Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer very slow, WIN 7 [Solved]


  • This topic is locked This topic is locked

#1
IndianBubble

IndianBubble

    Member

  • Member
  • PipPip
  • 42 posts

Hi,

 

I have a Compaq Presario which has been acting very slow of late. I had a difficult time in installing Window updates but managed to complete all but 1, which was upgrade to IE 11.

 

CPU usage is always in high 70s and reaches 100. Physical memory usage is also high. I had disabled all processes under Start-up in MSCONFIG and the result was that CPU usage came down to 30s.

 

IE and Chrome take time to launch and so do other programs.

 

I have attached the OTL logs and also FRST logs.

 

Please help.

 

ThanksAttached File  Extras.Txt   91.62KB   165 downloads

Attached File  OTL.Txt   118.57KB   143 downloads

Attached File  FRST.txt   67.9KB   145 downloads

Attached File  Addition.txt   38.73KB   137 downloads


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hi :) Looks like you've got a fair bit of adware slowing the machine down. Let's get rid of that first and then run some further scans to make sure you haven't gotten anything more nefarious hiding on the machine.

Also, no need to attach the logs, please copy and paste them into your replies. It makes them easier to analyze. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.




Step 1: P2P Warning and Program Uninstalls


The Dangers of P2P Programs

I noticed that you have a P2P file sharing program on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

There are also new infections out there such as CryptoWall 3.0 and CryptoLocker. When infected with these, all of your personal files on any drive connected to your computer will be affected. These infections copy all your files, encrypt them, and then delete the originals, leaving you with the encrypted copies. You are then presented with a screen telling you you have a certain amount of time to pay the ransom for the decryption code to decrypt your files. Even if you pay the ransom, there decryption process usually results in corrupt and unusable files.

There is nothing we can do to decrypt the files, as they use very sophisticated encryption techniques. Please consider this when using P2P programs. Malware and ransomware writers use P2P to spread their infections.


Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Program Uninstalls


Please uninstall the following programs from your machine as they are adware/malware related. If one of the programs fails to uninstall, please move on to the next one in the list.
  • WindowsMangerProtect20.0.0.722
  • Search App by Ask
Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
C:\ProgramData\IePluginServices
C:\ProgramData\WindowsMangerProtect
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar
() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
C:\Program Files (x86)\SupTab
() C:\Users\user\AppData\Local\tuto4pc_in_5\upt4pc_in_5.exe
C:\Users\user\AppData\Local\tuto4pc_in_5
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\AskPartnerNetwork
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [tuto4pc_in_14] => [X]
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1949592 2015-02-15] (APN)
HKLM-x32\...\RunOnce: [upt4pc_in_5.exe] => C:\Users\user\AppData\Local\tuto4pc_in_5\upt4pc_in_5.exe [2082664 2013-04-17] ()
HKU\S-1-5-21-624052414-6178681-1744939152-1001\...\Run: [DataMgr] => C:\Users\user\AppData\Roaming\DataMgr\DataMgr.exe [168848 2013-06-27] (HTTO Group, Ltd.)
C:\Users\user\AppData\Roaming\DataMgr
HKU\S-1-5-21-624052414-6178681-1744939152-1001\...\Run: [OMESupervisor] => C:\Users\user\AppData\Local\omesuperv.exe [2239256 2013-12-25] ()
C:\Users\user\AppData\Local\omesuperv.exe
HKU\S-1-5-21-624052414-6178681-1744939152-1001\...\Run: [] => [X]
HKU\S-1-5-21-624052414-6178681-1744939152-1001\...\MountPoints2: {1377ea1e-46a6-11e3-adfc-9439e5cd0951} - G:\Startme.exe
HKU\S-1-5-21-624052414-6178681-1744939152-1001\...\MountPoints2: {a24d5565-ca46-11e1-97ec-9439e5cd0951} - G:\LGAutoRun.exe
HKU\S-1-5-21-624052414-6178681-1744939152-1001\...\MountPoints2: {b9f29f45-8d56-11e3-920e-9439e5cd0951} - G:\bootstrap.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur...B1E81KMYD4KMYD4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur...B1E81KMYD4KMYD4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...q={searchTerms}
HKU\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur...B1E81KMYD4KMYD4
HKU\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=17/07/2013
HKU\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=17/07/2013
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=CPNTDF
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...Date=17/07/2013
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-624052414-6178681-1744939152-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...Date=17/07/2013
SearchScopes: HKU\S-1-5-21-624052414-6178681-1744939152-1001 -> {00CBEE25-2FA2-48A5-9CD8-A4218BDAB18F} URL = http://www.mysearchr...q={searchTerms}
SearchScopes: HKU\S-1-5-21-624052414-6178681-1744939152-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-624052414-6178681-1744939152-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol...119776&tsp=5021
SearchScopes: HKU\S-1-5-21-624052414-6178681-1744939152-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsur...q={searchTerms}
SearchScopes: HKU\S-1-5-21-624052414-6178681-1744939152-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-624052414-6178681-1744939152-1001 -> {8F0DA933-480A-4078-8180-6251A85EF4F2} URL = http://eseeky.com/ws...rchTerms}&r=508
SearchScopes: HKU\S-1-5-21-624052414-6178681-1744939152-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.as...q={searchTerms}
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll [2014-09-12] (Thinknice Co. Limited)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/...4&ts=1378987817
FF DefaultSearchEngine: Ask Search
FF SelectedSearchEngine: Ask Search
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nndezcpy.default-1424690594504\searchplugins\ask-search.xml [2015-03-24]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml [2014-07-04]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istartsurf.xml [2014-09-12]
FF Extension: OfferMosquito - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nndezcpy.default-1424690594504\Extensions\[email protected] [2013-12-19]
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hp&ts=1410524653&from=vtt&uid=WDCXWD5000BPVT-60HXZT3_WD-WXB1E81KMYD4KMYD4
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-02-15]
CHR HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gbmdkmlcnbapgegninelmjbfibaghdmk] - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-02-15]
CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx [Not Found]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-02-15] (APN LLC.)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-12] (Cherished Technololgy LIMITED)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [528896 2014-09-12] (Fuyu LIMITED) [File not signed]
R1 {0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64; C:\Windows\System32\drivers\{0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64.sys [61112 2014-09-10] (StdLib)
C:\Windows\System32\drivers\{0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64.sys
C:\Users\user\AppData\Roaming\newnext.me
CustomCLSID: HKU\S-1-5-21-624052414-6178681-1744939152-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-624052414-6178681-1744939152-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-624052414-6178681-1744939152-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-624052414-6178681-1744939152-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-624052414-6178681-1744939152-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
cmd: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.


Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

  • 0

#3
IndianBubble

IndianBubble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Hello Pystryker,

 

Thank you for helping me. I can already see the difference after doing the three things that you told. I have pasted the logs below:

 

FIXLOG:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by user at 2015-03-26 10:26:17 Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
 
Start
CreateRestorePoint:
CloseProcesses:
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
C:\ProgramData\IePluginServices
C:\ProgramData\WindowsMangerProtect
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar
() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
C:\Program Files (x86)\SupTab
() C:\Users\user\AppData\Local\tuto4pc_in_5\upt4pc_in_5.exe
C:\Users\user\AppData\Local\tuto4pc_in_5
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\AskPartnerNetwork
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [tuto4pc_in_14] => [X]
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1949592 2015-02-15] (APN)
HKLM-x32\...\RunOnce: [upt4pc_in_5.exe] => C:\Users\user\AppData\Local\tuto4pc_in_5\upt4pc_in_5.exe [2082664 2013-04-17] ()
HKU\S-1-5-21-624052414-6178681-1744939152-1001\...\Run: [DataMgr] => C:\Users\user\AppData\Roaming\DataMgr\DataMgr.exe [168848 2013-06-27] (HTTO Group, Ltd.)
C:\Users\user\AppData\Roaming\DataMgr
HKU\S-1-5-21-624052414-6178681-1744939152-1001\...\Run: [OMESupervisor] => C:\Users\user\AppData\Local\omesuperv.exe [2239256 2013-12-25] ()
C:\Users\user\AppData\Local\omesuperv.exe
HKU\S-1-5-21-624052414-6178681-1744939152-1001\...\Run: [] => [X]
HKU\S-1-5-21-624052414-6178681-1744939152-1001\...\MountPoints2: {1377ea1e-46a6-11e3-adfc-9439e5cd0951} - G:\Startme.exe
HKU\S-1-5-21-624052414-6178681-1744939152-1001\...\MountPoints2: {a24d5565-ca46-11e1-97ec-9439e5cd0951} - G:\LGAutoRun.exe
HKU\S-1-5-21-624052414-6178681-1744939152-1001\...\MountPoints2: {b9f29f45-8d56-11e3-920e-9439e5cd0951} - G:\bootstrap.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur...B1E81KMYD4KMYD4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur...B1E81KMYD4KMYD4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...q={searchTerms}
HKU\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur...B1E81KMYD4KMYD4
HKU\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=17/07/2013
HKU\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=17/07/2013
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=CPNTDF
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...Date=17/07/2013
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-624052414-6178681-1744939152-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...Date=17/07/2013
SearchScopes: HKU\S-1-5-21-624052414-6178681-1744939152-1001 -> {00CBEE25-2FA2-48A5-9CD8-A4218BDAB18F} URL = http://www.mysearchr...q={searchTerms}
SearchScopes: HKU\S-1-5-21-624052414-6178681-1744939152-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-624052414-6178681-1744939152-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol...119776&tsp=5021
SearchScopes: HKU\S-1-5-21-624052414-6178681-1744939152-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsur...q={searchTerms}
SearchScopes: HKU\S-1-5-21-624052414-6178681-1744939152-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-624052414-6178681-1744939152-1001 -> {8F0DA933-480A-4078-8180-6251A85EF4F2} URL = http://eseeky.com/ws...rchTerms}&r=508
SearchScopes: HKU\S-1-5-21-624052414-6178681-1744939152-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.as...q={searchTerms}
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll [2014-09-12] (Thinknice Co. Limited)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/...4&ts=1378987817
FF DefaultSearchEngine: Ask Search
FF SelectedSearchEngine: Ask Search
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nndezcpy.default-1424690594504\searchplugins\ask-search.xml [2015-03-24]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml [2014-07-04]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istartsurf.xml [2014-09-12]
FF Extension: OfferMosquito - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nndezcpy.default-1424690594504\Extensions\[email protected] [2013-12-19]
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hp&ts=1410524653&from=vtt&uid=WDCXWD5000BPVT-60HXZT3_WD-WXB1E81KMYD4KMYD4
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-02-15]
CHR HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gbmdkmlcnbapgegninelmjbfibaghdmk] - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-02-15]
CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx [Not Found]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-02-15] (APN LLC.)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-12] (Cherished Technololgy LIMITED)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [528896 2014-09-12] (Fuyu LIMITED) [File not signed]
R1 {0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64; C:\Windows\System32\drivers\{0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64.sys [61112 2014-09-10] (StdLib)
C:\Windows\System32\drivers\{0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64.sys
C:\Users\user\AppData\Roaming\newnext.me
CustomCLSID: HKU\S-1-5-21-624052414-6178681-1744939152-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-624052414-6178681-1744939152-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-624052414-6178681-1744939152-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-624052414-6178681-1744939152-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-624052414-6178681-1744939152-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
cmd: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
[1608] C:\ProgramData\IePluginServices\PluginService.exe => Process closed successfully.
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe => No running process found
C:\ProgramData\IePluginServices => Moved successfully.
C:\ProgramData\WindowsMangerProtect => Moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe => No running process found
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar" => File/Directory not found.
C:\Program Files (x86)\SupTab\HpUI.exe => No running process found
C:\Program Files (x86)\SupTab\Loader64.exe => No running process found
C:\Program Files (x86)\SupTab\Loader32.exe => No running process found
C:\Program Files (x86)\SupTab => Moved successfully.
C:\Users\user\AppData\Local\tuto4pc_in_5\upt4pc_in_5.exe => No running process found
C:\Users\user\AppData\Local\tuto4pc_in_5 => Moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe => No running process found
"C:\Program Files (x86)\AskPartnerNetwork" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\tuto4pc_in_14 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\upt4pc_in_5.exe => value deleted successfully.
HKU\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DataMgr => value deleted successfully.
C:\Users\user\AppData\Roaming\DataMgr => Moved successfully.
HKU\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Windows\CurrentVersion\Run\\OMESupervisor => value deleted successfully.
C:\Users\user\AppData\Local\omesuperv.exe => Moved successfully.
HKU\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1377ea1e-46a6-11e3-adfc-9439e5cd0951}" => Key deleted successfully.
HKCR\CLSID\{1377ea1e-46a6-11e3-adfc-9439e5cd0951} => Key not found. 
"HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a24d5565-ca46-11e1-97ec-9439e5cd0951}" => Key deleted successfully.
HKCR\CLSID\{a24d5565-ca46-11e1-97ec-9439e5cd0951} => Key not found. 
"HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9f29f45-8d56-11e3-920e-9439e5cd0951}" => Key deleted successfully.
HKCR\CLSID\{b9f29f45-8d56-11e3-920e-9439e5cd0951} => Key not found. 
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found. 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key deleted successfully.
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found. 
"HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found. 
"HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{00CBEE25-2FA2-48A5-9CD8-A4218BDAB18F}" => Key deleted successfully.
HKCR\CLSID\{00CBEE25-2FA2-48A5-9CD8-A4218BDAB18F} => Key not found. 
"HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. 
"HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. 
"HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
"HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key deleted successfully.
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found. 
"HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8F0DA933-480A-4078-8180-6251A85EF4F2}" => Key deleted successfully.
HKCR\CLSID\{8F0DA933-480A-4078-8180-6251A85EF4F2} => Key not found. 
"HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.
"HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
"C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nndezcpy.default-1424690594504\searchplugins\ask-search.xml" => not found.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istartsurf.xml => Moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nndezcpy.default-1424690594504\Extensions\[email protected] => Moved successfully.
Chrome HomePage deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf => Key not found. 
"C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx" => File/Directory not found.
"HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\Google\Chrome\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk" => Key deleted successfully.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf => Key not found. 
"C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj" => Key deleted successfully.
APNMCP => Service not found.
IePluginServices => Service deleted successfully.
WindowsMangerProtect => Service not found.
{0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64 => Service stopped successfully.
{0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64 => Service deleted successfully.
C:\Windows\System32\drivers\{0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64.sys => Moved successfully.
C:\Users\user\AppData\Roaming\newnext.me => Moved successfully.
"HKU\S-1-5-21-624052414-6178681-1744939152-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-624052414-6178681-1744939152-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-624052414-6178681-1744939152-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-624052414-6178681-1744939152-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
"HKU\S-1-5-21-624052414-6178681-1744939152-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{9D1186BE-5637-4B92-AB6F-C2978D102819} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 889.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 10:37:25 ====
 
JUNKWARE REMOVAL:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 7 Home Basic x64
Ran by user on 26-03-2015 at 11:05:51.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\APNSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\APNSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\MyBabylonTB_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\MyBabylonTB_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\package_babylon_installer_multilang_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\package_babylon_installer_multilang_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r420-n-bf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r420-n-bf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r834-n-bf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r834-n-bf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\qualitink_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\qualitink_Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_google-talk_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_google-talk_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_google-voice-and-video-chat_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_google-voice-and-video-chat_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\package_babylon_installer_multilang_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\package_babylon_installer_multilang_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r420-n-bf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r420-n-bf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r834-n-bf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r834-n-bf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\qualitink_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\qualitink_Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_google-talk_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_google-talk_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_google-voice-and-video-chat_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_google-voice-and-video-chat_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\user\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\ammyy"
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\dsearchlink"
Successfully deleted: [Folder] "C:\ProgramData\esafe"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\babylon"
Failed to delete: [Folder] "C:\Users\user\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\intermediate"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\istartsurf"
Failed to delete: [Folder] "C:\Users\user\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\scheck"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\ssync"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\systweak"
Failed to delete: [Folder] "C:\Users\user\appdata\local\eorezo"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\genienext"
Failed to delete: [Folder] "C:\Users\user\appdata\local\mobogenie"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\torch"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\mixidj"
Successfully deleted: [Folder] "C:\Program Files (x86)\mobogenie"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\oapps"
Successfully deleted: [Folder] "C:\Program Files (x86)\torntv.com"
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{06E4F0BC-0CBB-4BEF-A386-7776E5D4FE79}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{3BBDDCF2-7C47-4A41-91FA-94296DA84557}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{428FDCB6-F024-440E-9CDF-EFBC40C7B824}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4B979A37-347F-4E72-A6FA-EF51A5C96639}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{525D4D68-9A73-415B-A8BD-C45653650350}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{69EA1AC4-6249-4339-87DD-46B8C30CFEB8}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D8827A59-DB03-453A-9EA4-72290411D4DB}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E91494BF-288B-433C-ABC9-9BA8E3DFF18D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F9A140A7-0463-4E95-98E1-028E50069008}
 
 
 
~~~ FireFox
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\[email protected]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26-03-2015 at 11:18:28.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
ADWARE:
 
# AdwCleaner v4.113 - Logfile created 26/03/2015 at 11:35:57
# Updated 22/03/2015 by Xplode
# Database : 2015-03-22.2 [Local]
# Operating system : Windows 7 Home Basic Service Pack 1 (x64)
# Username : user - USER-HP
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : YahooAUService
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yd724ovx.default\searchplugins\Babylon.xml
File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yd724ovx.default\user.js
File Found : C:\users\user\daemonprocess.txt
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\users\user\AppData\Local\Bundled software uninstaller
Folder Found : C:\users\user\AppData\Local\DProtect
Folder Found : C:\users\user\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito
Folder Found : C:\users\user\AppData\Local\Mobogenie
Folder Found : C:\users\user\AppData\Roaming\Browser Tab Search by Ask
Folder Found : C:\users\user\AppData\Roaming\Common\LuaRT
Folder Found : C:\users\user\AppData\Roaming\defaulttab
Folder Found : C:\users\user\AppData\Roaming\OpenCandy
Folder Found : C:\users\user\AppData\Roaming\Snz
Folder Found : C:\users\user\AppData\Roaming\WebExtend
Folder Found : C:\Windows\SysWOW64\SearchProtect
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\5f4ddddb73fed14
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\BABSOLUTION
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\httogroup
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Found : HKCU\Software\Mozilla\Extends
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\OfferMosquito
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\Protector
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SupHpUISoft
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\torch
Key Found : HKCU\Software\Tuto4PC
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\WEDLMNGR
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\BABSOLUTION
Key Found : [x64] HKCU\Software\BI
Key Found : [x64] HKCU\Software\httogroup
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Myfree Codec
Key Found : [x64] HKCU\Software\OfferMosquito
Key Found : [x64] HKCU\Software\powerpack
Key Found : [x64] HKCU\Software\Protector
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\SupHpUISoft
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\torch
Key Found : [x64] HKCU\Software\Tuto4PC
Key Found : [x64] HKCU\Software\Tutorials
Key Found : [x64] HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A2773ED4-83BD-488A-A186-73590706C916}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf
Key Found : HKLM\SOFTWARE\istartsurfSoftware
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : HKLM\SOFTWARE\qvo6Software
Key Found : HKLM\SOFTWARE\SafetyNut
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\SupTab
Key Found : HKLM\SOFTWARE\supWindowsMangerProtect
Key Found : HKLM\SOFTWARE\supWPM
Key Found : HKLM\SOFTWARE\torch
Key Found : HKLM\SOFTWARE\Tuto4PC
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16633
 
 
-\\ Mozilla Firefox v33.0 (x86 en-US)
 
 
-\\ Google Chrome v41.0.2272.101
 
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=IN&userid=a3acf013-2aca-4a83-baec-15a865a756e0&searchtype=ds&q={searchTerms}&installDate=17/07/2013
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=WDCXWD5000BPVT-60HXZT3_WD-WXB1E81KMYD4KMYD4&ts=1378987820&type=default&q={searchTerms}
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=4234441EA1C8E47C&affID=119776&tsp=5021
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP20CBB3AF-216F-49BB-9C4C-FEA4B2114E8C&q={searchTerms}&SSPV=
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.fbdownloader.com/search.php?channel=msus200fbdgy6&q={searchTerms}
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.fbdownloader.com/search.php?channel=msus200fbdgy6&q={searchTerms}
*************************
 
AdwCleaner[R0].txt - [11097 bytes] - [26/03/2015 11:35:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11157 bytes] ##########
 

I look forward to hearing from you.

 

Thanks.


  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :)

Good to hear that you're seeing improvement, that's what I wanted to hear. Let's continue.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.



Step 1: Re-Run AdwCleaner


According to the AdwCleaner log, you did not press the Cleaning button upon completion of it's scan. Please run the scan again, and when it is complete, press the Cleaning button. Upon completion of the cleaning, it will produce a log. Please post it in your next reply. :thumbsup:


Step 2: Scan with TDSSKiller


Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

AdwCleaner Log

TDSSKiller Log

  • 0

#5
IndianBubble

IndianBubble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Hi,

 

When I ran the Adware removal tool the first time it did point out Yahoo au service and I then did click on Cleaning. Nevertheless I ran the program again and it didn't show anything. Log is pasted below:

 

# AdwCleaner v4.113 - Logfile created 26/03/2015 at 21:17:58
# Updated 22/03/2015 by Xplode
# Database : 2015-03-23.1 [Server]
# Operating system : Windows 7 Home Basic Service Pack 1 (x64)
# Username : user - USER-HP
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16633
 
 
-\\ Mozilla Firefox v33.0 (x86 en-US)
 
 
-\\ Google Chrome v41.0.2272.101
 
 
*************************
 
AdwCleaner[R0].txt - [11421 bytes] - [26/03/2015 11:35:57]
AdwCleaner[R1].txt - [901 bytes] - [26/03/2015 21:12:46]
AdwCleaner[S0].txt - [10881 bytes] - [26/03/2015 11:42:13]
AdwCleaner[S1].txt - [829 bytes] - [26/03/2015 21:17:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [887  bytes] ##########
 
I also ran TDSSKiller and it didn't detect anything. Log pasted below:
 
21:27:27.0612 0x08e4  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
21:27:33.0618 0x08e4  ============================================================
21:27:33.0618 0x08e4  Current date / time: 2015/03/26 21:27:33.0618
21:27:33.0618 0x08e4  SystemInfo:
21:27:33.0618 0x08e4  
21:27:33.0618 0x08e4  OS Version: 6.1.7601 ServicePack: 1.0
21:27:33.0618 0x08e4  Product type: Workstation
21:27:33.0634 0x08e4  ComputerName: USER-HP
21:27:33.0634 0x08e4  UserName: user
21:27:33.0634 0x08e4  Windows directory: C:\Windows
21:27:33.0634 0x08e4  System windows directory: C:\Windows
21:27:33.0634 0x08e4  Running under WOW64
21:27:33.0634 0x08e4  Processor architecture: Intel x64
21:27:33.0634 0x08e4  Number of processors: 2
21:27:33.0634 0x08e4  Page size: 0x1000
21:27:33.0634 0x08e4  Boot type: Normal boot
21:27:33.0634 0x08e4  ============================================================
21:27:53.0664 0x08e4  KLMD registered as C:\Windows\system32\drivers\93141103.sys
21:27:54.0397 0x08e4  System UUID: {F99E754C-A473-1214-5608-0E05C14E207E}
21:27:56.0082 0x08e4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:27:56.0098 0x08e4  ============================================================
21:27:56.0098 0x08e4  \Device\Harddisk0\DR0:
21:27:56.0098 0x08e4  MBR partitions:
21:27:56.0098 0x08e4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:27:56.0098 0x08e4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37F41000
21:27:56.0098 0x08e4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37FA5000, BlocksNum 0x1BF1000
21:27:56.0098 0x08e4  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x39B96000, BlocksNum 0x7EF830
21:27:56.0098 0x08e4  ============================================================
21:27:56.0113 0x08e4  C: <-> \Device\Harddisk0\DR0\Partition2
21:27:56.0160 0x08e4  D: <-> \Device\Harddisk0\DR0\Partition3
21:27:56.0176 0x08e4  E: <-> \Device\Harddisk0\DR0\Partition4
21:27:56.0176 0x08e4  ============================================================
21:27:56.0176 0x08e4  Initialize success
21:27:56.0176 0x08e4  ============================================================
21:28:48.0852 0x1130  ============================================================
21:28:48.0852 0x1130  Scan started
21:28:48.0852 0x1130  Mode: Manual; SigCheck; TDLFS; 
21:28:48.0852 0x1130  ============================================================
21:28:48.0852 0x1130  KSN ping started
21:28:49.0886 0x1130  KSN ping finished: true
21:28:51.0009 0x1130  ================ Scan system memory ========================
21:28:51.0009 0x1130  System memory - ok
21:28:51.0009 0x1130  ================ Scan services =============================
21:28:51.0397 0x1130  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:28:51.0709 0x1130  1394ohci - ok
21:28:51.0819 0x1130  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:28:51.0865 0x1130  ACPI - ok
21:28:51.0912 0x1130  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:28:52.0053 0x1130  AcpiPmi - ok
21:28:52.0287 0x1130  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:28:52.0443 0x1130  AdobeARMservice - ok
21:28:52.0708 0x1130  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:28:52.0755 0x1130  AdobeFlashPlayerUpdateSvc - ok
21:28:52.0848 0x1130  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:28:52.0926 0x1130  adp94xx - ok
21:28:53.0020 0x1130  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:28:53.0079 0x1130  adpahci - ok
21:28:53.0121 0x1130  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:28:53.0162 0x1130  adpu320 - ok
21:28:53.0225 0x1130  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:28:53.0474 0x1130  AeLookupSvc - ok
21:28:53.0583 0x1130  [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
21:28:53.0615 0x1130  AERTFilters - ok
21:28:53.0708 0x1130  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
21:28:53.0958 0x1130  AFD - ok
21:28:54.0020 0x1130  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
21:28:54.0051 0x1130  agp440 - ok
21:28:54.0129 0x1130  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
21:28:54.0332 0x1130  ALG - ok
21:28:54.0395 0x1130  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:28:54.0410 0x1130  aliide - ok
21:28:54.0488 0x1130  [ 715B02B892C5BA46471EFC8DCD2AE934, 9DB0CC1D33BF71EAA3DB8DD9ADFB131FE220E3FE638286F55042056B8B56CE74 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:28:54.0691 0x1130  AMD External Events Utility - ok
21:28:54.0769 0x1130  AMD FUEL Service - ok
21:28:54.0831 0x1130  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:28:54.0863 0x1130  amdide - ok
21:28:54.0894 0x1130  [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
21:28:54.0941 0x1130  amdiox64 - ok
21:28:55.0003 0x1130  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:28:55.0086 0x1130  AmdK8 - ok
21:28:55.0732 0x1130  [ 7054D5D028B6CA727D0575192D633FA9, 41FEF2500004C6EAE116A109E525BE86494306709689A624A656A29D438C20AB ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:28:56.0730 0x1130  amdkmdag - ok
21:28:56.0871 0x1130  [ 1CD2BC11467FD5FC7BE9827A9F3D8566, 952C881CF3DF67125C539409399C820632631782D426DF51900BB6F70C833024 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:28:56.0980 0x1130  amdkmdap - ok
21:28:57.0042 0x1130  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:28:57.0089 0x1130  AmdPPM - ok
21:28:57.0147 0x1130  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:28:57.0194 0x1130  amdsata - ok
21:28:57.0256 0x1130  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:28:57.0303 0x1130  amdsbs - ok
21:28:57.0334 0x1130  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:28:57.0381 0x1130  amdxata - ok
21:28:57.0428 0x1130  [ F9D46B6B322708BD5AFCC8767EBDC901, BD4872A62516D8326D43FD37A8BECEBADB80C51CD79506FD8A2013358710F774 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
21:28:57.0459 0x1130  amd_sata - ok
21:28:57.0490 0x1130  [ 329CC9C7E20DEEBCD4CD10816193EF14, FA217536D56EA0BFC783FC29919F529A9AF8E0F7B2A49AA452B218BC6F1E0366 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
21:28:57.0537 0x1130  amd_xata - ok
21:28:57.0615 0x1130  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
21:28:57.0740 0x1130  AppID - ok
21:28:57.0787 0x1130  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:28:57.0865 0x1130  AppIDSvc - ok
21:28:57.0943 0x1130  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
21:28:58.0021 0x1130  Appinfo - ok
21:28:58.0083 0x1130  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
21:28:58.0114 0x1130  arc - ok
21:28:58.0177 0x1130  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:28:58.0208 0x1130  arcsas - ok
21:28:58.0489 0x1130  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:28:58.0567 0x1130  aspnet_state - ok
21:28:58.0629 0x1130  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:28:58.0785 0x1130  AsyncMac - ok
21:28:58.0848 0x1130  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:28:58.0910 0x1130  atapi - ok
21:28:59.0066 0x1130  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:28:59.0245 0x1130  AudioEndpointBuilder - ok
21:28:59.0308 0x1130  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:28:59.0401 0x1130  AudioSrv - ok
21:28:59.0479 0x1130  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:28:59.0666 0x1130  AxInstSV - ok
21:28:59.0744 0x1130  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:28:59.0869 0x1130  b06bdrv - ok
21:28:59.0963 0x1130  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:29:00.0072 0x1130  b57nd60a - ok
21:29:00.0166 0x1130  [ 7F46A03C1890D47EF594995DD374C637, EBD8202A40191EC43CB56BCFDE0CAB3B57C26A4278989016C3A9BD3A1C400DB6 ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
21:29:00.0197 0x1130  bcbtums - ok
21:29:00.0540 0x1130  [ 461E574D7967E895640109A371A912A5, 910C7063E9370FC1968E8F75E5350915ED1AFF54B265A86A28A77EE27529E8C3 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
21:29:00.0914 0x1130  BCM43XX - ok
21:29:01.0008 0x1130  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:29:01.0143 0x1130  BDESVC - ok
21:29:01.0190 0x1130  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:29:01.0330 0x1130  Beep - ok
21:29:01.0439 0x1130  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
21:29:01.0611 0x1130  BFE - ok
21:29:01.0704 0x1130  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
21:29:02.0079 0x1130  BITS - ok
21:29:02.0297 0x1130  [ 686045905787B68D829CE647A6DFAD2B, 09B925A3E02B3BA45D5D408B59A279D3255AC854B3B696E243DCD14EF18CEC92 ] Blackberry Device Manager C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
21:29:06.0933 0x1130  Blackberry Device Manager - detected UnsignedFile.Multi.Generic ( 1 )
21:29:09.0355 0x1130  Detect skipped due to KSN trusted
21:29:09.0355 0x1130  Blackberry Device Manager - ok
21:29:09.0433 0x1130  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
21:29:09.0511 0x1130  blbdrive - ok
21:29:09.0574 0x1130  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:29:09.0667 0x1130  bowser - ok
21:29:09.0714 0x1130  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:29:09.0808 0x1130  BrFiltLo - ok
21:29:09.0839 0x1130  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:29:09.0901 0x1130  BrFiltUp - ok
21:29:09.0964 0x1130  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
21:29:10.0089 0x1130  Browser - ok
21:29:10.0151 0x1130  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:29:10.0245 0x1130  Brserid - ok
21:29:10.0276 0x1130  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:29:10.0369 0x1130  BrSerWdm - ok
21:29:10.0401 0x1130  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:29:10.0479 0x1130  BrUsbMdm - ok
21:29:10.0494 0x1130  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:29:10.0557 0x1130  BrUsbSer - ok
21:29:10.0619 0x1130  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
21:29:10.0713 0x1130  BthEnum - ok
21:29:10.0759 0x1130  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:29:10.0837 0x1130  BTHMODEM - ok
21:29:10.0869 0x1130  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:29:10.0947 0x1130  BthPan - ok
21:29:11.0009 0x1130  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
21:29:11.0118 0x1130  BTHPORT - ok
21:29:11.0165 0x1130  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
21:29:11.0305 0x1130  bthserv - ok
21:29:11.0334 0x1130  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
21:29:11.0412 0x1130  BTHUSB - ok
21:29:11.0490 0x1130  [ 0D9F24D24FE52D16F97E758F36FA54BB, BCEE3DDCDAA6FB66E411A306016EA53C2243D44A262B5132C95CCBA994C11B6A ] btwampfl        C:\Windows\system32\DRIVERS\btwampfl.sys
21:29:11.0568 0x1130  btwampfl - ok
21:29:11.0599 0x1130  [ 1D007889460CEE1BDF1009E054379706, 6B39DF442C418E45333EC04FDC97B78D8BBDE5331482CC31DC963C195FE6D99A ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
21:29:11.0646 0x1130  btwaudio - ok
21:29:11.0677 0x1130  [ 3DF5971BE52709618FD3959033E654F7, 7B7A9DDF55BF1B382AC0763BFAAFCAC54D182D75D1190DD66F5AEDD85DC05CF3 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
21:29:11.0724 0x1130  btwavdt - ok
21:29:11.0833 0x1130  [ EB3C8EB163E437CEAE2B738ED99F35C5, B6CB50BF6F79F8C8C040E32F3E610AF7CB7139C9BA2229EC7BEE5EB7F4CA0E29 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:29:11.0942 0x1130  btwdins - ok
21:29:11.0973 0x1130  [ 41933521A618475644B6E8D8487AF326, A50D6CF096E45E4EA2491D61CFE165C8C8A8956E699519C4314918DE1FD31056 ] BTWDPAN         C:\Windows\system32\DRIVERS\btwdpan.sys
21:29:12.0004 0x1130  BTWDPAN - ok
21:29:12.0036 0x1130  [ B9354F9F111C64F2495B60F1E24CB453, 67B3F5867B00F84832EF5AD649D817D27B3F200351C7C53579A63D30F8E2BFDD ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
21:29:12.0067 0x1130  btwl2cap - ok
21:29:12.0082 0x1130  [ 745D388376D354B806102B78CE1DE611, 0740C3EF90F66187914F23DC68A1BB1C4ADEC35663471765D3DCD372ED653C7E ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
21:29:12.0114 0x1130  btwrchid - ok
21:29:12.0145 0x1130  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:29:12.0270 0x1130  cdfs - ok
21:29:12.0301 0x1130  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:29:12.0379 0x1130  cdrom - ok
21:29:12.0410 0x1130  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:29:12.0566 0x1130  CertPropSvc - ok
21:29:12.0597 0x1130  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:29:12.0706 0x1130  circlass - ok
21:29:12.0753 0x1130  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
21:29:12.0800 0x1130  CLFS - ok
21:29:12.0878 0x1130  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:29:12.0909 0x1130  clr_optimization_v2.0.50727_32 - ok
21:29:12.0956 0x1130  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:29:13.0003 0x1130  clr_optimization_v2.0.50727_64 - ok
21:29:13.0174 0x1130  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:29:13.0463 0x1130  clr_optimization_v4.0.30319_32 - ok
21:29:13.0509 0x1130  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:29:13.0743 0x1130  clr_optimization_v4.0.30319_64 - ok
21:29:13.0806 0x1130  [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
21:29:13.0837 0x1130  clwvd - ok
21:29:13.0868 0x1130  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
21:29:13.0946 0x1130  CmBatt - ok
21:29:13.0962 0x1130  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:29:13.0993 0x1130  cmdide - ok
21:29:14.0055 0x1130  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
21:29:14.0133 0x1130  CNG - ok
21:29:14.0165 0x1130  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:29:14.0196 0x1130  Compbatt - ok
21:29:14.0227 0x1130  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:29:14.0321 0x1130  CompositeBus - ok
21:29:14.0336 0x1130  COMSysApp - ok
21:29:14.0352 0x1130  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:29:14.0383 0x1130  crcdisk - ok
21:29:14.0445 0x1130  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:29:14.0570 0x1130  CryptSvc - ok
21:29:14.0648 0x1130  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:29:14.0773 0x1130  DcomLaunch - ok
21:29:14.0835 0x1130  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:29:14.0976 0x1130  defragsvc - ok
21:29:15.0007 0x1130  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:29:15.0132 0x1130  DfsC - ok
21:29:15.0241 0x1130  [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
21:29:15.0407 0x1130  dg_ssudbus - ok
21:29:15.0485 0x1130  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:29:15.0610 0x1130  Dhcp - ok
21:29:15.0625 0x1130  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
21:29:15.0735 0x1130  discache - ok
21:29:15.0781 0x1130  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
21:29:15.0813 0x1130  Disk - ok
21:29:15.0859 0x1130  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:29:15.0984 0x1130  Dnscache - ok
21:29:16.0031 0x1130  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:29:16.0187 0x1130  dot3svc - ok
21:29:16.0218 0x1130  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
21:29:16.0374 0x1130  DPS - ok
21:29:16.0421 0x1130  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:29:16.0499 0x1130  drmkaud - ok
21:29:16.0608 0x1130  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:29:16.0702 0x1130  DXGKrnl - ok
21:29:16.0764 0x1130  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
21:29:16.0920 0x1130  EapHost - ok
21:29:17.0170 0x1130  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:29:17.0554 0x1130  ebdrv - ok
21:29:17.0617 0x1130  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS             C:\Windows\System32\lsass.exe
21:29:17.0726 0x1130  EFS - ok
21:29:17.0804 0x1130  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:29:17.0866 0x1130  elxstor - ok
21:29:17.0882 0x1130  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:29:17.0960 0x1130  ErrDev - ok
21:29:18.0085 0x1130  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
21:29:18.0194 0x1130  EventSystem - ok
21:29:18.0241 0x1130  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:29:18.0381 0x1130  exfat - ok
21:29:18.0412 0x1130  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:29:18.0553 0x1130  fastfat - ok
21:29:18.0646 0x1130  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
21:29:18.0771 0x1130  Fax - ok
21:29:18.0802 0x1130  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
21:29:18.0849 0x1130  fdc - ok
21:29:18.0865 0x1130  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
21:29:19.0005 0x1130  fdPHost - ok
21:29:19.0036 0x1130  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:29:19.0192 0x1130  FDResPub - ok
21:29:19.0208 0x1130  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:29:19.0239 0x1130  FileInfo - ok
21:29:19.0255 0x1130  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:29:19.0398 0x1130  Filetrace - ok
21:29:19.0444 0x1130  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:29:19.0507 0x1130  flpydisk - ok
21:29:19.0569 0x1130  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:29:19.0616 0x1130  FltMgr - ok
21:29:19.0725 0x1130  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
21:29:20.0022 0x1130  FontCache - ok
21:29:20.0084 0x1130  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:29:20.0115 0x1130  FontCache3.0.0.0 - ok
21:29:20.0162 0x1130  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:29:20.0193 0x1130  FsDepends - ok
21:29:20.0224 0x1130  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:29:20.0256 0x1130  Fs_Rec - ok
21:29:20.0318 0x1130  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:29:20.0365 0x1130  fvevol - ok
21:29:20.0427 0x1130  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:29:20.0458 0x1130  gagp30kx - ok
21:29:20.0568 0x1130  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:29:20.0614 0x1130  GamesAppService - ok
21:29:20.0692 0x1130  [ A1F556318931B9EA276F4E2DA2C1791C, 1E5564A9B213689C56BFBBEC1A7BBFAD78DF1FB55422171C0680935338C5DE57 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
21:29:20.0786 0x1130  ggflt - ok
21:29:20.0833 0x1130  [ 6B503DF845EABF3457E49FBBDA26C10E, A1553E3822EDEA26D8E67FCC7F9EA40DFBED49EC92FD5674AAF938F2D58CF964 ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
21:29:20.0880 0x1130  ggsemc - ok
21:29:20.0973 0x1130  [ 7F56A3E09A6AD40B07E4EFAD34A40A18, E0EC4293035162E9EFA89A45FFF26B5BC829F7BB7F4D2D5A2CAA5E88AC6DC0C9 ] ggsomc          C:\Windows\system32\DRIVERS\ggsomc.sys
21:29:21.0051 0x1130  ggsomc - ok
21:29:21.0129 0x1130  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:29:21.0316 0x1130  gpsvc - ok
21:29:21.0433 0x1130  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:29:21.0464 0x1130  gupdate - ok
21:29:21.0495 0x1130  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:29:21.0527 0x1130  gupdatem - ok
21:29:21.0573 0x1130  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:29:21.0651 0x1130  hcw85cir - ok
21:29:21.0714 0x1130  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:29:21.0854 0x1130  HdAudAddService - ok
21:29:21.0885 0x1130  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:29:21.0932 0x1130  HDAudBus - ok
21:29:21.0963 0x1130  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:29:22.0026 0x1130  HidBatt - ok
21:29:22.0088 0x1130  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:29:22.0182 0x1130  HidBth - ok
21:29:22.0213 0x1130  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:29:22.0307 0x1130  HidIr - ok
21:29:22.0338 0x1130  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
21:29:22.0478 0x1130  hidserv - ok
21:29:22.0541 0x1130  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
21:29:22.0634 0x1130  HidUsb - ok
21:29:22.0665 0x1130  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:29:22.0775 0x1130  hkmsvc - ok
21:29:22.0806 0x1130  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:29:22.0946 0x1130  HomeGroupListener - ok
21:29:22.0993 0x1130  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:29:23.0055 0x1130  HomeGroupProvider - ok
21:29:23.0118 0x1130  [ F90DD89E8A482AC976DD4E1029802E49, 7BB552DCCAB6FB1868CCB6DAC53C525CF88BFB74F2753F14A1456B1764963E1B ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
21:29:23.0211 0x1130  HP LaserJet Service - detected UnsignedFile.Multi.Generic ( 1 )
21:29:24.0220 0x1130  Detect skipped due to KSN trusted
21:29:24.0220 0x1130  HP LaserJet Service - ok
21:29:24.0345 0x1130  [ 170233B8D743EFE35F462A5D516B93E3, 469CD3A5DE0CB6E7068F3670DA95FCF46544546AB72B1A508B3A3CA3B8598802 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:29:24.0360 0x1130  HP Support Assistant Service - ok
21:29:24.0423 0x1130  [ A92C9C5736F158D27C01C5EE239B29DC, 00CE22D3BE3EF72B8AFA94E8801080B2751866EAE851D6463BE907FA2E47692F ] HP1210FAX       C:\Windows\system32\Drivers\HPM1210FAX.sys
21:29:24.0532 0x1130  HP1210FAX - ok
21:29:24.0625 0x1130  [ 6A181452D4E240B8ECC7614B9A19BDE9, 3E458A737DA597DF007D278E9D81F2BF259AB4B97A4C188CEDAEA1F144B1074F ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
21:29:24.0735 0x1130  HPClientSvc - ok
21:29:24.0781 0x1130  [ 6F4A95D54243572DEB7E7439C917F875, D7B3BCCDCE7D78A40E4B9414DE0A0102133527FEA57B48305B1D19F2D78AB744 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:29:24.0937 0x1130  HPDrvMntSvc.exe - ok
21:29:25.0000 0x1130  [ F8F686D62121549377D9E1CDF6BC3441, CE4F2C31A35ED0679D0D21529782C3A2B10C5B929F539C35157351B3B50179E3 ] HPM1210RcvFaxSrvc C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
21:29:25.0187 0x1130  HPM1210RcvFaxSrvc - ok
21:29:25.0265 0x1130  [ 5EC22CEC65AA3C2C38327472FD5A27D2, 1AB5E2F2B0F0F5658A793A6179B1C513AE6BDE5753A468FF646143C4C3F3AFC2 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
21:29:25.0327 0x1130  hpqwmiex - ok
21:29:25.0397 0x1130  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:29:25.0429 0x1130  HpSAMD - ok
21:29:25.0491 0x1130  [ 4E9CAE3200A46135DE01CE22BAF832BE, 722A14BEB3FC6BBD5700CE6901FA0C47305ED61FFB0E9604C369BC9366B1E16C ] HPSIService     C:\Windows\system32\HPSIsvc.exe
21:29:25.0616 0x1130  HPSIService - ok
21:29:25.0678 0x1130  [ 171000873EB522E5EA3DD4C4E0B689B2, 8F4B2C042B7391A009DED11C12AB5CEEB853944B92B9D6C676453DF258F87B9F ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
21:29:25.0756 0x1130  HPWMISVC - ok
21:29:25.0850 0x1130  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:29:26.0053 0x1130  HTTP - ok
21:29:26.0084 0x1130  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:29:26.0115 0x1130  hwpolicy - ok
21:29:26.0146 0x1130  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:29:26.0240 0x1130  i8042prt - ok
21:29:26.0302 0x1130  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:29:26.0365 0x1130  iaStorV - ok
21:29:26.0677 0x1130  [ E4693409D06785477A49FB34AFAE1B92, 3855CE03672D73084BBAC219F2B350CF22608A82828F82A9E842034F6A975F14 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
21:29:33.0378 0x1130  IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )
21:29:34.0855 0x1130  Detect skipped due to KSN trusted
21:29:34.0855 0x1130  IconMan_R - ok
21:29:34.0964 0x1130  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
21:29:35.0073 0x1130  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
21:29:36.0113 0x1130  Detect skipped due to KSN trusted
21:29:36.0113 0x1130  IDriverT - ok
21:29:36.0238 0x1130  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:29:36.0331 0x1130  idsvc - ok
21:29:36.0378 0x1130  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:29:36.0409 0x1130  iirsp - ok
21:29:36.0503 0x1130  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
21:29:36.0659 0x1130  IKEEXT - ok
21:29:36.0893 0x1130  [ 336C3A6BF14D5A9AF35AF07C6B6B29CD, 44344C077F4855193277CA9A4058826252853BA241A296D6A7DB1AD32215D266 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:29:37.0127 0x1130  IntcAzAudAddService - ok
21:29:37.0236 0x1130  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:29:37.0267 0x1130  intelide - ok
21:29:37.0314 0x1130  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
21:29:37.0376 0x1130  intelppm - ok
21:29:37.0423 0x1130  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:29:37.0558 0x1130  IPBusEnum - ok
21:29:37.0605 0x1130  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:29:37.0745 0x1130  IpFilterDriver - ok
21:29:37.0823 0x1130  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:29:37.0964 0x1130  iphlpsvc - ok
21:29:38.0010 0x1130  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:29:38.0088 0x1130  IPMIDRV - ok
21:29:38.0104 0x1130  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:29:38.0244 0x1130  IPNAT - ok
21:29:38.0260 0x1130  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:29:38.0338 0x1130  IRENUM - ok
21:29:38.0385 0x1130  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:29:38.0416 0x1130  isapnp - ok
21:29:38.0447 0x1130  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:29:38.0494 0x1130  iScsiPrt - ok
21:29:38.0556 0x1130  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:29:38.0588 0x1130  kbdclass - ok
21:29:38.0619 0x1130  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:29:38.0728 0x1130  kbdhid - ok
21:29:38.0759 0x1130  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso          C:\Windows\system32\lsass.exe
21:29:38.0822 0x1130  KeyIso - ok
21:29:38.0853 0x1130  [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:29:38.0900 0x1130  KSecDD - ok
21:29:38.0931 0x1130  [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:29:38.0978 0x1130  KSecPkg - ok
21:29:39.0024 0x1130  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:29:39.0165 0x1130  ksthunk - ok
21:29:39.0227 0x1130  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:29:39.0368 0x1130  KtmRm - ok
21:29:39.0435 0x1130  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:29:39.0572 0x1130  LanmanServer - ok
21:29:39.0619 0x1130  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:29:39.0760 0x1130  LanmanWorkstation - ok
21:29:39.0806 0x1130  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:29:39.0978 0x1130  lltdio - ok
21:29:40.0040 0x1130  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:29:40.0212 0x1130  lltdsvc - ok
21:29:40.0243 0x1130  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:29:40.0352 0x1130  lmhosts - ok
21:29:40.0415 0x1130  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:29:40.0462 0x1130  LSI_FC - ok
21:29:40.0493 0x1130  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:29:40.0524 0x1130  LSI_SAS - ok
21:29:40.0555 0x1130  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:29:40.0586 0x1130  LSI_SAS2 - ok
21:29:40.0618 0x1130  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:29:40.0649 0x1130  LSI_SCSI - ok
21:29:40.0680 0x1130  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:29:40.0820 0x1130  luafv - ok
21:29:40.0852 0x1130  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:29:40.0883 0x1130  megasas - ok
21:29:40.0945 0x1130  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:29:40.0992 0x1130  MegaSR - ok
21:29:41.0086 0x1130  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:29:41.0117 0x1130  Microsoft Office Groove Audit Service - ok
21:29:41.0148 0x1130  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
21:29:41.0257 0x1130  MMCSS - ok
21:29:41.0288 0x1130  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
21:29:41.0398 0x1130  Modem - ok
21:29:41.0429 0x1130  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:29:41.0467 0x1130  monitor - ok
21:29:41.0492 0x1130  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:29:41.0524 0x1130  mouclass - ok
21:29:41.0555 0x1130  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:29:41.0633 0x1130  mouhid - ok
21:29:41.0680 0x1130  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:29:41.0711 0x1130  mountmgr - ok
21:29:41.0804 0x1130  [ 6ACCF2E8210880D7005C608AFDB5301C, D00122C928C5818A24E6C11183F79C253CFB6576AD54DC92AEEFC630ABBDE655 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:29:41.0836 0x1130  MozillaMaintenance - ok
21:29:41.0945 0x1130  [ FBA4CDA6B3B00D7A116DCC2B5C7E9790, FE909159323290555971F031E7911DCCD035B873E630A230A660C13D57719206 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
21:29:42.0007 0x1130  MpFilter - ok
21:29:42.0054 0x1130  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:29:42.0101 0x1130  mpio - ok
21:29:42.0148 0x1130  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:29:42.0272 0x1130  mpsdrv - ok
21:29:42.0366 0x1130  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:29:42.0553 0x1130  MpsSvc - ok
21:29:42.0600 0x1130  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:29:42.0725 0x1130  MRxDAV - ok
21:29:42.0772 0x1130  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:29:42.0896 0x1130  mrxsmb - ok
21:29:42.0928 0x1130  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:29:43.0084 0x1130  mrxsmb10 - ok
21:29:43.0099 0x1130  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:29:43.0162 0x1130  mrxsmb20 - ok
21:29:43.0177 0x1130  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:29:43.0208 0x1130  msahci - ok
21:29:43.0240 0x1130  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:29:43.0271 0x1130  msdsm - ok
21:29:43.0302 0x1130  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
21:29:43.0411 0x1130  MSDTC - ok
21:29:43.0442 0x1130  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:29:43.0577 0x1130  Msfs - ok
21:29:43.0608 0x1130  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:29:43.0764 0x1130  mshidkmdf - ok
21:29:43.0796 0x1130  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:29:43.0827 0x1130  msisadrv - ok
21:29:43.0874 0x1130  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:29:44.0030 0x1130  MSiSCSI - ok
21:29:44.0030 0x1130  msiserver - ok
21:29:44.0061 0x1130  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:29:44.0170 0x1130  MSKSSRV - ok
21:29:44.0248 0x1130  [ F46BA4E7F4A34295B20917CD77F6CEC9, 1A91AC1AC1FBFC6922D0430D752240A91C9001373B1F84F960FDE0AC062A411A ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:29:44.0279 0x1130  MsMpSvc - ok
21:29:44.0310 0x1130  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:29:44.0404 0x1130  MSPCLOCK - ok
21:29:44.0420 0x1130  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:29:44.0513 0x1130  MSPQM - ok
21:29:44.0560 0x1130  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:29:44.0622 0x1130  MsRPC - ok
21:29:44.0654 0x1130  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:29:44.0685 0x1130  mssmbios - ok
21:29:44.0685 0x1130  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:29:44.0794 0x1130  MSTEE - ok
21:29:44.0825 0x1130  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:29:44.0888 0x1130  MTConfig - ok
21:29:44.0919 0x1130  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
21:29:44.0950 0x1130  Mup - ok
21:29:45.0012 0x1130  [ 705E9675014EB688BEDD967B1ABECF19, 7FA4B0A5120DD415C5D3F3BE56C69455647029332DC2E9B4E9874AF3C34F89AD ] mvusbews        C:\Windows\system32\Drivers\mvusbews.sys
21:29:45.0106 0x1130  mvusbews - ok
21:29:45.0168 0x1130  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
21:29:45.0293 0x1130  napagent - ok
21:29:45.0356 0x1130  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:29:45.0472 0x1130  NativeWifiP - ok
21:29:45.0560 0x1130  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:29:45.0653 0x1130  NDIS - ok
21:29:45.0700 0x1130  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:29:45.0809 0x1130  NdisCap - ok
21:29:45.0841 0x1130  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:29:45.0950 0x1130  NdisTapi - ok
21:29:45.0965 0x1130  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:29:46.0137 0x1130  Ndisuio - ok
21:29:46.0153 0x1130  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:29:46.0262 0x1130  NdisWan - ok
21:29:46.0277 0x1130  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:29:46.0402 0x1130  NDProxy - ok
21:29:46.0418 0x1130  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:29:46.0543 0x1130  NetBIOS - ok
21:29:46.0574 0x1130  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:29:46.0745 0x1130  NetBT - ok
21:29:46.0777 0x1130  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon        C:\Windows\system32\lsass.exe
21:29:46.0808 0x1130  Netlogon - ok
21:29:46.0870 0x1130  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
21:29:46.0979 0x1130  Netman - ok
21:29:47.0182 0x1130  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:29:47.0245 0x1130  NetMsmqActivator - ok
21:29:47.0291 0x1130  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:29:47.0338 0x1130  NetPipeActivator - ok
21:29:47.0369 0x1130  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
21:29:47.0521 0x1130  netprofm - ok
21:29:47.0539 0x1130  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:29:47.0585 0x1130  NetTcpActivator - ok
21:29:47.0585 0x1130  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:29:47.0632 0x1130  NetTcpPortSharing - ok
21:29:47.0694 0x1130  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:29:47.0725 0x1130  nfrd960 - ok
21:29:47.0803 0x1130  [ E10B84385C3FEEF4BDE8E6A980535522, 56D9E47B76CDABE45E64C9E74DCBCC2F7C07A44519ED938BD730018C48445614 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:29:47.0834 0x1130  NisDrv - ok
21:29:47.0897 0x1130  [ 9BF50324444C46997C2492D505B47F2D, 42C74456C64F7D688E0911255746BD2A52A3590AED22B24F7E385760D720B8E9 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
21:29:47.0959 0x1130  NisSrv - ok
21:29:48.0022 0x1130  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:29:48.0131 0x1130  NlaSvc - ok
21:29:48.0209 0x1130  [ 1381E95D4E0F94F22DD484B5F8C1D61D, E91C10A62E3B5A610063F48354C6F4A1AAB7300A69EAD59E89ED8EEFDBD99062 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
21:29:48.0365 0x1130  nmwcd - ok
21:29:48.0412 0x1130  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:29:48.0521 0x1130  Npfs - ok
21:29:48.0552 0x1130  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
21:29:48.0677 0x1130  nsi - ok
21:29:48.0677 0x1130  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:29:48.0786 0x1130  nsiproxy - ok
21:29:48.0926 0x1130  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:29:49.0114 0x1130  Ntfs - ok
21:29:49.0160 0x1130  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
21:29:49.0270 0x1130  Null - ok
21:29:49.0332 0x1130  [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
21:29:49.0457 0x1130  NVENETFD - ok
21:29:49.0509 0x1130  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:29:49.0547 0x1130  nvraid - ok
21:29:49.0594 0x1130  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:29:49.0625 0x1130  nvstor - ok
21:29:49.0641 0x1130  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:29:49.0672 0x1130  nv_agp - ok
21:29:49.0781 0x1130  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:29:49.0844 0x1130  odserv - ok
21:29:49.0875 0x1130  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:29:49.0953 0x1130  ohci1394 - ok
21:29:50.0000 0x1130  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:29:50.0031 0x1130  ose - ok
21:29:50.0078 0x1130  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:29:50.0202 0x1130  p2pimsvc - ok
21:29:50.0265 0x1130  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
21:29:50.0358 0x1130  p2psvc - ok
21:29:50.0390 0x1130  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
21:29:50.0468 0x1130  Parport - ok
21:29:50.0514 0x1130  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:29:50.0546 0x1130  partmgr - ok
21:29:50.0592 0x1130  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:29:50.0717 0x1130  PcaSvc - ok
21:29:50.0764 0x1130  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
21:29:50.0811 0x1130  pci - ok
21:29:50.0842 0x1130  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:29:50.0858 0x1130  pciide - ok
21:29:50.0889 0x1130  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:29:50.0936 0x1130  pcmcia - ok
21:29:50.0951 0x1130  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:29:50.0982 0x1130  pcw - ok
21:29:51.0060 0x1130  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:29:51.0201 0x1130  PEAUTH - ok
21:29:51.0310 0x1130  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:29:51.0372 0x1130  PerfHost - ok
21:29:51.0513 0x1130  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
21:29:51.0786 0x1130  pla - ok
21:29:51.0864 0x1130  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:29:52.0004 0x1130  PlugPlay - ok
21:29:52.0035 0x1130  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:29:52.0129 0x1130  PNRPAutoReg - ok
21:29:52.0160 0x1130  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:29:52.0207 0x1130  PNRPsvc - ok
21:29:52.0269 0x1130  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:29:52.0425 0x1130  PolicyAgent - ok
21:29:52.0472 0x1130  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
21:29:52.0612 0x1130  Power - ok
21:29:52.0659 0x1130  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:29:52.0784 0x1130  PptpMiniport - ok
21:29:52.0815 0x1130  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
21:29:52.0893 0x1130  Processor - ok
21:29:52.0971 0x1130  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:29:53.0096 0x1130  ProfSvc - ok
21:29:53.0127 0x1130  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:29:53.0158 0x1130  ProtectedStorage - ok
21:29:53.0221 0x1130  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:29:53.0361 0x1130  Psched - ok
21:29:53.0517 0x1130  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:29:53.0646 0x1130  ql2300 - ok
21:29:53.0709 0x1130  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:29:53.0740 0x1130  ql40xx - ok
21:29:53.0787 0x1130  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
21:29:53.0880 0x1130  QWAVE - ok
21:29:53.0912 0x1130  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:29:54.0005 0x1130  QWAVEdrv - ok
21:29:54.0021 0x1130  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:29:54.0146 0x1130  RasAcd - ok
21:29:54.0192 0x1130  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:29:54.0333 0x1130  RasAgileVpn - ok
21:29:54.0364 0x1130  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
21:29:54.0504 0x1130  RasAuto - ok
21:29:54.0536 0x1130  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:29:54.0660 0x1130  Rasl2tp - ok
21:29:54.0692 0x1130  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
21:29:54.0785 0x1130  RasMan - ok
21:29:54.0801 0x1130  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:29:54.0941 0x1130  RasPppoe - ok
21:29:54.0957 0x1130  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:29:55.0097 0x1130  RasSstp - ok
21:29:55.0113 0x1130  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:29:55.0253 0x1130  rdbss - ok
21:29:55.0300 0x1130  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
21:29:55.0378 0x1130  rdpbus - ok
21:29:55.0394 0x1130  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:29:55.0550 0x1130  RDPCDD - ok
21:29:55.0588 0x1130  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:29:55.0700 0x1130  RDPENCDD - ok
21:29:55.0731 0x1130  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:29:55.0840 0x1130  RDPREFMP - ok
21:29:55.0903 0x1130  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:29:56.0012 0x1130  RDPWD - ok
21:29:56.0074 0x1130  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:29:56.0121 0x1130  rdyboost - ok
21:29:56.0199 0x1130  [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
21:29:56.0230 0x1130  RealNetworks Downloader Resolver Service - ok
21:29:56.0277 0x1130  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:29:56.0418 0x1130  RemoteAccess - ok
21:29:56.0464 0x1130  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:29:56.0605 0x1130  RemoteRegistry - ok
21:29:56.0667 0x1130  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:29:56.0745 0x1130  RFCOMM - ok
21:29:56.0808 0x1130  [ 6D850FAD4CC9498D1F382B77BA4035CC, 689B8D90BFA404F2ABEF3F7CD098382DAA81A4CF6BF3784C9CC24DAF33F10660 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
21:29:56.0901 0x1130  RimUsb - ok
21:29:56.0995 0x1130  [ 344604E6913BD6E4EAEC34AF2E0943D7, 4ADFE13AFECD0F263A27F647FC6BA1AB47B2A28F9D70FCAC90F23D0A2FB8C493 ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
21:29:57.0073 0x1130  RimVSerPort - ok
21:29:57.0135 0x1130  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:29:57.0260 0x1130  RpcEptMapper - ok
21:29:57.0291 0x1130  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
21:29:57.0354 0x1130  RpcLocator - ok
21:29:57.0400 0x1130  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
21:29:57.0525 0x1130  RpcSs - ok
21:29:57.0590 0x1130  [ 546D7F426776090B90EF5F195B6AE662, E67598E1CA5F98184DD7380E7AFD65C18C99EDC3326909EBFF2A61F95C3A027D ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
21:29:57.0629 0x1130  RSPCIESTOR - ok
21:29:57.0660 0x1130  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:29:57.0800 0x1130  rspndr - ok
21:29:57.0878 0x1130  [ 3372196F61AF48503656EF6AA3E92D1B, 47816E28E9DE9F9698A47D7C7782D2F9E62D51A7BC92F91F2B23F818C61F2020 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:29:57.0925 0x1130  RTL8167 - ok
21:29:58.0019 0x1130  [ EA268BCE30691C2DD24F02E617FD2EB5, DD95E7C1C60C773953CE9DB77D8441508CE4A21820AAEDE455A3A6C373278DA4 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
21:29:58.0050 0x1130  s0016bus - ok
21:29:58.0128 0x1130  [ F5F9DEB89996D333EF976624D37E24E3, 88DE296EFA6CA2F32318F1807D633C8949D237FB33BA320551B71089CF5EB73B ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
21:29:58.0144 0x1130  s0016mdfl - ok
21:29:58.0206 0x1130  [ C17CE2AEE67480FEBCC36ECCB54C0BE8, E13F83608B29988CCDB5A462AA3E56D26222427066651EEDF48223664D3FAFEA ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
21:29:58.0253 0x1130  s0016mdm - ok
21:29:58.0315 0x1130  [ CC267F04C54C5EC5B7BD658D7628469F, 66F2283C8CE15BEED0B933EA82158C91FC77B1BF9FEF057D0E291922D07A8E53 ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
21:29:58.0346 0x1130  s0016mgmt - ok
21:29:58.0393 0x1130  [ 30A35BBCE09D9FE67482FD62C61911FC, 8E8B0910F2A4C7DCFF0F8A83AAA8F9B38D53CEB7B7E7DC5B64350A09CBE6F557 ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
21:29:58.0424 0x1130  s0016nd5 - ok
21:29:58.0471 0x1130  [ CA394DCC38579C7AD82E83EE64D798A0, A56DB0C67EF6CF1A95BB8E7FBFFBC7926D3E3A0511DD4389D2002312E72703A9 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
21:29:58.0518 0x1130  s0016obex - ok
21:29:58.0565 0x1130  [ EB267CCEA84E6E8598D92F73332AC67B, 3C7F0FDD825D2C50B13E78FB742B09A5E636820C6F47778F1C5E6900B3C9B905 ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
21:29:58.0596 0x1130  s0016unic - ok
21:29:58.0658 0x1130  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs           C:\Windows\system32\lsass.exe
21:29:58.0690 0x1130  SamSs - ok
21:29:58.0721 0x1130  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:29:58.0768 0x1130  sbp2port - ok
21:29:58.0799 0x1130  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:29:58.0970 0x1130  SCardSvr - ok
21:29:59.0033 0x1130  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:29:59.0158 0x1130  scfilter - ok
21:29:59.0236 0x1130  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
21:29:59.0532 0x1130  Schedule - ok
21:29:59.0563 0x1130  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:29:59.0657 0x1130  SCPolicySvc - ok
21:29:59.0704 0x1130  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
21:29:59.0797 0x1130  sdbus - ok
21:29:59.0828 0x1130  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:29:59.0906 0x1130  SDRSVC - ok
21:29:59.0938 0x1130  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:30:00.0062 0x1130  secdrv - ok
21:30:00.0078 0x1130  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
21:30:00.0203 0x1130  seclogon - ok
21:30:00.0218 0x1130  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
21:30:00.0343 0x1130  SENS - ok
21:30:00.0390 0x1130  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:30:00.0484 0x1130  SensrSvc - ok
21:30:00.0530 0x1130  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:30:00.0608 0x1130  Serenum - ok
21:30:00.0624 0x1130  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
21:30:00.0702 0x1130  Serial - ok
21:30:00.0733 0x1130  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:30:00.0858 0x1130  sermouse - ok
21:30:01.0045 0x1130  [ 78F7BB9F4924BE164294C59B8C3FC096, 75051A6A8B0DBB16CD70855A408134270EEAF0C127BAAE5B592DB53BB87C085B ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
21:30:01.0108 0x1130  ServiceLayer - ok
21:30:01.0170 0x1130  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
21:30:01.0342 0x1130  SessionEnv - ok
21:30:01.0388 0x1130  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:30:01.0451 0x1130  sffdisk - ok
21:30:01.0466 0x1130  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:30:01.0529 0x1130  sffp_mmc - ok
21:30:01.0560 0x1130  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:30:01.0632 0x1130  sffp_sd - ok
21:30:01.0657 0x1130  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:30:01.0735 0x1130  sfloppy - ok
21:30:01.0813 0x1130  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:30:01.0985 0x1130  SharedAccess - ok
21:30:02.0047 0x1130  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:30:02.0219 0x1130  ShellHWDetection - ok
21:30:02.0266 0x1130  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:30:02.0297 0x1130  SiSRaid2 - ok
21:30:02.0328 0x1130  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:30:02.0359 0x1130  SiSRaid4 - ok
21:30:02.0406 0x1130  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:30:02.0562 0x1130  Smb - ok
21:30:02.0609 0x1130  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:30:02.0687 0x1130  SNMPTRAP - ok
21:30:02.0905 0x1130  [ 3A4F2C0BB87A0895ABEBA341AA1E341B, 4DADEEF3C5D181502D6F4A00FBBF3B001FA626E49569FB330D7AE2955CC7DE08 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
21:30:03.0030 0x1130  Sony PC Companion - ok
21:30:03.0061 0x1130  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:30:03.0108 0x1130  spldr - ok
21:30:03.0186 0x1130  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
21:30:03.0373 0x1130  Spooler - ok
21:30:03.0654 0x1130  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
21:30:04.0054 0x1130  sppsvc - ok
21:30:04.0101 0x1130  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:30:04.0226 0x1130  sppuinotify - ok
21:30:04.0288 0x1130  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:30:04.0429 0x1130  srv - ok
21:30:04.0460 0x1130  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:30:04.0569 0x1130  srv2 - ok
21:30:04.0647 0x1130  [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:30:04.0756 0x1130  SrvHsfHDA - ok
21:30:04.0865 0x1130  [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:30:05.0084 0x1130  SrvHsfV92 - ok
21:30:05.0177 0x1130  [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:30:05.0302 0x1130  SrvHsfWinac - ok
21:30:05.0333 0x1130  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:30:05.0427 0x1130  srvnet - ok
21:30:05.0474 0x1130  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:30:05.0583 0x1130  SSDPSRV - ok
21:30:05.0599 0x1130  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:30:05.0692 0x1130  SstpSvc - ok
21:30:05.0723 0x1130  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:30:05.0759 0x1130  stexstor - ok
21:30:05.0818 0x1130  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\drivers\serscan.sys
21:30:05.0912 0x1130  StillCam - ok
21:30:05.0990 0x1130  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
21:30:06.0130 0x1130  stisvc - ok
21:30:06.0162 0x1130  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:30:06.0193 0x1130  swenum - ok
21:30:06.0240 0x1130  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
21:30:06.0396 0x1130  swprv - ok
21:30:06.0552 0x1130  [ C447977ED2A4AE9346FE3A0579A34D7C, 35A8F13AAB57549BBC1457AD86F44FEF2394E55841A1D6D6C5E029310E02F377 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:30:06.0708 0x1130  SynTP - ok
21:30:06.0895 0x1130  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
21:30:07.0082 0x1130  SysMain - ok
21:30:07.0113 0x1130  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:30:07.0207 0x1130  TabletInputService - ok
21:30:07.0238 0x1130  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:30:07.0347 0x1130  TapiSrv - ok
21:30:07.0363 0x1130  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
21:30:07.0488 0x1130  TBS - ok
21:30:07.0644 0x1130  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:30:07.0871 0x1130  Tcpip - ok
21:30:08.0000 0x1130  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:30:08.0125 0x1130  TCPIP6 - ok
21:30:08.0203 0x1130  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:30:08.0265 0x1130  tcpipreg - ok
21:30:08.0312 0x1130  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:30:08.0390 0x1130  TDPIPE - ok
21:30:08.0421 0x1130  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:30:08.0468 0x1130  TDTCP - ok
21:30:08.0530 0x1130  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:30:08.0640 0x1130  tdx - ok
21:30:09.0420 0x1130  [ DF4A7E1E2BA788E28747F1EF49692ED6, 3417C0C713AB086E31CA20D6DCE923FF224093CFF2BAA6F29DCCBD2BEE5EEED6 ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
21:30:10.0098 0x1130  TeamViewer9 - ok
21:30:10.0160 0x1130  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:30:10.0191 0x1130  TermDD - ok
21:30:10.0269 0x1130  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
21:30:10.0535 0x1130  TermService - ok
21:30:10.0581 0x1130  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
21:30:10.0675 0x1130  Themes - ok
21:30:10.0706 0x1130  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
21:30:10.0784 0x1130  THREADORDER - ok
21:30:10.0847 0x1130  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
21:30:10.0987 0x1130  TrkWks - ok
21:30:11.0065 0x1130  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:30:11.0330 0x1130  TrustedInstaller - ok
21:30:11.0377 0x1130  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:30:11.0549 0x1130  tssecsrv - ok
21:30:11.0611 0x1130  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:30:11.0736 0x1130  TsUsbFlt - ok
21:30:11.0783 0x1130  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:30:11.0829 0x1130  TsUsbGD - ok
21:30:11.0876 0x1130  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:30:12.0032 0x1130  tunnel - ok
21:30:12.0087 0x1130  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:30:12.0149 0x1130  uagp35 - ok
21:30:12.0227 0x1130  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:30:12.0367 0x1130  udfs - ok
21:30:12.0414 0x1130  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:30:12.0555 0x1130  UI0Detect - ok
21:30:12.0648 0x1130  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:30:12.0695 0x1130  uliagpkx - ok
21:30:12.0882 0x1130  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:30:13.0179 0x1130  umbus - ok
21:30:13.0272 0x1130  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:30:13.0350 0x1130  UmPass - ok
21:30:13.0475 0x1130  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
21:30:13.0756 0x1130  upnphost - ok
21:30:13.0865 0x1130  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:30:14.0175 0x1130  usbccgp - ok
21:30:14.0222 0x1130  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:30:14.0347 0x1130  usbcir - ok
21:30:14.0378 0x1130  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:30:14.0487 0x1130  usbehci - ok
21:30:14.0534 0x1130  [ 76E2FFAD301490BA27B947C6507752FB, A4C6FC5C3BF428C624D0792873CB01C8F16F49B0E8B36422025A1094F0AAE231 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
21:30:14.0612 0x1130  usbfilter - ok
21:30:14.0674 0x1130  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:30:15.0376 0x1130  usbhub - ok
21:30:15.0486 0x1130  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
21:30:15.0673 0x1130  usbohci - ok
21:30:15.0813 0x1130  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:30:15.0876 0x1130  usbprint - ok
21:30:15.0922 0x1130  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
21:30:16.0148 0x1130  usbscan - ok
21:30:16.0289 0x1130  [ B57B4F0BEC4270A281B9F8537EB2FA04, 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382 ] usbser          C:\Windows\system32\DRIVERS\usbser.sys
21:30:16.0601 0x1130  usbser - ok
21:30:16.0694 0x1130  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:30:16.0881 0x1130  USBSTOR - ok
21:30:16.0944 0x1130  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:30:17.0069 0x1130  usbuhci - ok
21:30:17.0178 0x1130  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:30:17.0583 0x1130  usbvideo - ok
21:30:17.0693 0x1130  [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
21:30:17.0849 0x1130  usb_rndisx - ok
21:30:17.0927 0x1130  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
21:30:18.0153 0x1130  UxSms - ok
21:30:18.0198 0x1130  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc        C:\Windows\system32\lsass.exe
21:30:18.0245 0x1130  VaultSvc - ok
21:30:18.0292 0x1130  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:30:18.0354 0x1130  vdrvroot - ok
21:30:18.0450 0x1130  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
21:30:18.0698 0x1130  vds - ok
21:30:18.0775 0x1130  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:30:18.0869 0x1130  vga - ok
21:30:18.0900 0x1130  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:30:19.0025 0x1130  VgaSave - ok
21:30:19.0071 0x1130  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:30:19.0134 0x1130  vhdmp - ok
21:30:19.0165 0x1130  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:30:19.0212 0x1130  viaide - ok
21:30:19.0259 0x1130  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:30:19.0290 0x1130  volmgr - ok
21:30:19.0352 0x1130  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:30:19.0415 0x1130  volmgrx - ok
21:30:19.0477 0x1130  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:30:19.0539 0x1130  volsnap - ok
21:30:19.0617 0x1130  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:30:19.0664 0x1130  vsmraid - ok
21:30:19.0820 0x1130  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
21:30:20.0196 0x1130  VSS - ok
21:30:20.0259 0x1130  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:30:20.0321 0x1130  vwifibus - ok
21:30:20.0352 0x1130  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:30:20.0446 0x1130  vwififlt - ok
21:30:20.0493 0x1130  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:30:20.0540 0x1130  vwifimp - ok
21:30:20.0602 0x1130  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
21:30:20.0789 0x1130  W32Time - ok
21:30:20.0852 0x1130  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:30:20.0961 0x1130  WacomPen - ok
21:30:21.0039 0x1130  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:30:21.0210 0x1130  WANARP - ok
21:30:21.0257 0x1130  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:30:21.0351 0x1130  Wanarpv6 - ok
21:30:21.0491 0x1130  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
21:30:21.0928 0x1130  wbengine - ok
21:30:22.0006 0x1130  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:30:22.0131 0x1130  WbioSrvc - ok
21:30:22.0178 0x1130  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:30:22.0331 0x1130  wcncsvc - ok
21:30:22.0377 0x1130  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:30:22.0502 0x1130  WcsPlugInService - ok
21:30:22.0533 0x1130  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
21:30:22.0580 0x1130  Wd - ok
21:30:22.0643 0x1130  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
21:30:22.0736 0x1130  WDC_SAM - ok
21:30:22.0845 0x1130  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:30:22.0923 0x1130  Wdf01000 - ok
21:30:23.0001 0x1130  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:30:23.0173 0x1130  WdiServiceHost - ok
21:30:23.0204 0x1130  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:30:23.0251 0x1130  WdiSystemHost - ok
21:30:23.0329 0x1130  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
21:30:23.0469 0x1130  WebClient - ok
21:30:23.0516 0x1130  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:30:23.0657 0x1130  Wecsvc - ok
21:30:23.0688 0x1130  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:30:23.0781 0x1130  wercplsupport - ok
21:30:23.0844 0x1130  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:30:23.0969 0x1130  WerSvc - ok
21:30:24.0015 0x1130  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:30:24.0140 0x1130  WfpLwf - ok
21:30:24.0187 0x1130  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:30:24.0218 0x1130  WIMMount - ok
21:30:24.0275 0x1130  WinDefend - ok
21:30:24.0322 0x1130  WinHttpAutoProxySvc - ok
21:30:24.0415 0x1130  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:30:24.0556 0x1130  Winmgmt - ok
21:30:24.0727 0x1130  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
21:30:25.0102 0x1130  WinRM - ok
21:30:25.0227 0x1130  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:30:25.0289 0x1130  WinUsb - ok
21:30:25.0398 0x1130  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:30:25.0554 0x1130  Wlansvc - ok
21:30:25.0663 0x1130  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:30:25.0695 0x1130  wlcrasvc - ok
21:30:25.0929 0x1130  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:30:26.0163 0x1130  wlidsvc - ok
21:30:26.0241 0x1130  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:30:26.0302 0x1130  WmiAcpi - ok
21:30:26.0376 0x1130  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:30:26.0454 0x1130  wmiApSrv - ok
21:30:26.0501 0x1130  WMPNetworkSvc - ok
21:30:26.0563 0x1130  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:30:26.0641 0x1130  WPCSvc - ok
21:30:26.0688 0x1130  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:30:26.0797 0x1130  WPDBusEnum - ok
21:30:26.0860 0x1130  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:30:26.0984 0x1130  ws2ifsl - ok
21:30:27.0031 0x1130  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
21:30:27.0094 0x1130  wscsvc - ok
21:30:27.0140 0x1130  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
21:30:27.0250 0x1130  WSDPrintDevice - ok
21:30:27.0265 0x1130  WSearch - ok
21:30:27.0515 0x1130  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:30:27.0780 0x1130  wuauserv - ok
21:30:27.0842 0x1130  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:30:27.0952 0x1130  WudfPf - ok
21:30:28.0045 0x1130  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:30:28.0139 0x1130  WUDFRd - ok
21:30:28.0186 0x1130  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:30:28.0297 0x1130  wudfsvc - ok
21:30:28.0364 0x1130  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:30:28.0520 0x1130  WwanSvc - ok
21:30:28.0598 0x1130  ================ Scan global ===============================
21:30:28.0644 0x1130  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
21:30:28.0754 0x1130  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:30:28.0816 0x1130  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:30:28.0878 0x1130  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:30:28.0988 0x1130  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
21:30:29.0050 0x1130  [ Global ] - ok
21:30:29.0066 0x1130  ================ Scan MBR ==================================
21:30:29.0081 0x1130  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:30:29.0783 0x1130  \Device\Harddisk0\DR0 - ok
21:30:29.0799 0x1130  ================ Scan VBR ==================================
21:30:29.0830 0x1130  [ F085D220DAF3F088C322FE52E7EF5B59 ] \Device\Harddisk0\DR0\Partition1
21:30:29.0830 0x1130  \Device\Harddisk0\DR0\Partition1 - ok
21:30:29.0846 0x1130  [ F179E6F27EC3AA18B8528F7C2DF67E4B ] \Device\Harddisk0\DR0\Partition2
21:30:29.0861 0x1130  \Device\Harddisk0\DR0\Partition2 - ok
21:30:29.0924 0x1130  [ D8B8B5B52A5B65EE6962F8E30BBC75E7 ] \Device\Harddisk0\DR0\Partition3
21:30:29.0924 0x1130  \Device\Harddisk0\DR0\Partition3 - ok
21:30:30.0002 0x1130  [ 7B217A822A7CBB3A05E1D9A1B1896ABA ] \Device\Harddisk0\DR0\Partition4
21:30:30.0002 0x1130  \Device\Harddisk0\DR0\Partition4 - ok
21:30:30.0017 0x1130  ================ Scan generic autorun ======================
21:30:30.0017 0x1130  SynTPEnh - ok
21:30:30.0111 0x1130  [ 1562933015CD8A731986E5EBBF7CF6B1, 4E446AF7801B9A13EB41A1934CD5A59B7E886C81FF893E03C8E206284FB9E580 ] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
21:30:30.0142 0x1130  SetDefault - ok
21:30:30.0581 0x1130  [ B3BCDF8DB13D529261745FD8DDCE8A5B, 5C8B550053DD64641B0FBF465FB4FB557CB34FFA8F43F0901E762B4A93FF8A05 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
21:30:31.0096 0x1130  RTHDVCPL - ok
21:30:31.0252 0x1130  [ 87A4BA086E5B5DF0F36E3F6D7234D701, EE26338497E016A95CB5970777B7B7AC8FAEF4E491713D729EDEFBCDC9FBF4A4 ] c:\Program Files\Microsoft Security Client\msseces.exe
21:30:31.0408 0x1130  MSC - ok
21:30:31.0579 0x1130  [ F6158734F1E24C6C510155CF0D363911, 320900BA90AF14E254CFAFA70FB15A0E77506217E47A406FA1ED821D0206FE29 ] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
21:30:31.0626 0x1130  TkBellExe - ok
21:30:31.0766 0x1130  [ 8C6F1392E80D9185399C7B8694EDC2AA, 0DB223C4F858C809D2746354B3EF605D8955B758AE58CB7AC0891A7B63ED1639 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
21:30:31.0829 0x1130  StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
21:30:32.0837 0x1130  Detect skipped due to KSN trusted
21:30:32.0837 0x1130  StartCCC - ok
21:30:32.0915 0x1130  [ 22EC0852DBF032A93D8DA697065FA189, 83A613C3C615EBCDAD32DF5CFFAD11642198D209AA5E22233DDDB517697070DA ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
21:30:32.0931 0x1130  RemoteControl10 - ok
21:30:33.0056 0x1130  [ 6FFB5DF3DEDAD9D814E0FFE1089C1E9B, 0B516EEEF409892A9525946AD15B93718DE258A4B83FAABB3DD5D6F9D08B72CF ] C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe
21:30:33.0102 0x1130  NSU_agent - ok
21:30:33.0118 0x1130  NeroFilterCheck - ok
21:30:33.0212 0x1130  [ 4E736BBE492B17AAFAA45873BB092165, D24E676192597EED0F26B074FFC94A79508B2BD65CFC5EC3E4F754C827C60C07 ] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
21:30:33.0227 0x1130  HPUsageTrackingLEDM - ok
21:30:33.0305 0x1130  [ 53966C74A69B0CFE51C8BF01C94028F3, D802B7194BAF0A261FFAE59A9A0D38C9D568B91F5E31EDFD6ED83A145A44481D ] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
21:30:33.0336 0x1130  HPQuickWebProxy - ok
21:30:33.0399 0x1130  [ 2A14A4B45B12B534C3C4967ABA302B1F, E4CCB55B6B9FC26FE7B5DE703D741605F6DC75C25D4A2AB412231A987F8373A3 ] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
21:30:33.0461 0x1130  HPOSD - ok
21:30:33.0570 0x1130  [ B3F1E9E1C9425369C4F0A1DEFFFAADCA, 7B436F44FB775A78C79DF4E72B10CAE53257ECDACB93938170273B66FEC01F06 ] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
21:30:33.0633 0x1130  HP Quick Launch - ok
21:30:33.0773 0x1130  [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
21:30:33.0804 0x1130  GrooveMonitor - ok
21:30:34.0054 0x1130  [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
21:30:34.0132 0x1130  Adobe ARM - ok
21:30:34.0304 0x1130  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:30:34.0639 0x1130  Sidebar - ok
21:30:34.0701 0x1130  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:30:34.0810 0x1130  mctadmin - ok
21:30:34.0904 0x1130  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:30:35.0029 0x1130  Sidebar - ok
21:30:35.0060 0x1130  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:30:35.0091 0x1130  mctadmin - ok
21:30:35.0403 0x1130  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
21:30:35.0419 0x1130  Google Update - ok
21:30:35.0434 0x1130  Waiting for KSN requests completion. In queue: 308
21:30:36.0443 0x1130  Waiting for KSN requests completion. In queue: 308
21:30:37.0566 0x1130  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.7.205.0 ), 0x61000 ( enabled : updated )
21:30:37.0675 0x1130  Win FW state via NFP2: enabled
21:30:38.0463 0x1130  ============================================================
21:30:38.0463 0x1130  Scan finished
21:30:38.0463 0x1130  ============================================================
21:30:38.0494 0x039c  Detected object count: 0
21:30:38.0494 0x039c  Actual detected object count: 0
 
CPU usage is back to 70%...don't know why.. :no:
 
Thanks.

  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

When I ran the Adware removal tool the first time it did point out Yahoo au service and I then did click on Cleaning. Nevertheless I ran the program again and it didn't show anything. Log is pasted below:


Ok. :)
 

CPU usage is back to 70%...don't know why.. :no:


Alright, no worries. Let's run Zoek, and then get a fresh FRST log. :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Download and Run Zoek

Please download zoek.exe to your Desktop:

On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator

Give it a few seconds to appear

Click the Options button and place a checkmark only on the following options:

AutoClean

Now...

Close any open programs.

Click the Run script button, and wait.

It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.

The log is also found on the systemdrive, normally C:\

If a reboot is needed, the log is opened after the reboot.

Please post the zoek-results.log in your reply.


Step 2: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool, check the Addition.txt box and press the Scan button.
  • FRST will scan your system and produce two logs. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Zoek-results.log

Fresh FRST Log

Fresh Addition.txt Log

  • 0

#7
IndianBubble

IndianBubble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
 
Zoek.exe v5.0.0.0 Updated 26-March-2015
Tool run by user on 27-03-2015 at 10:21:00.50.
Microsoft Windows 7 Home Basic  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\user\Desktop\zoek.exe [Scan all users]  [Checkboxes used]
 
==== System Restore Info ======================
 
27-03-2015 10:24:11 Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\Program Files\Google deleted successfully
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully
C:\PROGRA~3\{D3B41B92-9BC2-43EB-916A-4FA9E8191837} deleted successfully
C:\Users\user\AppData\Roaming\Common deleted successfully
C:\Users\user\AppData\Roaming\Google deleted successfully
C:\Users\user\AppData\Roaming\Opera Software deleted successfully
C:\Users\user\AppData\Roaming\PiccShare deleted successfully
C:\Users\user\AppData\Local\CrashDumps deleted successfully
C:\Users\user\AppData\Local\NokiaAccount deleted successfully
C:\Users\user\AppData\Local\Opera Software deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13136E26-5A33-4ABB-A0DC-C66AB95788D} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{139DA000-48E7-4D10-94C0-312B671ADEEE} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17EC013-34B0-4274-8F3-31606D8ACD1} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{184D32D0-3DD5-4375-A615-8DBB9541ECC6} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{185793F7-8284-4419-ACFE-71D1FE75E039} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A06728E-39F6-4B1A-A12B-29934272087} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DCD76A2-469C-4C12-B944-A13B99425FB} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E1972A1-67A4-44CF-AF31-D2DB8ED3DD2} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{201FBB20-A451-4DAB-9B97-F4A4E2A627} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{203EBE27-1754-4022-B718-9481F8912EC} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{233D8CEF-2E41-47D5-9F55-D483B3715876} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{241F13BA-9EC1-4F54-9C34-B7A18B7AE95E} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24B1398C-8F43-4976-8254-3FF24CEABA1} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26D31175-227B-49F8-B1E1-3BBCF6418E6A} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF716BC-F658-4F2B-B98B-8243A7C410DD} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CF10721-680A-481E-A5B8-11A76B42D9E0} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D51FC4C-AABF-4488-B01C-3E2D24EDFF8} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F4830FD-AFFB-4D25-B581-D9F1728A5D80} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F6832D5-AE77-4CD4-8A4B-979EB69334A2} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31D4AF13-601D-4EED-B42D-49E982894485} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{336C2A46-8F76-4811-8FDE-7F1A3DAE194} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3382A410-8F1E-4889-B32E-B674918D4C1} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34ED4F72-ADC3-4562-B98D-FDC15F38D9A7} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34FA58E0-B066-4A33-9FC2-A435A4C86313} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3BDBED9F-C2C6-4DFE-8E3F-B44D7ABA9090} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ECA585D-27BB-4DAE-A11C-4710253DF86} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42964D1-64CF-4D41-B5CE-D889DA543B7D} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{439D4317-B1C-42EE-BFC-18A22CCADE81} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43E236FC-E5B5-46A5-923-FC3C26328C60} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49209087-CB9B-49CB-9BC3-819D2FAC9F54} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B49DC53-1117-460E-97CF-4B429517B93} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4BD1E5F0-F713-4319-B9D8-77846DBECBFA} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54D77CE3-2711-4881-BCE8-E5C6FA7096F} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{564AD4B9-12BF-4677-B4CF-B241EB41C6BA} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58873A81-C959-437A-A2C1-46648558A0AC} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FC30ED9-1EB2-4F54-865F-91B7D55A3F2B} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{606E58E-D616-4A14-BCCD-35F7833842} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{609F78F0-8E60-45D9-8B3D-3A42181B9865} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6219F266-BF76-4B08-82AD-7084715A11} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63B0616D-9659-4C35-B3F6-6EF897561AC0} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63CE5403-B50E-402D-A79A-7D3A1CD47F26} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{648D95A2-ECAD-4E6A-B215-E7B47FEB95E7} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6742BC9F-E594-446B-B83D-278099FD20} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68D3D0F6-36C6-4497-9FD6-3E6B49F1606B} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A0A197B-A36C-4098-9D0-73A6FA2F048} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B41C492-B68F-4B84-BC3C-744C27D2F7C7} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B8AA96A-F460-4C58-97D8-94E44DC208B} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C469D27-42F9-414D-8BA3-8096733AF4A5} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6DB3B55E-F56-43C9-B1BB-93266D62B489} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6EBA65DF-E208-438D-9B73-28C88B2A17FD} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701964A6-F4C2-4309-BF43-5ECDDDEE119} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{719EB012-BC8E-40B6-95D8-E820FFFDF566} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71A6AEBD-5DDE-45D0-A0CC-637A80A941AD} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{741D71CE-B292-4CEE-9C8A-89126EB82AEA} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75FBD5DE-B3BF-4F43-858D-787DF12152B} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A0C4189-D716-4951-86AB-C6EE2C0AD58} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ACB77C8-BF4A-4349-9DAB-99E16BFDFE9E} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7CC878FB-B1C-4D6F-9A67-7512818BC69D} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FBF964-5186-4BEA-A7DA-988F12361526} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{811B4190-AEF4-4F48-AD66-1535186A8CAE} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{813F2B07-2B8F-4FAF-8A6B-7FAA684AD3A4} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82861A39-F3C-43B6-A5CF-59E1D03612BE} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85A5F045-829E-48FE-918D-DD34E35F4564} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EAD6803-608-4DC7-B42C-C5A9F029D1C1} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90CF20E2-967E-4072-BE3D-405384CFC34E} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95DCC11F-EDFC-4CBB-9BC6-3B28FBDC415E} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96BEB74E-8DE8-4861-99C9-8D107F3CCA34} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CC7FF50-C9E7-4164-BA5B-97AAF84FF8E} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DAB6F24-B83A-453F-B2C-C595CEFA3CC} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4BB9F28-1936-41DB-ABB5-B8A05ABE7F8F} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6C54199-95EE-474A-825F-91848E27AF78} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7979058-82E1-49A2-B26D-60B8D7D5F26} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9DF618D-7302-421B-BE71-A5B72914E5AE} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAF05E4A-B2E4-4DAD-ABD9-5E171C8C66DE} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2DDA9CD-8584-4425-80A4-9EFC5C10F9A4} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B6069D1-232F-4B6D-A04-962BA5BF8CEC} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA7FDD0-2E87-4325-80DA-6A907B76301C} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC5176F7-7394-428B-B695-FA6D807F32A5} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C13039E-41CF-41F3-B211-46D8C726EE9} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1440958-F010-4DC1-A1B0-45C6EC90C8A9} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2A7C49E-1C62-43BE-89A8-7DD0E612A0DB} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BFDB3B-393D-472A-974F-E03789479C2E} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C56A24BB-D04D-4E0E-9E5F-6590635D2877} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FA8F3E-6EC-4D62-A298-2A71667DBA5D} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CDA857F1-D3B5-4988-835C-C52A84C4A597} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CE5516F7-1BAA-428C-97F-B67761442A1} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0C6AA8A-9515-44E7-B357-10470E01684} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D40D07E1-3269-468A-A83E-252765516621} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D605FEC2-B8F1-4D12-B8F3-AD81EC28999} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D88FF78F-B010-464A-9AF0-B3DC6C8E79E} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA9F967-D963-4ACD-9CA5-D1B1AADFDB79} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DC45AA33-8010-4EA9-A65C-3E8643B55391} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DC8CC742-367C-4243-A2E8-E954B8DE993F} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DF97C12C-B77A-4810-A339-8A7B22D55EE} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E095C870-518E-44E8-AA40-B02EFB4AC166} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0AD4BF7-ABE4-4964-9954-FFC1242FBB} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA78D818-9227-4F62-B0D0-446659ADF1A1} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC60C6BC-4D55-4B2E-B4E9-4A3155B66EE} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2F0E6C7-4FDC-48FD-AAFB-7BF53E6838FD} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4136C47-D5C7-4B08-A543-DB19552DDD62} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F86AAFF8-4299-4CF1-9796-6F7C975396F} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA54F556-7FE7-426D-A819-D150D7BE6991} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FABC2144-5028-43A9-A36F-554D71D579} deleted successfully
HKEY_USERS\S-1-5-21-624052414-6178681-1744939152-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC75150B-3A86-495A-AD3E-7FDB4E13DC23} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found
C:\PROGRA~3\{D3B41B92-9BC2-43EB-916A-4FA9E8191837} not found
C:\Users\user\.android deleted
C:\PROGRA~2\Yahoo! deleted
C:\Users\user\AppData\Roaming\Rim.Desktop.Exception.log deleted
C:\Users\user\AppData\Roaming\Rim.Desktop.HttpServerSetup.log deleted
C:\Users\user\AppData\Roaming\Rim.DesktopHelper.Exception.log deleted
C:\PROGRA~3\Yahoo! deleted
C:\Users\user\AppData\Local\avgchrome deleted
C:\Users\user\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted
C:\Users\user\Downloads\SoftonicDownloader_for_google-talk.exe deleted
C:\Users\user\Downloads\SoftonicDownloader_for_google-voice-and-video-chat.exe deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
"C:\Users\user\AppData\Roaming\Shuame\.clientid" deleted
"C:\Users\user\AppData\Roaming\Shuame" deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nndezcpy.default-1424690594504
user_pref("extensions.APN_TB.first-previous-keyword-url", "");
user_pref("extensions.ORJ-ST-SPE.my-keyword-url", "\"\"");
user_pref("extensions.ORJ-ST-SPE.previous-keyword-url", "\"\"");
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [06-01-2014 17:34]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\w8f2j8i3.default
- Undetermined - %ProfilePath%\extensions\{121761af-0fa5-4896-a2a8-cfdbac4e4982}
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nndezcpy.default-1424690594504
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash
98137411B9C632095F919E2CE70B288A - C:\Users\user\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
2D684F0DDF782C73847BED9503250991 - C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
6C3E34E303DBDCB9F7EC1F7A7F6B1629 - C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
3CD19649B2C3023D65E67C056457A2BC - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
2BF85B6162528E0635DD8D632EB975C8 - C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll - Facebook Desktop
 
 
==== Chromium Look ======================
 
Google Chrome Version: 41.0.2272.101 (Latest Stable version: 41.0.2272.101)
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14-08-2013 15:24]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nnnabofndgpfcfjgbehcegjoibkodmcp - No path found[]
 
RealDownloader - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Chrome Hotword Shared Module - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
 
==== shortcuts on All Users Desktop ======================
 
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe 
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\Users\Public\Desktop\Shop for HP Supplies.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe 
C:\Users\Public\Desktop\Tux Paint.lnk - C:\Program Files (x86)\TuxPaint\tuxpaint.exe 
 
==== shortcuts in Users Start Menu ======================
 
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices\Micromax X50.lnk - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTWUIExt.exe  /deviceAddr=05f364566612
 
==== shortcuts in All Users Start Menu ======================
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tux Paint\Configure Tux Paint.lnk - C:\Program Files (x86)\TuxPaint\tuxpaint-config.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tux Paint\Licence.lnk - C:\Program Files (x86)\TuxPaint\docs\COPYING.txt 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tux Paint\Readme.lnk - C:\Program Files (x86)\TuxPaint\docs\html\README.html 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tux Paint\Tux Paint (Full Screen).lnk - C:\Program Files (x86)\TuxPaint\tuxpaint.exe --fullscreen native
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tux Paint\Tux Paint (Windowed).lnk - C:\Program Files (x86)\TuxPaint\tuxpaint.exe --windowed
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tux Paint\Uninstall Tux Paint.lnk - C:\Program Files (x86)\TuxPaint\unins000.exe 
 
==== shortcuts in Quick Launch ======================
 
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk - C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe 
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE  /recycle
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files (x86)\Ahead\Nero StartSmart\NeroStartSmart.exe 
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe 
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Tally.ERP 9.lnk - C:\Program Files (x86)\Tally.ERP9\tally.exe 
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo Messenger India.lnk -  
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe 
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -  
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Acrobat.com.lnk - C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe 
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\BitTorrent.lnk - C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe 
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\eBay.in.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe http://redirect.hp.c...in&bd=all&c=114
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe 
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Scan To.lnk - C:\Program Files (x86)\HP\HP LaserJet M1210 MFP Series\Scan To\hppscan0.exe 
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Wordpad.lnk - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe 
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Yahoo Messenger India.lnk -  
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe 
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\WordWeb.lnk - C:\Program Files (x86)\WordWeb\wweb32.exe -shownow
 
==== shortcuts After Repair ======================
 
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\eBay.in.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe 
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7130468A-F53F-4698-8C09-A339EA3B05E6} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\A8640317F35F8964C8903A93AEB3506E deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intermediate deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCheck deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snoozer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSync deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\nndezcpy.default-1424690594504\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=19 folders=28 966996 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\user\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\user\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
 
==== EOF on 27-03-2015 at 11:41:25.09 ======================
 
##########################################################################################################################
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by user (administrator) on USER-HP on 27-03-2015 12:02:00
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Home Basic Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(WinZip Computing, Inc.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-28] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2014-01-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [NSU_agent] => C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] ()
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-10-15] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [336440 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-624052414-6178681-1744939152-1001\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-16] (Google Inc.)
HKU\S-1-5-21-624052414-6178681-1744939152-1001\...\MountPoints2: {bd4a46ec-6b63-11e2-8336-9439e5cd0951} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Common_Handset_USB_Driver.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-624052414-6178681-1744939152-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-624052414-6178681-1744939152-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-23] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-23] (Oracle Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab
DPF: HKLM-x32 {399A1382-00A3-4651-9A20-E7DACAA2924F} http://122.160.94.109/7000TActiveX.cab
DPF: HKLM-x32 {F688A5E6-2952-48F5-BAA1-F22375DD1C3C} http://220.112.30.188/tscloud.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nndezcpy.default-1424690594504
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-24] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-23] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-01-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-01-06] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-23] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-624052414-6178681-1744939152-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-624052414-6178681-1744939152-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-624052414-6178681-1744939152-1001: @talk.google.com/O1DPlugin -> C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-624052414-6178681-1744939152-1001: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-23] (Google Inc.)
FF Plugin HKU\S-1-5-21-624052414-6178681-1744939152-1001: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-23] (Google Inc.)
FF Plugin HKU\S-1-5-21-624052414-6178681-1744939152-1001: facebook.com/fbDesktopPlugin -> C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2013-07-08]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealDownloader) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-24]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-24]
CHR HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnnabofndgpfcfjgbehcegjoibkodmcp] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed]
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [362296 2010-05-11] (HP)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133160 2011-06-16] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-07-07] (Sony Mobile Communications)
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16896 2012-11-07] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-27 11:27 - 2015-03-27 10:20 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-03-27 10:23 - 2015-03-27 11:41 - 00038306 _____ () C:\zoek-results.log
2015-03-27 10:20 - 2015-03-27 11:12 - 00000000 ____D () C:\zoek_backup
2015-03-27 10:20 - 2015-03-27 10:20 - 01305600 _____ () C:\Users\user\Desktop\zoek.exe
2015-03-26 21:25 - 2015-03-26 21:26 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\user\Desktop\tdsskiller.exe
2015-03-26 11:35 - 2015-03-26 21:18 - 00000000 ____D () C:\AdwCleaner
2015-03-26 11:34 - 2015-03-26 11:34 - 02168320 _____ () C:\Users\user\Desktop\AdwCleaner.exe
2015-03-26 11:18 - 2015-03-26 11:18 - 00008510 _____ () C:\Users\user\Desktop\JRT.txt
2015-03-26 11:03 - 2015-03-26 11:03 - 01388782 _____ (Thisisu) C:\Users\user\Desktop\JRT.exe
2015-03-26 10:51 - 2015-03-26 10:51 - 01388782 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe
2015-03-25 14:31 - 2015-03-25 14:31 - 00093818 _____ () C:\Users\user\Desktop\Extras.Txt
2015-03-25 14:27 - 2015-03-25 14:27 - 00121416 _____ () C:\Users\user\Desktop\OTL.Txt
2015-03-25 11:37 - 2015-03-25 11:37 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 11:10 - 2015-03-11 09:36 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 11:10 - 2015-03-11 09:36 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 11:10 - 2015-03-11 09:36 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 11:10 - 2015-03-11 09:36 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 11:10 - 2015-03-11 09:35 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 11:10 - 2015-03-11 09:35 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 11:10 - 2015-03-11 09:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 11:10 - 2015-03-11 09:32 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-25 11:10 - 2015-01-28 05:06 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-03-25 01:17 - 2015-01-09 05:14 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-25 01:17 - 2015-01-09 05:13 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-25 00:32 - 2015-03-25 00:35 - 00039658 _____ () C:\Users\user\Desktop\Addition.txt
2015-03-25 00:23 - 2015-03-27 12:02 - 00020500 _____ () C:\Users\user\Desktop\FRST.txt
2015-03-25 00:21 - 2015-03-27 12:02 - 00000000 ____D () C:\FRST
2015-03-25 00:20 - 2015-03-25 00:20 - 02095616 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2015-03-24 23:39 - 2015-02-22 00:47 - 17882624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-24 23:39 - 2015-02-22 00:37 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-24 23:39 - 2015-02-22 00:32 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-24 23:39 - 2015-02-22 00:30 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-24 23:39 - 2015-02-22 00:24 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-24 23:39 - 2015-02-22 00:24 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-24 23:39 - 2015-02-22 00:23 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-24 23:39 - 2015-02-22 00:22 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-24 23:39 - 2015-02-22 00:22 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-24 23:39 - 2015-02-22 00:22 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-24 23:39 - 2015-02-22 00:21 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-24 23:39 - 2015-02-22 00:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-24 23:39 - 2015-02-22 00:21 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-24 23:39 - 2015-02-22 00:21 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-24 23:39 - 2015-02-22 00:21 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-24 23:39 - 2015-02-22 00:21 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-24 23:39 - 2015-02-22 00:21 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-24 23:39 - 2015-02-22 00:21 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-24 23:39 - 2015-02-22 00:20 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-24 23:39 - 2015-02-22 00:20 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-24 23:39 - 2015-02-22 00:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-24 23:39 - 2015-02-22 00:20 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-24 23:39 - 2015-02-21 23:07 - 12375040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-24 23:39 - 2015-02-21 23:04 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-24 23:39 - 2015-02-21 22:59 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-24 23:39 - 2015-02-21 22:58 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-24 23:39 - 2015-02-21 22:52 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-24 23:39 - 2015-02-21 22:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-24 23:39 - 2015-02-21 22:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-24 23:39 - 2015-02-21 22:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-03-24 23:39 - 2015-02-21 22:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-24 23:39 - 2015-02-21 22:49 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-24 23:39 - 2015-02-21 22:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-24 23:39 - 2015-02-21 22:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-24 23:39 - 2015-02-21 22:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-24 23:39 - 2015-02-21 22:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-24 23:39 - 2015-02-21 22:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-24 23:39 - 2015-02-21 22:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-24 23:39 - 2015-02-21 22:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-24 23:39 - 2015-02-21 22:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-24 23:39 - 2015-02-21 22:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-03-24 23:39 - 2015-02-21 22:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-03-24 23:39 - 2015-02-21 22:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-03-24 23:39 - 2015-02-21 22:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-24 23:38 - 2015-02-03 09:04 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-24 23:38 - 2015-02-03 09:04 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-24 23:38 - 2015-02-03 09:04 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-24 23:38 - 2015-02-03 09:03 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-24 23:38 - 2015-02-03 09:01 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-24 23:38 - 2015-02-03 09:01 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-24 23:38 - 2015-02-03 09:01 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-24 23:38 - 2015-02-03 09:01 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-24 23:38 - 2015-02-03 09:01 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-24 23:38 - 2015-02-03 09:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-24 23:38 - 2015-02-03 09:01 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-24 23:38 - 2015-02-03 09:01 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-24 23:38 - 2015-02-03 09:01 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-24 23:38 - 2015-02-03 09:01 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-24 23:38 - 2015-02-03 09:01 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-24 23:38 - 2015-02-03 09:01 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-24 23:38 - 2015-02-03 09:00 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-24 23:38 - 2015-02-03 09:00 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-24 23:38 - 2015-02-03 09:00 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-24 23:38 - 2015-02-03 09:00 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-24 23:38 - 2015-02-03 09:00 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-24 23:38 - 2015-02-03 09:00 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-24 23:38 - 2015-02-03 09:00 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-24 23:38 - 2015-02-03 09:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-24 23:38 - 2015-02-03 09:00 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-24 23:38 - 2015-02-03 09:00 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-24 23:38 - 2015-02-03 09:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-24 23:38 - 2015-02-03 09:00 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-24 23:38 - 2015-02-03 09:00 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-24 23:38 - 2015-02-03 09:00 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-24 23:38 - 2015-02-03 08:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-24 23:38 - 2015-02-03 08:46 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-24 23:38 - 2015-02-03 08:46 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-24 23:38 - 2015-02-03 08:42 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-24 23:38 - 2015-02-03 08:42 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-24 23:38 - 2015-02-03 08:42 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-24 23:38 - 2015-02-03 08:42 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-24 23:38 - 2015-02-03 08:42 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-24 23:38 - 2015-02-03 08:42 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-24 23:38 - 2015-02-03 08:42 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-24 23:38 - 2015-02-03 08:42 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-24 23:38 - 2015-02-03 08:42 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-24 23:38 - 2015-02-03 08:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-24 23:38 - 2015-02-03 08:42 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-24 23:38 - 2015-02-03 08:42 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-24 23:38 - 2015-02-03 08:42 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-24 23:38 - 2015-02-03 08:42 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-24 23:38 - 2015-02-03 08:42 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-24 23:38 - 2015-02-03 08:42 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-24 23:38 - 2015-02-03 08:42 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-24 23:38 - 2015-02-03 08:42 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-24 23:38 - 2015-02-03 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-24 23:38 - 2014-11-01 03:54 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-24 23:38 - 2014-06-28 05:51 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-24 23:38 - 2014-06-28 05:51 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-24 23:37 - 2015-02-03 09:01 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-24 23:37 - 2015-02-03 09:01 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-24 23:37 - 2015-02-03 09:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-24 23:37 - 2015-02-03 09:01 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-24 23:37 - 2015-02-03 09:01 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-24 23:37 - 2015-02-03 09:01 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-24 23:37 - 2015-02-03 09:01 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-24 23:37 - 2015-02-03 09:01 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-24 23:37 - 2015-02-03 09:00 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-24 23:37 - 2015-02-03 09:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-24 23:37 - 2015-02-03 09:00 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-24 23:37 - 2015-02-03 09:00 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-24 23:37 - 2015-02-03 09:00 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-24 23:37 - 2015-02-03 09:00 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-24 23:37 - 2015-02-03 09:00 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-24 23:37 - 2015-02-03 09:00 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-24 23:37 - 2015-02-03 09:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-24 23:37 - 2015-02-03 09:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-24 23:37 - 2015-02-03 09:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-24 23:37 - 2015-02-03 09:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-24 23:37 - 2015-02-03 08:59 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-24 23:37 - 2015-02-03 08:58 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-24 23:37 - 2015-02-03 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-24 23:37 - 2015-02-03 08:42 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-24 23:37 - 2015-02-03 08:42 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-24 23:37 - 2015-02-03 08:42 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-24 23:37 - 2015-02-03 08:42 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-24 23:37 - 2015-02-03 08:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-24 23:37 - 2015-02-03 08:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-24 23:37 - 2015-02-03 08:42 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-24 23:37 - 2015-02-03 08:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-24 23:37 - 2015-02-03 08:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-24 23:37 - 2015-02-03 08:41 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-24 23:37 - 2015-02-03 08:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-24 23:37 - 2015-02-03 08:41 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-24 23:37 - 2015-02-03 08:39 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-24 23:37 - 2015-02-03 08:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-24 23:34 - 2015-03-06 11:26 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-24 23:34 - 2015-03-06 11:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-24 23:34 - 2015-03-06 11:12 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-24 23:34 - 2015-03-06 11:12 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-24 23:34 - 2015-03-06 11:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-24 23:34 - 2015-03-06 11:12 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-24 23:34 - 2015-03-06 11:12 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-24 23:34 - 2015-03-06 11:12 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-24 23:34 - 2015-03-06 11:12 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-24 23:34 - 2015-03-06 11:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-24 23:34 - 2015-03-06 11:12 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-24 23:34 - 2015-03-06 11:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-24 23:34 - 2015-03-06 11:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-24 23:34 - 2015-03-06 11:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-24 23:34 - 2015-03-06 11:11 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-24 23:34 - 2015-03-06 11:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-24 23:34 - 2015-03-06 11:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-24 23:34 - 2015-03-06 11:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-24 23:34 - 2015-03-06 10:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-24 23:34 - 2015-03-06 10:40 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-24 23:34 - 2015-03-06 10:40 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-24 23:34 - 2015-03-06 10:40 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-24 23:34 - 2015-03-06 10:40 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-24 23:34 - 2015-03-06 10:40 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-24 23:34 - 2015-03-06 10:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-24 23:34 - 2015-03-06 10:40 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-24 23:34 - 2015-03-06 10:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-24 23:34 - 2015-03-06 10:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-24 23:34 - 2015-03-06 10:37 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-24 23:34 - 2015-03-06 10:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-24 23:34 - 2015-03-06 10:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-24 23:34 - 2015-01-31 05:26 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-24 23:33 - 2015-02-20 10:11 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-24 23:33 - 2015-02-20 10:10 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-24 23:33 - 2015-02-20 10:10 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-24 23:33 - 2015-02-20 10:10 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-24 23:33 - 2015-02-20 09:43 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-24 23:33 - 2015-02-20 09:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-24 23:33 - 2015-02-20 09:43 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-24 23:33 - 2015-02-20 09:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-24 23:33 - 2015-02-20 08:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-24 23:33 - 2015-02-20 08:39 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-24 23:33 - 2015-02-13 10:56 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-24 23:33 - 2015-02-13 10:52 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-24 23:33 - 2015-02-03 09:01 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-24 23:33 - 2015-02-03 08:42 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-24 23:26 - 2015-02-03 09:01 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-24 23:26 - 2015-02-03 08:42 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-24 23:20 - 2015-01-17 08:18 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-24 23:20 - 2015-01-17 08:00 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-24 23:19 - 2015-02-26 08:55 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-24 23:18 - 2015-02-04 08:46 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-24 23:18 - 2015-02-04 08:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-24 16:48 - 2014-12-19 08:36 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-03-24 16:48 - 2014-12-19 07:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-03-24 16:48 - 2014-12-11 23:17 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-03-24 16:48 - 2014-11-26 09:23 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-03-24 16:48 - 2014-11-26 09:02 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-03-24 16:48 - 2014-10-04 07:40 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-03-24 16:48 - 2014-10-04 07:12 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-03-24 16:48 - 2014-10-04 07:12 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-03-24 16:48 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-03-24 16:48 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-03-24 16:48 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-03-24 16:48 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-03-24 16:48 - 2014-07-09 07:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-03-24 16:48 - 2014-07-09 07:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-03-24 16:48 - 2014-07-09 07:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-03-24 16:48 - 2014-07-09 07:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-03-24 16:48 - 2014-07-09 07:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-03-24 16:48 - 2014-07-09 07:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-03-24 16:47 - 2014-12-08 08:39 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-24 16:47 - 2014-12-08 08:16 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-03-24 16:47 - 2014-12-06 09:47 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-03-24 16:47 - 2014-12-06 09:20 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-03-24 16:47 - 2014-12-06 09:20 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-03-24 16:47 - 2014-11-11 07:16 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-03-24 16:47 - 2014-11-08 08:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-03-24 16:47 - 2014-11-08 08:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-03-24 16:47 - 2014-10-30 07:33 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-03-24 16:47 - 2014-10-30 07:15 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-03-24 16:47 - 2014-10-03 07:42 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-03-24 16:47 - 2014-10-03 07:42 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-03-24 16:47 - 2014-10-03 07:42 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-03-24 16:47 - 2014-10-03 07:42 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-03-24 16:47 - 2014-10-03 07:41 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-03-24 16:47 - 2014-10-03 07:15 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-03-24 16:47 - 2014-10-03 07:15 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-03-24 16:47 - 2014-10-03 07:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-03-24 16:47 - 2014-10-03 07:15 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-03-24 16:47 - 2014-10-03 07:14 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-03-24 13:33 - 2015-03-25 16:11 - 00000000 ____D () C:\Windows\pss
2015-03-24 13:01 - 2015-03-24 13:01 - 00602112 _____ (OldTimer Tools) C:\Users\user\Desktop\OTL.exe
2015-03-10 16:14 - 2015-03-25 19:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\TuxPaint
2015-03-10 16:14 - 2015-03-10 16:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\fltk.org
2015-03-10 16:14 - 2015-03-10 16:14 - 00000000 ____D () C:\ProgramData\fltk.org
2015-03-10 16:12 - 2015-03-10 16:12 - 00001003 _____ () C:\Users\Public\Desktop\Tux Paint.lnk
2015-03-10 16:12 - 2015-03-10 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tux Paint
2015-03-10 16:11 - 2015-03-10 16:12 - 00000000 ____D () C:\Program Files (x86)\TuxPaint
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-27 11:54 - 2011-10-16 21:15 - 01466540 _____ () C:\Windows\WindowsUpdate.log
2015-03-27 11:47 - 2009-07-14 10:15 - 00022944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-27 11:47 - 2009-07-14 10:15 - 00022944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-27 11:42 - 2015-02-23 14:55 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-624052414-6178681-1744939152-1001
2015-03-27 11:42 - 2015-02-23 14:55 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-624052414-6178681-1744939152-1001
2015-03-27 11:41 - 2014-08-05 13:25 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-27 11:41 - 2013-06-21 11:39 - 00000008 __RSH () C:\Users\user\ntuser.pol
2015-03-27 11:39 - 2015-02-23 14:22 - 00136912 _____ () C:\Windows\PFRO.log
2015-03-27 11:39 - 2014-11-01 16:52 - 00001736 _____ () C:\Windows\setupact.log
2015-03-27 11:39 - 2009-07-14 10:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-27 11:36 - 2014-08-05 13:25 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-27 11:16 - 2014-02-08 17:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-27 11:12 - 2009-07-14 08:50 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-27 11:12 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-03-27 11:10 - 2013-01-16 16:24 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-624052414-6178681-1744939152-1001UA.job
2015-03-27 10:24 - 2013-07-03 18:42 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-624052414-6178681-1744939152-1001UA.job
2015-03-26 20:09 - 2013-01-16 16:24 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-624052414-6178681-1744939152-1001Core.job
2015-03-26 16:28 - 2012-01-09 05:59 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7F047A40-32F3-4CB1-9C67-6CEB44A3F744}
2015-03-26 13:24 - 2013-07-03 18:42 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-624052414-6178681-1744939152-1001Core.job
2015-03-25 16:23 - 2013-03-09 11:05 - 00000000 ____D () C:\Users\user\AppData\Roaming\BitTorrent
2015-03-25 11:37 - 2015-02-23 20:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 11:37 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\AppCompat
2015-03-25 11:19 - 2015-02-23 19:42 - 00031586 _____ () C:\Windows\IE11_main.log
2015-03-25 01:36 - 2009-07-14 10:15 - 00418208 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-25 01:31 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-25 01:31 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-25 01:19 - 2012-01-09 06:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-25 00:32 - 2013-09-09 12:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-24 23:49 - 2013-02-27 12:33 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-24 21:05 - 2014-08-05 13:33 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-24 20:04 - 2012-01-18 17:03 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-03-24 18:49 - 2012-01-18 17:12 - 00770972 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-24 18:48 - 2009-07-14 10:43 - 00770972 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-03 18:47 - 2010-11-21 08:57 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2012-06-04 18:15 - 2012-06-04 18:15 - 0004096 ____H () C:\Users\user\AppData\Local\keyfile3.drm
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2012-11-24 12:39
 
==================== End Of Log ============================
 
##################################################################################################################################
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by user at 2015-03-27 12:03:56
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
BitTorrent (HKU\S-1-5-21-624052414-6178681-1744939152-1001\...\BitTorrent) (Version: 7.9.2.34947 - BitTorrent Inc.)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.86 - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.1300 - Broadcom Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1300 - Broadcom Corporation)
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3.3020 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{B96023C3-7734-48E5-96C4-A5FCC7741A89}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E65099C4-9110-4C31-BD03-5C17EFB5FE92}) (Version: 1.1.0 - HP)
HP LaserJet Professional M1210 MFP Series Toolbox (HKLM\...\{43C4BDBB-0FA3-4E79-8E9F-6ACF0F2FC0A4}) (Version: 1.0.12 - Hewlett-Packard)
HP LaserJet Toolbox (HKLM\...\{1FA6376A-3120-45DA-8686-96DEFC8A0513}) (Version: 2.0.0 - Hewlett-Packard)
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{D7670221-BF9B-4DFF-B26B-5BE55A87329F}) (Version: 1.2.2 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{BB1C717E-376C-4AA1-8940-81BFC38D9778}) (Version: 2.4.4 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{BFD1ABD7-9417-41CB-B1F6-04BE4CB9820D}) (Version: 4.1.7.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company)
hppLaserJetService (x32 Version: 001.003.000145 - Hewlett-Packard) Hidden
hppM1130M1210SeriesLaserJetService (x32 Version: 001.003.00073 - Hewlett-Packard) Hidden
hppusgM1130M1210Series (x32 Version: 1.0.0.2 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-624052414-6178681-1744939152-1001\...\MyFreeCodec) (Version:  - )
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero OEM (HKLM-x32\...\Nero - Burning Rom!UninstallKey) (Version:  - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Player (HKLM-x32\...\{02352252-6A33-4F5E-871C-25CD1B95985A}) (Version: 1.0.0 - TaoShi)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Readiris Pro 12 (HKLM-x32\...\{3AC26580-A695-4134-84AE-5121B3AAE545}) (Version: 12.00.5965 - I.R.I.S.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
Shipra's Dictionary 1.0 (HKLM-x32\...\Shipra's_Dictionary_1.0) (Version:  - )
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.11.201408051401 - Sony Mobile Communications AB)
Sony PC Companion 2.10.211 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Tally.ERP 9 (HKLM-x32\...\{B6AC086F-1939-49F3-A5EE-DDF5D3230549}) (Version:  - Tally Solutions Pvt. Ltd.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Tux Paint 0.9.22 (HKLM-x32\...\Tux Paint_is1) (Version:  - New Breed Software)
TypingMaster Pro (HKLM-x32\...\{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1) (Version: 7.00 - TypingMaster Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
VideoLAN VLC media player 0.8.6d (HKLM-x32\...\VLC media player) (Version: 0.8.6d - VideoLAN Team)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip (HKLM-x32\...\WinZip) (Version:  8.1  (4331) - WinZip Computing, Inc.)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-624052414-6178681-1744939152-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-624052414-6178681-1744939152-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
23-02-2015 16:24:36 Windows Update
23-02-2015 23:54:01 Windows Update
10-03-2015 16:17:48 Windows Backup
10-03-2015 16:40:55 Windows Update
24-03-2015 11:57:03 Windows Update
24-03-2015 12:04:01 Windows Backup
24-03-2015 16:08:35 Removed Nokia Connectivity Cable Driver
24-03-2015 16:50:26 Windows Update
24-03-2015 23:41:55 Windows Update
25-03-2015 11:11:07 Windows Update
26-03-2015 10:27:15 Restore Point Created by FRST
27-03-2015 10:23:41 zoek.exe restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 08:04 - 2015-03-26 10:31 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {06F24005-A383-479A-9CEA-EA48573E0850} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-624052414-6178681-1744939152-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1498AB4E-2F57-4F96-A3EB-15E24B9D751D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-15] (Hewlett-Packard)
Task: {3F1578F1-D1D5-4535-BD09-873F6502D430} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-22] (Hewlett-Packard Company)
Task: {40660D32-9EC4-449F-994B-4EE86918B9F1} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-28] ()
Task: {46663241-145F-4D49-A289-8BBD7B01E808} - System32\Tasks\{ABA3F519-A371-46F3-A092-96D8E5ACB2BA} => pcalua.exe -a "C:\Users\user\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl http://bi.bisrv.com/...d:/:sid:/:uid:?/affid uninstall /id uninstall /name "Bundled software uninstaller"
Task: {532098AE-832B-41A5-A742-4595A9990F11} - System32\Tasks\Google Updater and Installer => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-16] (Google Inc.)
Task: {5479285F-B55C-4133-99B5-9B45D43CFF73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-05] (Google Inc.)
Task: {56E0CC68-D1B3-481D-A013-CD74F34D0C3E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-624052414-6178681-1744939152-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {68965F63-2418-435B-BC0F-00CF50C61930} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-25] (Piriform Ltd)
Task: {6A85A6EC-2B83-4B58-9187-5AAFDCB56C3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-05] (Google Inc.)
Task: {7AD3B06C-512D-4B71-996F-E7DD0B4E5D4F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-16] (CyberLink)
Task: {9A3800B9-6918-4C75-B2FF-E59FF277570D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-624052414-6178681-1744939152-1001Core => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-13] (Facebook Inc.)
Task: {9C88DCED-E62D-4515-B3C7-0C2B5166660A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-22] (Hewlett-Packard Company)
Task: {B7EF04B1-3407-48B6-8614-39E77478A462} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-23] (Hewlett-Packard Company)
Task: {C8844D34-14EA-447B-8DDE-DA56E46F0E2E} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {CECD15B4-7E2A-4B1B-85E2-791DAB83538C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-24] (Adobe Systems Incorporated)
Task: {D5A73420-21CE-4293-9376-DD3281C683A4} - System32\Tasks\{C7EC38FF-9F5D-4438-B81D-DC197C94558E} => Iexplore.exe http://ui.skype.com/...?LastError=1618
Task: {D74A4D0D-4382-4313-8E38-54CCC3559E6C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-624052414-6178681-1744939152-1001Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-16] (Google Inc.)
Task: {E97743A1-F8DA-46B0-BEEB-B9BFD13F36C3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-624052414-6178681-1744939152-1001UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-16] (Google Inc.)
Task: {FA363B31-A4CD-4A2B-8A14-A80961DE3090} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-624052414-6178681-1744939152-1001UA => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-13] (Facebook Inc.)
Task: {FDD1A439-BB70-464B-B515-DCE752142B74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-22] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-624052414-6178681-1744939152-1001Core.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-624052414-6178681-1744939152-1001UA.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-624052414-6178681-1744939152-1001Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-624052414-6178681-1744939152-1001UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-03-15 13:22 - 2012-09-29 13:25 - 00409088 _____ () C:\Windows\System32\HPM1210LM.DLL
2012-01-18 16:46 - 2012-09-29 13:25 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2011-07-05 23:57 - 2011-07-05 23:57 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-06-17 07:27 - 2011-06-17 07:27 - 00081696 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\BtwLeLib.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-01-18 16:46 - 2010-04-29 05:19 - 00222720 _____ () C:\Windows\system32\m1210nwia.dll
2012-01-09 06:53 - 2009-06-02 01:15 - 00051200 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-07-05 23:57 - 2011-07-05 23:57 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-07-05 23:43 - 2011-07-05 23:43 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-18 02:12 - 2011-06-18 02:12 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-10-15 11:13 - 2009-10-15 11:13 - 00061440 _____ () C:\Program Files (x86)\HP\HPLaserJetService\HPTools.dll
2009-10-15 11:13 - 2009-10-15 11:13 - 00964096 _____ () C:\Program Files (x86)\HP\HPLaserJetService\LEDMXMLObjects.dll
2012-12-24 06:53 - 2012-12-24 06:53 - 00082944 _____ () C:\Windows\system32\mvusbews.DLL
2009-10-15 18:44 - 2009-10-15 18:44 - 00067128 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll
2009-10-15 18:44 - 2009-10-15 18:44 - 00075320 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll
2009-10-15 18:43 - 2009-10-15 18:43 - 00140856 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\DMBaseObjects.dll
2009-10-15 18:43 - 2009-10-15 18:43 - 00240128 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\LEDMMapperObjects.dll
2009-10-15 18:44 - 2009-10-15 18:44 - 00969784 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\LEDMXMLObjects.dll
2015-03-24 21:04 - 2015-03-14 15:42 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-24 21:04 - 2015-03-14 15:42 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-24 21:04 - 2015-03-14 15:42 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-624052414-6178681-1744939152-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup
MSCONFIG\startupreg: Facebook Update => "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: googletalk => C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: QuickPhrase => "C:\Program Files (x86)\TypingMaster\QuickPhrase\quickphrase.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: WordWeb => "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-624052414-6178681-1744939152-500 - Administrator - Disabled)
Guest (S-1-5-21-624052414-6178681-1744939152-501 - Limited - Disabled)
user (S-1-5-21-624052414-6178681-1744939152-1001 - Administrator - Enabled) => C:\Users\user
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/27/2015 11:40:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/27/2015 10:16:36 AM) (Source: Google Update) (EventID: 20) (User: user-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80
 
Error: (03/26/2015 09:21:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/26/2015 11:45:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (03/27/2015 11:37:29 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (03/27/2015 11:12:39 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/27/2015 11:12:39 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/27/2015 11:12:38 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/27/2015 11:12:37 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/27/2015 11:12:35 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/27/2015 10:44:11 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (03/27/2015 10:44:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%1053
 
Error: (03/27/2015 10:44:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
 
Error: (03/26/2015 09:18:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD E-450 APU with Radeon™ HD Graphics
Percentage of memory in use: 47%
Total physical RAM: 1642.91 MB
Available physical RAM: 857.8 MB
Total Pagefile: 3285.81 MB
Available Pagefile: 1692.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:447.63 GB) (Free:383.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:13.97 GB) (Free:1.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:0.02 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C6058BC1)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End Of Log ============================
 

  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

How is the machine running? I do see one item that needs to go in the fresh log, so we'll eliminate it and run a scan for orphans and remnants.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
Task: {46663241-145F-4D49-A289-8BBD7B01E808} - System32\Tasks\{ABA3F519-A371-46F3-A092-96D8E5ACB2BA} => pcalua.exe -a "C:\Users\user\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl http://bi.bisrv.com/...d:/:uid:?/affiduninstall /id uninstall /name "Bundled software uninstaller"
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 2: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 3: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 4: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • Fixlog.txt Log
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#9
IndianBubble

IndianBubble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Hi,

 

I have done all that you directed me to do.

 

Chrome and IE takes around a minute to open, which I guess is very slow. CPU usage sometimes go upto 100% and accordingly the system gets heated.

 

Logs are pasted below:

 

Fixlog Log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by user at 2015-03-28 10:49:09 Run:2
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
Task: {46663241-145F-4D49-A289-8BBD7B01E808} - System32\Tasks\{ABA3F519-A371-46F3-A092-96D8E5ACB2BA} => pcalua.exe -a "C:\Users\user\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl http://bi.bisrv.com/.../affiduninstall /id uninstall /name "Bundled software uninstaller"
End
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46663241-145F-4D49-A289-8BBD7B01E808}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46663241-145F-4D49-A289-8BBD7B01E808}" => Key deleted successfully.
C:\Windows\System32\Tasks\{ABA3F519-A371-46F3-A092-96D8E5ACB2BA} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ABA3F519-A371-46F3-A092-96D8E5ACB2BA}" => Key deleted successfully.

==== End of Fixlog 10:50:13 ====

 

ESET Log

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d910955245213043af4274e39fc17f07
# engine=23124
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-28 08:34:45
# local_time=2015-03-28 02:04:45 (+0530, India Standard Time)
# country="India"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 2836895 121727295 0 0
# scanned=30664
# found=51
# cleaned=0
# scan_time=2982
sh=EC1C76B2F9EF33FAC0905363659F511C31711DD3 ft=1 fh=fe28b63d090a81c2 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF10.dll.vir"
sh=9054EF91DE527B7FD4CC734844BAAFE0AF74F830 ft=1 fh=90cf2361b6d69dd7 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF11.dll.vir"
sh=7A05E8202987055FF7BA4811214B90BC3509B28D ft=1 fh=cb038f92bb53c1a8 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF12.dll.vir"
sh=1FBD6BF3AC7BD1AC22510ADAA3ACB4D8E5E86A87 ft=1 fh=0045e88886ea94ee vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF13.dll.vir"
sh=F4820B9DE5979CBF1B0BA14456A9353667D0CE72 ft=1 fh=f908cab50188a539 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF14.dll.vir"
sh=1401A80680EDB47E631D89EE6804BD393ECCA94E ft=1 fh=7fe27febc985f854 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF15.dll.vir"
sh=A961DE00025F61F985ED771196191BFA64A457D8 ft=1 fh=325e569f5238591f vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF16.dll.vir"
sh=9F1D136FB57962FB548C0F2F4B8CF97D57CD3DD6 ft=1 fh=6e27c7d22df600ab vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF17.dll.vir"
sh=99E507F0334665F409EFD2C0636B8D5643D475B1 ft=1 fh=9ccd1ba813c90afd vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF18.dll.vir"
sh=A8A2A79DFD82E4FB773A1249F59236333189C87F ft=1 fh=9daa5ee9a06a1856 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF19.dll.vir"
sh=9F003E1B80AD2CD602021EE10944B8B6535F8EFC ft=1 fh=1addc64b4fd62e56 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF2.dll.vir"
sh=8C8B28D9F88A2EC87B4791966E098773D7A5B085 ft=1 fh=daa84c0ccd995151 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF20.dll.vir"
sh=08EE9367CC421A09BB19E96A96FF098BF16463AB ft=1 fh=8d808af0c3ca97e1 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF21.dll.vir"
sh=3CCF0B8DC83FE571ADB11078D646F3C66725A29F ft=1 fh=9f324a6406ba8365 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF22.dll.vir"
sh=BA8002F57A2660D21F489624A5E8196BE0920CD1 ft=1 fh=2c4ea35756a452c4 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF23.dll.vir"
sh=FE5F39C1EF7C5D2FBC0BEF6EE10B78BC8A2D95C3 ft=1 fh=9cb852a94aecf01d vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF24.dll.vir"
sh=B0961E3CCE5AB98CD718255D2D7C57854319245C ft=1 fh=146ebf404eb48dd6 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF25.dll.vir"
sh=243B486477DEFFA2CA14F3072D94B9AFDB090980 ft=1 fh=275808a260bd2ca7 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF26.dll.vir"
sh=F834AF457E8724B374C5EB6F4F21D1367C97441B ft=1 fh=94bfe4f44e317de9 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF27.dll.vir"
sh=E72A695A0451B77B68228C66659E35AFA181DFC2 ft=1 fh=af9c426caec60944 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF28.dll.vir"
sh=4CC04CFAF622C36554C5E142F05805FD7591C9F4 ft=1 fh=d73f94f5a8a6cfcd vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF29.dll.vir"
sh=D844160145BD5E855E94747AD2EEFF351E6CC645 ft=1 fh=3b1b27d92ca586ae vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF30.dll.vir"
sh=1C273B80724A46BF45DE03F8A6015E782E6F7CFE ft=1 fh=373a53ed02c1785d vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF4.dll.vir"
sh=E61D28AFFC6460D9C5CF36034E524854C06B0FFF ft=1 fh=cfe6a256bbfb6c09 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF5.dll.vir"
sh=2C3B1CB105DFF1AC4A3FBABCF4498C14B4D3EC45 ft=1 fh=3e896a465fed50b2 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF6.dll.vir"
sh=C189473A1D3CFE5A443BC1755B57DDA5CBB4EE69 ft=1 fh=076d5187fc4e3a68 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF7.dll.vir"
sh=634DD5FC61A3805B5437AF38160C15016B55D51C ft=1 fh=5413b2e1e881dfcc vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF8.dll.vir"
sh=3020732B75175DF621A1E7A9379B01F42B6602CF ft=1 fh=1032e20024f0c2b0 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF9.dll.vir"
sh=8CDD9110848B48A8E0BC0F0D6AF76D78C5CB16F4 ft=1 fh=630b95ee7b1c8376 vn="Win32/AdWare.Snoozer.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Snz\Snz.exe.vir"
sh=7671FBBD26BCEECB772D1A26CC7B1911B7A20E3E ft=1 fh=4fd638d5eab7a926 vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=53F226B3D1D3828304E40C6C7A50667ADF23B42A ft=1 fh=e1ea10a5e9416a5c vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll"
sh=0CB68F399D491465198E3E86F1D2923A211614E7 ft=1 fh=021f675753f993f2 vn="Win64/Thinknice.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll"
sh=86EA851108D635D9ED47C01E86899845DFDA3EC7 ft=1 fh=90733a3b10b3e858 vn="a variant of Win32/Thinknice.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe"
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe"
sh=A8E3A9E6972C6F8B253EA0E1837AEEBF0A07B187 ft=1 fh=e2a5b168a3934371 vn="Win32/Thinknice.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe"
sh=30E2FB1C671B2808D2E80518D793575965AF2416 ft=1 fh=d06e6f3f3f60e357 vn="a variant of Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll"
sh=AC11914CC02E023E2EF06A80DEE1701419A5473A ft=1 fh=4cb2d0bd10147652 vn="Win64/Thinknice.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll"
sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="a variant of Win32/ELEX.AV potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe"
sh=D037F58CF4B36F3B437FAA0D9500720445B27D65 ft=1 fh=b07c7921935b766c vn="Win32/Thinknice.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll"
sh=4139F95644E13A650D4827C943BCC9F2F0F6AA93 ft=1 fh=3b96e1736604b8bc vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe"
sh=79C9BD304C93AB8FD0544108656A899993DB14EF ft=1 fh=e6f80544d6e8089f vn="a variant of Win32/Thinknice.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll"
sh=96B85214CD9E4FF85AC6144E7EF3DDF9E0F215E6 ft=1 fh=098a6735f96a550a vn="a variant of Win32/Thinknice.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll"
sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="a variant of Win32/ELEX.AV potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\IePluginServices\PluginService.exe"
sh=183FDCCE7038B2CFF8519C7DA68E9A5D847A8182 ft=1 fh=1d1ac0dfcd03dea1 vn="a variant of Win32/Adware.EoRezo.AJ application" ac=I fn="C:\FRST\Quarantine\C\Users\user\AppData\Local\tuto4pc_in_5\upt4pc_in_5.exe"
sh=E94A64C6C827C6C7418084F36D3FF5E4AA65F2BE ft=1 fh=5b9e7a24ca62f027 vn="multiple threats" ac=I fn="C:\FRST\Quarantine\C\Users\user\AppData\Local\tuto4pc_in_5\Download\majt4pc.exe"
sh=574BD560E44ECB91B5CCF19DDCD77F1C403443AC ft=1 fh=ed5739c1fea77043 vn="multiple threats" ac=I fn="C:\FRST\Quarantine\C\Users\user\AppData\Local\tuto4pc_in_5\Download\majt4pcen.exe"
sh=6A14549EF1B6F4167BBA3E8B13DABCD246EC14B4 ft=1 fh=27bb036798b5e858 vn="a variant of Win32/AdWare.EoRezo.AU application" ac=I fn="C:\FRST\Quarantine\C\Users\user\AppData\Local\tuto4pc_in_5\Download\setup_recover_in_tuto4pc_in_11.exe"
sh=963110983EC56565CD55787F1D98B0BE845F411E ft=1 fh=d7dc383eca8ed4f0 vn="a variant of Win32/AdWare.EoRezo.AU application" ac=I fn="C:\FRST\Quarantine\C\Users\user\AppData\Local\tuto4pc_in_5\Download\setup_recover_tuto4pc_in_14.exe"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\user\AppData\Roaming\newnext.me\nengine.dll"
sh=051151EA9CB0E28B2A508669EBA0E14A8C3E449C ft=1 fh=86f260e651361b20 vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Windows\System32\drivers\{0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64.sys.xBAD"
# product=EOS
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d910955245213043af4274e39fc17f07
# engine=23124
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-28 02:27:46
# local_time=2015-03-28 07:57:46 (+0530, India Standard Time)
# country="India"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 2858076 121748476 0 0
# scanned=164484
# found=61
# cleaned=0
# scan_time=21033
sh=EC1C76B2F9EF33FAC0905363659F511C31711DD3 ft=1 fh=fe28b63d090a81c2 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF10.dll.vir"
sh=9054EF91DE527B7FD4CC734844BAAFE0AF74F830 ft=1 fh=90cf2361b6d69dd7 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF11.dll.vir"
sh=7A05E8202987055FF7BA4811214B90BC3509B28D ft=1 fh=cb038f92bb53c1a8 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF12.dll.vir"
sh=1FBD6BF3AC7BD1AC22510ADAA3ACB4D8E5E86A87 ft=1 fh=0045e88886ea94ee vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF13.dll.vir"
sh=F4820B9DE5979CBF1B0BA14456A9353667D0CE72 ft=1 fh=f908cab50188a539 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF14.dll.vir"
sh=1401A80680EDB47E631D89EE6804BD393ECCA94E ft=1 fh=7fe27febc985f854 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF15.dll.vir"
sh=A961DE00025F61F985ED771196191BFA64A457D8 ft=1 fh=325e569f5238591f vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF16.dll.vir"
sh=9F1D136FB57962FB548C0F2F4B8CF97D57CD3DD6 ft=1 fh=6e27c7d22df600ab vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF17.dll.vir"
sh=99E507F0334665F409EFD2C0636B8D5643D475B1 ft=1 fh=9ccd1ba813c90afd vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF18.dll.vir"
sh=A8A2A79DFD82E4FB773A1249F59236333189C87F ft=1 fh=9daa5ee9a06a1856 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF19.dll.vir"
sh=9F003E1B80AD2CD602021EE10944B8B6535F8EFC ft=1 fh=1addc64b4fd62e56 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF2.dll.vir"
sh=8C8B28D9F88A2EC87B4791966E098773D7A5B085 ft=1 fh=daa84c0ccd995151 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF20.dll.vir"
sh=08EE9367CC421A09BB19E96A96FF098BF16463AB ft=1 fh=8d808af0c3ca97e1 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF21.dll.vir"
sh=3CCF0B8DC83FE571ADB11078D646F3C66725A29F ft=1 fh=9f324a6406ba8365 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF22.dll.vir"
sh=BA8002F57A2660D21F489624A5E8196BE0920CD1 ft=1 fh=2c4ea35756a452c4 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF23.dll.vir"
sh=FE5F39C1EF7C5D2FBC0BEF6EE10B78BC8A2D95C3 ft=1 fh=9cb852a94aecf01d vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF24.dll.vir"
sh=B0961E3CCE5AB98CD718255D2D7C57854319245C ft=1 fh=146ebf404eb48dd6 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF25.dll.vir"
sh=243B486477DEFFA2CA14F3072D94B9AFDB090980 ft=1 fh=275808a260bd2ca7 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF26.dll.vir"
sh=F834AF457E8724B374C5EB6F4F21D1367C97441B ft=1 fh=94bfe4f44e317de9 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF27.dll.vir"
sh=E72A695A0451B77B68228C66659E35AFA181DFC2 ft=1 fh=af9c426caec60944 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF28.dll.vir"
sh=4CC04CFAF622C36554C5E142F05805FD7591C9F4 ft=1 fh=d73f94f5a8a6cfcd vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF29.dll.vir"
sh=D844160145BD5E855E94747AD2EEFF351E6CC645 ft=1 fh=3b1b27d92ca586ae vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF30.dll.vir"
sh=1C273B80724A46BF45DE03F8A6015E782E6F7CFE ft=1 fh=373a53ed02c1785d vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF4.dll.vir"
sh=E61D28AFFC6460D9C5CF36034E524854C06B0FFF ft=1 fh=cfe6a256bbfb6c09 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF5.dll.vir"
sh=2C3B1CB105DFF1AC4A3FBABCF4498C14B4D3EC45 ft=1 fh=3e896a465fed50b2 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF6.dll.vir"
sh=C189473A1D3CFE5A443BC1755B57DDA5CBB4EE69 ft=1 fh=076d5187fc4e3a68 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF7.dll.vir"
sh=634DD5FC61A3805B5437AF38160C15016B55D51C ft=1 fh=5413b2e1e881dfcc vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF8.dll.vir"
sh=3020732B75175DF621A1E7A9379B01F42B6602CF ft=1 fh=1032e20024f0c2b0 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF9.dll.vir"
sh=8CDD9110848B48A8E0BC0F0D6AF76D78C5CB16F4 ft=1 fh=630b95ee7b1c8376 vn="Win32/AdWare.Snoozer.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Snz\Snz.exe.vir"
sh=7671FBBD26BCEECB772D1A26CC7B1911B7A20E3E ft=1 fh=4fd638d5eab7a926 vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=53F226B3D1D3828304E40C6C7A50667ADF23B42A ft=1 fh=e1ea10a5e9416a5c vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll"
sh=0CB68F399D491465198E3E86F1D2923A211614E7 ft=1 fh=021f675753f993f2 vn="Win64/Thinknice.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll"
sh=86EA851108D635D9ED47C01E86899845DFDA3EC7 ft=1 fh=90733a3b10b3e858 vn="a variant of Win32/Thinknice.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe"
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe"
sh=A8E3A9E6972C6F8B253EA0E1837AEEBF0A07B187 ft=1 fh=e2a5b168a3934371 vn="Win32/Thinknice.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe"
sh=30E2FB1C671B2808D2E80518D793575965AF2416 ft=1 fh=d06e6f3f3f60e357 vn="a variant of Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll"
sh=AC11914CC02E023E2EF06A80DEE1701419A5473A ft=1 fh=4cb2d0bd10147652 vn="Win64/Thinknice.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll"
sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="a variant of Win32/ELEX.AV potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe"
sh=D037F58CF4B36F3B437FAA0D9500720445B27D65 ft=1 fh=b07c7921935b766c vn="Win32/Thinknice.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll"
sh=4139F95644E13A650D4827C943BCC9F2F0F6AA93 ft=1 fh=3b96e1736604b8bc vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe"
sh=79C9BD304C93AB8FD0544108656A899993DB14EF ft=1 fh=e6f80544d6e8089f vn="a variant of Win32/Thinknice.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll"
sh=96B85214CD9E4FF85AC6144E7EF3DDF9E0F215E6 ft=1 fh=098a6735f96a550a vn="a variant of Win32/Thinknice.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll"
sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="a variant of Win32/ELEX.AV potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\IePluginServices\PluginService.exe"
sh=183FDCCE7038B2CFF8519C7DA68E9A5D847A8182 ft=1 fh=1d1ac0dfcd03dea1 vn="a variant of Win32/Adware.EoRezo.AJ application" ac=I fn="C:\FRST\Quarantine\C\Users\user\AppData\Local\tuto4pc_in_5\upt4pc_in_5.exe"
sh=E94A64C6C827C6C7418084F36D3FF5E4AA65F2BE ft=1 fh=5b9e7a24ca62f027 vn="multiple threats" ac=I fn="C:\FRST\Quarantine\C\Users\user\AppData\Local\tuto4pc_in_5\Download\majt4pc.exe"
sh=574BD560E44ECB91B5CCF19DDCD77F1C403443AC ft=1 fh=ed5739c1fea77043 vn="multiple threats" ac=I fn="C:\FRST\Quarantine\C\Users\user\AppData\Local\tuto4pc_in_5\Download\majt4pcen.exe"
sh=6A14549EF1B6F4167BBA3E8B13DABCD246EC14B4 ft=1 fh=27bb036798b5e858 vn="a variant of Win32/AdWare.EoRezo.AU application" ac=I fn="C:\FRST\Quarantine\C\Users\user\AppData\Local\tuto4pc_in_5\Download\setup_recover_in_tuto4pc_in_11.exe"
sh=963110983EC56565CD55787F1D98B0BE845F411E ft=1 fh=d7dc383eca8ed4f0 vn="a variant of Win32/AdWare.EoRezo.AU application" ac=I fn="C:\FRST\Quarantine\C\Users\user\AppData\Local\tuto4pc_in_5\Download\setup_recover_tuto4pc_in_14.exe"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\user\AppData\Roaming\newnext.me\nengine.dll"
sh=051151EA9CB0E28B2A508669EBA0E14A8C3E449C ft=1 fh=86f260e651361b20 vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Windows\System32\drivers\{0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64.sys.xBAD"
sh=2E5265F35F75A50C89E592E127BC80E1E45AA840 ft=1 fh=665395c0536173b7 vn="a variant of Win32/RemoteAdmin.Ammyy.C potentially unsafe application" ac=I fn="C:\Users\user\Downloads\AA-v3.2.exe"
sh=A33D60E7C118DF178EF0BE1DC2841233AFF0C741 ft=1 fh=4197c0f1cbcf4ac1 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\user\Downloads\Shockwave_Installer_Slim(1).exe"
sh=A33D60E7C118DF178EF0BE1DC2841233AFF0C741 ft=1 fh=4197c0f1cbcf4ac1 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\user\Downloads\Shockwave_Installer_Slim.exe"
sh=882DA2B2A9291F27A60AD839083A86732202009B ft=1 fh=36aa30a1b5549238 vn="a variant of Win32/Amonetize.BW potentially unwanted application" ac=I fn="C:\Users\user\Downloads\Summoners War Sky Arena Cheat__5160_i1377212372_il336484.exe.part"
sh=7984344E1981F6EB8C384E367B995BC576347307 ft=1 fh=29035d367d2b6923 vn="a variant of Win32/InstallCore.BY potentially unwanted application" ac=I fn="C:\Users\user\Downloads\WebBrowserSetup.exe"
sh=075F7B082D9FCF2A4050D08C8192F458595B0279 ft=1 fh=b9e3aa2f89a4a58c vn="Win32/SoftonicDownloader.E potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_user_Downloads_SoftonicDownloader_for_google-talk.exe.vir"
sh=7DFD590EF63754B1C784E5EDCE7080D3BEEB9266 ft=1 fh=26c08b451844aa3b vn="Win32/SoftonicDownloader.E potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_user_Downloads_SoftonicDownloader_for_google-voice-and-video-chat.exe.vir"
sh=709D0089C596548CAD371FC01123A5F6B8C253C1 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="E:\USER-HP\Backup Set 2014-07-26 114608\Backup Files 2014-07-26 114608\Backup files 2.zip"
sh=68759C2E15FD52BF4184D1F0375BA00B434E00B8 ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.E potentially unwanted application" ac=I fn="E:\USER-HP\Backup Set 2014-07-26 114608\Backup Files 2014-07-26 114608\Backup files 3.zip"
sh=4BB9D892616DE78CEFB7214432B1F0F253BF2842 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="E:\USER-HP\Backup Set 2014-07-26 114608\Backup Files 2014-07-26 114608\Backup files 4.zip"
 

MBAM Log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28-03-2015
Scan Time: 11:10:13
Logfile: MBAM.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.28.01
Rootkit Database: v2015.03.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 378433
Time Elapsed: 1 hr, 17 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [eaf76bdf72183afc85d7ee3c2ed7ea16],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [d90896b4e9a1a98d08546bbfd82d9b65],
PUP.Optional.weDownload.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\weDownload Manager Pro, Quarantined, [ac358fbb741675c1480a8964cc376a96],
PUP.Optional.Eseeky.A, HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nnnabofndgpfcfjgbehcegjoibkodmcp, Quarantined, [766bff4bff8b96a00dbe33c35da6dc24],
PUP.Optional.SnapDo.A, HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\SMARTBAR, Quarantined, [c41d400a3f4b0b2b1acafc0cd133bf41],

Registry Values: 1
PUP.Optional.SnapDo.A, HKU\S-1-5-21-624052414-6178681-1744939152-1001\SOFTWARE\SMARTBAR|publisher, SnapdoEMonYB, Quarantined, [c41d400a3f4b0b2b1acafc0cd133bf41]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.CrossRider.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb, Quarantined, [ba276ddd77137db9ff941a7048bb9c64],

Files: 13
PUP.Optional.Soft32.A, C:\Users\user\Downloads\advanced pdf to word converter free setup.exe, Quarantined, [f4ed2c1ecdbd91a50da993d12ad7e719],
PUP.Optional.Soft32.A, C:\Users\user\Downloads\ammyy admin setup.exe, Quarantined, [a23f2129e1a94beb04b2046046bbb050],
PUP.Optional.Solimba, C:\Users\user\Downloads\TypingMaster.exe, Quarantined, [538e3f0be6a49b9badcdbc7625dca759],
Fraudtool.YAC, C:\Users\user\Downloads\yet_another_cleaner (1).exe, Quarantined, [aa373119f09a0036cd502a0958ae6f91],
Fraudtool.YAC, C:\Users\user\Downloads\yet_another_cleaner.exe, Quarantined, [de032b1f880279bd4dd0e44ff70f2ad6],
PUP.Optional.Somoto, C:\Users\user\Downloads\PDFCreatorSetup-NbbLxVTac.exe, Quarantined, [5f8252f82466f34367c3be9c709543bd],
PUP.Optional.CrossRider.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb\000123.sst, Quarantined, [ba276ddd77137db9ff941a7048bb9c64],
PUP.Optional.CrossRider.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb\000129.log, Quarantined, [ba276ddd77137db9ff941a7048bb9c64],
PUP.Optional.CrossRider.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb\CURRENT, Quarantined, [ba276ddd77137db9ff941a7048bb9c64],
PUP.Optional.CrossRider.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb\LOCK, Quarantined, [ba276ddd77137db9ff941a7048bb9c64],
PUP.Optional.CrossRider.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb\LOG, Quarantined, [ba276ddd77137db9ff941a7048bb9c64],
PUP.Optional.CrossRider.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb\LOG.old, Quarantined, [ba276ddd77137db9ff941a7048bb9c64],
PUP.Optional.CrossRider.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb\MANIFEST-000127, Quarantined, [ba276ddd77137db9ff941a7048bb9c64],

Physical Sectors: 0
(No malicious items detected)

(end)

 

SecurityCheck Log

 

 Results of screen317's Security Check version 0.99.99 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
  (On Access scanning disabled!)
 Error obtaining update status for antivirus! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 31 
 Java version 32-bit out of Date!
  Adobe Flash Player 16.0.0.305 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox 33.0 Firefox out of Date! 
 Google Chrome (40.0.2214.115)
 Google Chrome (41.0.2272.101)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
 

I shall wait to hear from you.

 

Thanks.


  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Chrome and IE takes around a minute to open, which I guess is very slow. CPU usage sometimes go upto 100% and accordingly the system gets heated.


Hmm...ok, we may be looking at a hardware issue here. All of the items found were either quarantined already, or are potentially unwanted programs. Let's clean up my tools and update some programs and then I'd like you to go to the Hardware Forum and let them test your hardware.


Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Program Updates


Update Adobe flash Player
  • Your current version of Adobe Flash is out of date. Please update it by clicking the link below.
  • Also, make sure you Uncheck the box to install the McAfee Security Scan Plus software.
http://get.adobe.com/flashplayer/


Update Firefox

Your current version of FireFox is out of date. Please update it by clicking the Help tab and then select About FireFox. FireFox will then update itself.


Step 3: Tips, Information, and Optional Installation of Unchecky
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take your time and read each screen as you go. :)
To help protect yourself while on the web, I recommend you read How did I get infected in the first place?


Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.


unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:


Step 4: Link to Hardware Forum

Please click the link below to visit our Hardware Forum. Please start a new thread, explaining that your computer is overheating, and that your machine has been cleared of malware.

http://www.geekstogo...nd-peripherals/

Things I need to see in your next post:


Delfix Log

  • 0

#11
IndianBubble

IndianBubble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

HI, I have followed the instructions and have opened a new thread on the Hardware forum. The thread is:

 

http://www.geekstogo...chine-heats-up/

 

Delfix log is pasted below:

 

# DelFix v10.9 - Logfile created 29/03/2015 at 08:45:03
# Updated 27/02/2015 by Xplode
# Username : user - USER-HP
# Operating System : Windows 7 Home Basic Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.3.0.0.44_26.03.2015_21.26.48_log.txt
Deleted : C:\TDSSKiller.3.0.0.44_26.03.2015_21.27.27_log.txt
Deleted : C:\zoek-results.log
Deleted : C:\Users\user\Desktop\AdwCleaner.exe
Deleted : C:\Users\user\Desktop\FRST64.exe
Deleted : C:\Users\user\Desktop\JRT.exe
Deleted : C:\Users\user\Desktop\OTL.exe
Deleted : C:\Users\user\Desktop\SecurityCheck.exe
Deleted : C:\Users\user\Desktop\tdsskiller.exe
Deleted : C:\Users\user\Desktop\zoek.exe
Deleted : C:\Users\user\Downloads\JRT.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #307 [Windows Update | 03/25/2015 05:41:07]
Deleted : RP #309 [Restore Point Created by FRST | 03/26/2015 04:57:15]
Deleted : RP #310 [zoek.exe restore point | 03/27/2015 04:53:41]
Deleted : RP #312 [Restore Point Created by FRST | 03/28/2015 05:19:12]
Deleted : RP #313 [Windows Update | 03/28/2015 06:10:00]
Deleted : RP #314 [HPSF Restore Point | 03/28/2015 16:51:44]
 
New restore point created !
 
########## - EOF - ##########
 
Thanks.

  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

HI, I have followed the instructions and have opened a new thread on the Hardware forum. The thread is:


:thumbsup:
  • 0

#13
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP