\new\AppData\Local\globalUpdate
2015-03-19 00:30 - 2015-03-19 18:13 - 00000000 ____D () C:\Users\new\AppData\Local\SmartWeb
2015-03-18 19:14 - 2015-03-19 19:36 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-03-18 19:14 - 2015-03-18 19:33 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-18 07:42 - 2015-03-20 18:41 - 00000000 ____D () C:\AdwCleaner
2015-03-18 07:19 - 2015-03-18 07:19 - 00613255 _____ (CMI Limited) C:\Users\new\AppData\Local\nsmDAB2.tmp
2015-03-18 07:13 - 2015-03-18 07:13 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webTinstMKTN_01009.Wdf
2015-03-18 00:19 - 2015-03-18 00:19 - 01988096 _____ (Cinema PlusV17.03) C:\Users\new\AppData\Roaming\JYLS.exe
2015-03-18 00:11 - 2015-03-18 00:11 - 00000000 ____D () C:\ProgramData\3ac3fb296cff417d9c334970ddfa1712
2015-03-18 00:11 - 2015-03-18 00:11 - 00000000 ____D () C:\ProgramData\383e68074e2b4b0590fa738a6c625340
2015-03-17 21:27 - 2015-03-20 18:45 - 00000000 ____D () C:\FRST
2015-03-17 21:26 - 2015-03-17 21:25 - 02095616 _____ (Farbar) C:\Users\new\Desktop\FRST64.exe
2015-03-17 18:11 - 2015-03-17 23:56 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-17 18:10 - 2015-03-17 18:10 - 00001078 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-17 18:10 - 2015-03-17 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-17 18:08 - 2015-03-17 18:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-17 18:08 - 2015-03-17 18:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-17 18:08 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-17 18:08 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-17 18:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-16 03:32 - 2015-02-19 23:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-16 03:32 - 2015-02-19 22:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-16 03:32 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-16 03:32 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-16 03:32 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-16 03:32 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-16 03:32 - 2014-10-28 22:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-03-16 03:32 - 2014-10-28 22:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-03-16 03:32 - 2014-10-28 22:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-03-16 03:32 - 2014-10-28 22:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-03-16 03:32 - 2014-10-28 22:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-03-16 03:32 - 2014-10-28 22:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-03-16 03:16 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-16 02:52 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-16 02:52 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-16 02:47 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-16 02:47 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-16 02:46 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-16 02:46 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-16 02:46 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-16 02:46 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-16 02:46 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-16 02:43 - 2015-02-06 19:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-16 02:38 - 2015-03-05 22:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-16 02:38 - 2015-03-05 22:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-16 02:38 - 2015-02-25 19:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-16 02:37 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-16 02:37 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-16 02:37 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-03-16 02:37 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-03-16 02:37 - 2014-10-28 21:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-03-16 02:37 - 2014-10-28 21:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-03-16 02:37 - 2014-10-28 21:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-03-16 02:37 - 2014-10-28 21:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-03-16 02:36 - 2015-01-30 19:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-16 02:36 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-16 02:23 - 2015-02-05 21:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-16 02:22 - 2015-02-05 21:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-16 02:22 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-16 02:22 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-16 02:22 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-16 02:22 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-16 02:22 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-16 02:22 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-16 02:22 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-16 02:22 - 2014-10-28 21:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2015-03-16 02:21 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-16 02:21 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-16 02:21 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-16 02:20 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-16 02:20 - 2014-10-28 22:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2015-03-16 02:20 - 2014-10-28 22:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2015-03-16 02:20 - 2014-10-28 21:13 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-03-16 02:20 - 2014-10-28 20:55 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-03-16 02:14 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-16 02:14 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-16 02:14 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-16 02:14 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-16 02:13 - 2015-01-28 11:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-16 02:13 - 2015-01-28 11:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-16 02:13 - 2015-01-28 11:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-16 02:10 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-16 02:10 - 2015-01-28 21:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-16 02:10 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-16 02:10 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-16 02:10 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-16 02:10 - 2014-10-28 23:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-16 02:10 - 2014-10-28 22:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-16 02:10 - 2014-10-28 21:51 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-03-16 02:10 - 2014-10-28 21:20 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-03-16 02:09 - 2014-10-28 22:43 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe
2015-03-16 02:09 - 2014-10-28 22:34 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-03-16 02:09 - 2014-10-28 22:04 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll
2015-03-16 02:09 - 2014-10-28 21:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe
2015-03-16 02:09 - 2014-10-28 21:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2015-03-16 02:09 - 2014-10-28 21:45 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2015-03-16 02:09 - 2014-10-28 21:28 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2015-03-16 02:09 - 2014-10-28 21:15 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2015-03-16 02:09 - 2014-10-28 20:55 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2015-03-16 02:09 - 2014-10-28 20:44 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2015-03-16 02:09 - 2014-10-28 20:41 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2015-03-16 02:09 - 2014-10-28 20:35 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2015-03-16 02:08 - 2015-01-29 23:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-16 02:02 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-16 02:02 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-16 02:02 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-16 02:02 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-16 02:02 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-16 02:02 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-16 02:02 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-16 02:02 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-16 02:02 - 2014-10-28 21:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2015-03-16 02:02 - 2014-10-28 20:59 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll
2015-03-16 01:59 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-16 01:59 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-16 01:59 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-16 01:59 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-16 01:59 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-16 01:58 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-16 01:58 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-16 01:58 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-16 01:58 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-16 01:58 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-16 01:58 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-16 01:58 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-16 01:58 - 2015-02-19 22:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-16 01:58 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-16 01:58 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-16 01:58 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-16 01:58 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-16 01:58 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-16 01:58 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-16 01:58 - 2015-02-19 21:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-16 01:58 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-16 01:58 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-16 01:58 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-16 01:58 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-16 01:58 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-16 01:58 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-16 01:58 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-16 01:58 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-16 01:58 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-16 01:58 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-16 01:58 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-16 01:58 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-16 01:58 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-16 01:58 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-16 01:58 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-16 01:58 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-16 01:58 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-16 01:52 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-16 01:52 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-16 00:35 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-16 00:35 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-16 00:15 - 2015-03-16 00:15 - 00000004 _____ () C:\Users\new\AppData\Roaming\appdataFr2.bin
2015-03-15 23:54 - 2015-03-19 07:34 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-15 23:28 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-15 23:28 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-15 23:28 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-15 23:28 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-15 23:27 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-15 23:27 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-15 23:27 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-15 22:58 - 2015-03-16 00:10 - 00002226 _____ () C:\Users\new\Desktop\Google Chrome.lnk
2015-03-15 22:57 - 2015-03-20 18:01 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BE9A6BAC-E9F1-4025-AFA3-2D296E99610E}
2015-03-15 22:57 - 2015-03-15 22:57 - 00000000 __SHD () C:\Users\new\AppData\Local\EmieUserList
2015-03-15 22:57 - 2015-03-15 22:57 - 00000000 __SHD () C:\Users\new\AppData\Local\EmieSiteList
2015-03-15 22:57 - 2015-03-15 22:57 - 00000000 __SHD () C:\Users\new\AppData\Local\EmieBrowserModeList
2015-03-15 22:53 - 2015-03-15 22:53 - 00000000 ____D () C:\Users\new\AppData\Roaming\Origin
2015-03-15 22:53 - 2015-03-15 22:53 - 00000000 ____D () C:\Users\new\AppData\Local\Origin
2015-03-15 22:39 - 2015-03-15 22:39 - 00000000 ____D () C:\Users\new\AppData\Local\Windows Live
2015-03-09 17:30 - 2015-03-09 17:30 - 00005487 _____ () C:\Users\new\AppData\Roaming\PVYJW
2015-03-09 17:30 - 2015-03-09 17:30 - 00005487 _____ () C:\Users\new\AppData\Roaming\JYLS
2015-03-02 12:44 - 2015-03-02 12:44 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2015-03-02 12:37 - 2015-03-02 12:37 - 00000000 ____D () C:\Users\new\AppData\Roaming\WebApp
2015-03-02 12:36 - 2015-03-02 12:36 - 00000000 ____D () C:\Users\new\AppData\Roaming\CyberLink
2015-03-02 12:00 - 2015-03-02 12:00 - 00000000 ____D () C:\Users\new\AppData\Local\Apple
2015-02-25 11:26 - 2015-03-16 22:32 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-02-25 11:16 - 2015-02-25 11:16 - 00000000 ____D () C:\Users\new\AppData\Local\Big Fish
2015-02-25 11:12 - 2015-02-25 11:12 - 00000000 ___HD () C:\Users\Public\Temp
2015-02-25 11:03 - 2015-02-25 11:03 - 00000000 ____D () C:\Users\new\AppData\Roaming\Macromedia
2015-02-25 11:01 - 2015-02-25 11:01 - 00000000 ____D () C:\Users\new\AppData\Local\CrashRpt
2015-02-23 15:32 - 2015-03-15 22:38 - 00000000 ____D () C:\Users\new\AppData\Roaming\Apple Computer
2015-02-23 15:32 - 2015-02-23 15:32 - 00000000 ____D () C:\Users\new\AppData\Local\Apple Computer
2015-02-23 14:43 - 2015-03-19 19:07 - 00000000 ___DO () C:\Users\new\OneDrive
2015-02-23 14:43 - 2015-03-19 18:57 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2577598248-3465682323-2258817992-1003
2015-02-23 14:38 - 2015-02-23 14:38 - 00000000 ____D () C:\Users\new\AppData\Local\Power2Go8
2015-02-23 14:37 - 2015-02-23 14:37 - 00000000 ____D () C:\Users\new\AppData\Roaming\Synaptics
2015-02-23 14:34 - 2015-03-15 22:58 - 00001082 _____ () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-23 14:34 - 2015-03-15 22:58 - 00000000 ____D () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-23 14:34 - 2015-02-23 14:34 - 00000000 ____D () C:\Users\new\AppData\Roaming\Adobe
2015-02-23 14:34 - 2015-02-23 14:34 - 00000000 ____D () C:\Users\new\AppData\Local\VirtualStore
2015-02-23 14:34 - 2015-02-23 14:34 - 00000000 ____D () C:\Users\new\AppData\Local\Google
2015-02-23 14:33 - 2015-02-23 14:43 - 00000000 ____D () C:\Users\new\AppData\Local\Packages
2015-02-23 14:31 - 2015-02-23 14:31 - 00000020 ___SH () C:\Users\new\ntuser.ini
2015-02-23 14:31 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-02-23 14:31 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-02-23 14:29 - 2015-03-17 23:30 - 00000000 ____D () C:\Users\new
2015-02-23 14:29 - 2014-11-14 11:04 - 00000000 ___RD () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-23 14:29 - 2014-09-25 14:26 - 00000000 ___RD () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-23 14:29 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-23 14:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-18 21:55 - 2015-02-18 21:59 - 00006189 _____ () C:\Users\thomas\Desktop\META.BIN
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-20 18:41 - 2014-03-31 02:32 - 01694263 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-20 18:29 - 2014-08-27 23:11 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-20 17:58 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-20 08:14 - 2014-06-07 23:01 - 00000950 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2577598248-3465682323-2258817992-1002UA.job
2015-03-19 23:14 - 2014-06-07 23:01 - 00000928 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2577598248-3465682323-2258817992-1002Core.job
2015-03-19 19:10 - 2013-11-14 03:28 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-19 19:02 - 2013-11-14 03:20 - 01478344 _____ () C:\WINDOWS\PFRO.log
2015-03-19 19:02 - 2013-08-22 10:46 - 00374623 _____ () C:\WINDOWS\setupact.log
2015-03-19 19:02 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-19 19:01 - 2013-08-22 09:25 - 04194304 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-19 18:13 - 2013-01-26 06:53 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2015-03-19 18:05 - 2013-03-26 23:01 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-19 18:05 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-03-19 18:00 - 2014-07-24 20:11 - 00000000 ____D () C:\Users\Administrator
2015-03-19 18:00 - 2012-07-26 01:37 - 00000000 ____D () C:\Users\Default.migrated
2015-03-19 02:46 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-18 07:59 - 2015-01-06 14:47 - 00000000 ____D () C:\ProgramData\onZoUFFII
2015-03-18 07:50 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-18 07:32 - 2013-12-09 21:26 - 00000000 ____D () C:\ProgramData\UpdateServer
2015-03-18 07:29 - 2013-07-31 01:04 - 00000000 ____D () C:\Users\thomas\AppData\Local\CRE
2015-03-18 03:39 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-17 22:34 - 2013-05-15 20:56 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-16 22:00 - 2013-08-22 10:44 - 00337808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-16 21:55 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-16 21:55 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-16 21:55 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-16 21:55 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-16 21:55 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-16 21:55 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-16 21:55 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-16 21:54 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-16 21:14 - 2014-07-21 17:37 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-03-16 19:24 - 2013-08-27 14:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-16 18:58 - 2013-03-21 01:30 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-16 00:06 - 2014-03-31 01:55 - 00000000 ____D () C:\Users\Guest
2015-03-16 00:01 - 2014-08-27 11:18 - 00000000 ____D () C:\Program Files (x90)
2015-03-15 23:41 - 2012-10-19 22:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-15 23:41 - 2012-10-19 22:46 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-03-15 22:53 - 2014-11-10 20:14 - 00000000 ____D () C:\ProgramData\Origin
2015-03-15 22:52 - 2014-11-10 20:14 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-04 17:24 - 2014-12-11 07:47 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-04 17:24 - 2014-12-11 07:47 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-03 09:17 - 2014-06-12 15:44 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-02 13:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-02 12:16 - 2012-10-19 22:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-02 12:13 - 2012-10-19 22:48 - 00000000 ____D () C:\Program Files (x86)\HP Games
2015-03-02 12:11 - 2012-10-19 22:46 - 00000000 ____D () C:\ProgramData\WildTangent
2015-03-02 12:09 - 2014-11-10 20:20 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-02-25 12:53 - 2014-06-23 20:19 - 00000000 ____D () C:\ProgramData\Big Fish
2015-02-25 12:53 - 2014-06-23 19:56 - 00000000 ____D () C:\BigFishCache
2015-02-25 11:17 - 2013-01-26 07:07 - 00000000 ____D () C:\ProgramData\Temp
2015-02-23 14:33 - 2014-03-31 01:55 - 00000000 ____D () C:\Users\thomas
2015-02-22 23:03 - 2013-03-15 20:27 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2577598248-3465682323-2258817992-1002
2015-02-21 11:30 - 2014-04-16 08:33 - 00000000 __RDO () C:\Users\thomas\SkyDrive
2015-02-18 21:53 - 2014-07-21 19:42 - 00000115 _____ () C:\Users\thomas\AppData\Roaming\WB.CFG
 
==================== Files in the root of some directories =======
 
2015-03-16 00:15 - 2015-03-16 00:15 - 0000004 _____ () C:\Users\new\AppData\Roaming\appdataFr2.bin
2015-03-09 17:30 - 2015-03-09 17:30 - 0005487 _____ () C:\Users\new\AppData\Roaming\JYLS
2015-03-18 00:19 - 2015-03-18 00:19 - 1988096 _____ (Cinema PlusV17.03) C:\Users\new\AppData\Roaming\JYLS.exe
2015-03-09 17:30 - 2015-03-09 17:30 - 0005487 _____ () C:\Users\new\AppData\Roaming\PVYJW
2015-03-19 00:37 - 2015-03-19 00:37 - 1874944 _____ (Cinema PlusV18.03) C:\Users\new\AppData\Roaming\PVYJW.exe
2015-03-19 02:35 - 2015-03-19 02:35 - 0613255 _____ (CMI Limited) C:\Users\new\AppData\Local\nsj63B8.tmp
2015-03-19 01:44 - 2015-03-19 01:44 - 0628688 _____ (CMI Limited) C:\Users\new\AppData\Local\nsm16EF.tmp
2015-03-18 07:19 - 2015-03-18 07:19 - 0613255 _____ (CMI Limited) C:\Users\new\AppData\Local\nsmDAB2.tmp
2013-03-15 20:20 - 2013-03-15 20:20 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.11292.dll
 
 
Some content of TEMP:
====================
C:\Users\new\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-19 20:15
 
==================== End Of Log ============================

  • 0

#14
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

Your current log also has signs of infection.

 

I apologise for the delay but due to our time difference I will have to finish the analysis in the morning, (it's 11 50pm here), and will send the next instructions then.

 

Satchfan


  • 0

#15
pepsiprincess

pepsiprincess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
It's ok. I totally understand.

Sleep well!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP