Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

My parents' computer has malware on it [Solved]

Started by jtg22 , Dec 22 2015 11:46 PM

This topic is locked

#1
jtg22

Posted 22 December 2015 - 11:46 PM

Member

Member
111 posts

My parents' computer has (or at least had) some malware on it. I'm visiting them for the holidays and decided to run both the virus scanner (McAfee) and Malwarebytes to see if their computer was fine. The virus scanner didn't find anything, but Malwarebytes found a few items it specifically listed as malware. I've saved the log from that scan for future reference as needed. Also, checking some recent downloads on their computer, they'd downloaded something called Firefoxpatch.exe - I'm guessing that this isn't something they should have downloaded.

I'm not sure what, if any, issues the computer actually has (I don't use it frequently enough to notice any long term performance issues), but I'd like to get it checked out while I'm still in town.

Here's the FRST log. It did create an error message when I ran it. I'm not sure if this is a problem or not.

"Exception EAccessViolation in module ERUNT.exe at 00003A38. Access violation at address 00403A38 in module 'ERUNT.exe'. Read of address 0076005D."

...

EDIT: Adding a bit more information that might be necessary...

-I'm able to work with this up until Thursday. At that point, I'll be heading home. Depending on what's left to do at that time, I may be able to hand the tasks off to my brother in law.

-Aside from the Firefoxpatch.exe thing, I cannot say what my parents have done with this computer. I've tried cleaning stuff up with malwarebytes on previous visits (usually I'm not in town long enough to try making a post here), but I expect that this only goes so far. I assume they've run across malware via clickbait type articles on facebook and news websites. They're not very tech-savy people - I expect they'll likely run into this stuff again (unless there's something I can do to try and safeguard the computer from this).

-Since the initial post, I've seen the page for the firefoxpatch.exe thing pop up once as well as a similar thing for an adobe upgrade. Basically, a web page is redirected to a screen claiming that the computer has a security vulnerability with the suggested program. The page then says to install the file that is being offered (which is malware). It is a pretty convincing page. It likely has something to do with randomly generated adds for some web pages or something.

-If the best or simplest approach is something on the order of getting the computer wiped (or simply a new computer), don't hesitate to say so. This computer is slated for a Windows 10 upgrade at some point or another, so that might be a good time to consider it.

...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by Janis (administrator) on JANS (22-12-2015 22:46:56)
Running from C:\Users\Janis\Desktop
Loaded Profiles: Janis (Available Profiles: Janis)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\caudiofilteragent64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.8.190.0\McCSPServiceHost.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-28] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [723904 2015-11-10] (McAfee, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5687152 2013-04-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [371896 2012-05-23] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-02-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [421888 2014-12-07] (Apple Inc.)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Startup: C:\Users\Janis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-07-27] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E1B1A205-AC8F-48DC-B4E4-A54C4787FA7B}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1572351143-274932609-3859850883-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
URLSearchHook: HKU\S-1-5-21-1572351143-274932609-3859850883-1001 - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1572351143-274932609-3859850883-1001 -> DefaultScope {8DA70481-9BB5-444B-8167-8F0BF45420C1} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20151211&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1572351143-274932609-3859850883-1001 -> {8DA70481-9BB5-444B-8167-8F0BF45420C1} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20151211&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-04] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-04] (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-11-04] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-11-04] (Oracle Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-11-10] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-11-10] (McAfee, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Janis\AppData\Roaming\Mozilla\Firefox\Profiles\6cgocorf.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-11-04] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-11-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-05-23] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-11-04] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-11-10] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-02-24] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-02-24] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-03-20] (Coupons, Inc.)
FF SearchPlugin: C:\Users\Janis\AppData\Roaming\Mozilla\Firefox\Profiles\6cgocorf.default\searchplugins\McSiteAdvisor.xml [2015-12-22]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-02-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-12-22] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-26&ent=hp&u=AE44D1B629480618BC6ED75383D29F5D
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.yahoo.com/"
CHR DefaultSearchURL: Default -> hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-26&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
CHR DefaultSearchKeyword: Default -> securesearch
CHR Profile: C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-01]
CHR Extension: (Google Drive) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-27]
CHR Extension: (YouTube) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-01]
CHR Extension: (Google Search) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-01]
CHR Extension: (SiteAdvisor) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-09-05]
CHR Extension: (Google Docs Offline) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Xfinity) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2014-05-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-20]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-20]
CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0209111450844510mcinstcleanup; C:\WINDOWS\TEMP\020911~1.EXE [883024 2015-10-28] (McAfee, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-11] (Conexant Systems, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-11-10] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.190.0\McCSPServiceHost.exe [1694152 2015-10-27] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-04-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
S2 SlimService; "C:\Program Files\SlimService\SlimServiceFactory.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2013-11-04] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-22 22:46 - 2015-12-22 22:47 - 00029472 _____ C:\Users\Janis\Desktop\FRST.txt
2015-12-22 22:44 - 2015-12-22 22:46 - 00000000 ____D C:\FRST
2015-12-22 22:43 - 2015-12-22 22:43 - 02370560 _____ (Farbar) C:\Users\Janis\Desktop\FRST64.exe
2015-12-22 22:24 - 2015-12-22 22:24 - 00002045 _____ C:\Users\Janis\Desktop\mbm christmas scan.txt
2015-12-22 22:21 - 2015-12-22 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-12-20 15:03 - 2015-12-22 22:16 - 00003846 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2015-12-20 15:03 - 2015-12-22 21:36 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2015-12-08 16:17 - 2015-11-05 02:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-08 16:15 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-08 16:15 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-08 16:15 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-12-08 16:15 - 2015-11-11 09:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-12-08 16:15 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-08 16:15 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-12-08 16:15 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-08 16:15 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-12-08 16:15 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-08 16:15 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-08 16:15 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-08 16:15 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-08 16:15 - 2015-11-09 17:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-12-08 16:15 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-12-08 16:15 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-08 16:15 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-08 16:15 - 2015-11-09 17:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-08 16:15 - 2015-11-09 17:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-12-08 16:15 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-08 16:15 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-08 16:15 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-12-08 16:15 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-08 16:15 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-08 16:15 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-08 16:15 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-08 16:15 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-08 16:15 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-12-08 16:15 - 2015-11-08 15:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-12-08 16:15 - 2015-11-08 15:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-12-08 16:15 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-12-08 16:15 - 2015-11-08 15:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-08 16:15 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-08 16:15 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-08 16:15 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-08 16:15 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-08 16:15 - 2015-11-08 14:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-12-08 16:15 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-08 16:15 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-08 16:15 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-12-08 16:14 - 2015-11-22 00:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-08 16:14 - 2015-11-22 00:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-08 16:14 - 2015-11-22 00:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-12-08 16:14 - 2015-11-22 00:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-12-08 16:14 - 2015-11-22 00:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-12-08 16:14 - 2015-11-22 00:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-12-08 16:14 - 2015-11-22 00:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-08 16:14 - 2015-11-21 12:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-12-08 16:14 - 2015-11-21 11:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-12-08 16:14 - 2015-11-21 10:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-08 16:14 - 2015-11-21 10:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-08 16:14 - 2015-11-21 10:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-08 16:14 - 2015-11-21 10:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-08 16:14 - 2015-11-20 16:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-08 16:14 - 2015-11-20 12:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-08 16:14 - 2015-11-20 10:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-08 16:14 - 2015-11-20 10:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-12-08 16:14 - 2015-11-20 10:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-12-08 16:14 - 2015-11-20 10:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-12-08 16:14 - 2015-11-20 10:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-12-08 16:14 - 2015-11-20 10:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-12-08 16:14 - 2015-11-20 10:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-12-08 16:14 - 2015-11-20 10:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-12-08 16:14 - 2015-11-20 10:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-12-08 16:14 - 2015-11-20 10:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-12-08 16:14 - 2015-11-20 10:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-12-08 16:14 - 2015-11-08 18:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-08 16:14 - 2015-11-08 16:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-08 16:14 - 2015-11-08 15:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-12-08 16:14 - 2015-11-08 15:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-12-08 16:14 - 2015-11-08 15:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-08 16:14 - 2015-11-08 14:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-12-08 16:14 - 2015-11-08 14:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-08 16:14 - 2015-11-08 14:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-08 16:14 - 2015-10-28 09:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-08 16:14 - 2015-10-28 09:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-08 16:14 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-08 16:14 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-08 16:14 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-08 16:14 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-08 16:14 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-08 16:14 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-08 16:14 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-08 16:14 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-08 16:14 - 2015-10-22 10:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-08 16:14 - 2015-10-22 10:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-12-08 16:14 - 2015-10-22 09:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-08 16:14 - 2015-10-22 09:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-12-08 16:14 - 2015-10-22 08:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-08 16:14 - 2015-10-22 08:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-12-08 16:14 - 2015-10-11 00:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-08 16:14 - 2015-10-11 00:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-12-08 16:14 - 2015-10-11 00:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-12-08 16:14 - 2015-10-11 00:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-12-08 16:14 - 2015-10-11 00:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-12-08 16:14 - 2015-10-10 12:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-12-08 16:14 - 2015-10-10 12:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-12-08 16:14 - 2015-10-10 11:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-12-08 16:14 - 2015-10-08 10:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-12-08 16:14 - 2015-10-08 09:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-12-08 16:14 - 2015-10-05 12:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-12-08 16:14 - 2015-10-05 12:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-12-08 16:14 - 2015-10-03 13:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-12-08 16:14 - 2015-10-03 13:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-11-22 16:48 - 2015-11-22 16:48 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-11-22 16:47 - 2015-11-22 16:47 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-11-22 16:47 - 2013-07-09 12:58 - 00263896 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2015-11-22 16:47 - 2013-04-25 17:12 - 09889352 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RtsUStoricon.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-22 22:46 - 2013-08-22 07:36 - 00000000 ____D C:\Windows
2015-12-22 22:24 - 2014-06-17 08:31 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf8a38e0b30449.job
2015-12-22 22:24 - 2013-05-06 12:21 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1572351143-274932609-3859850883-1001
2015-12-22 22:23 - 2015-11-20 17:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-22 22:22 - 2013-03-28 22:23 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-12-22 22:21 - 2013-03-28 22:20 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-12-22 22:15 - 2015-06-17 15:04 - 00003278 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1572351143-274932609-3859850883-1001
2015-12-22 22:15 - 2014-10-22 13:10 - 00000000 ____D C:\Users\Janis\OneDrive
2015-12-22 22:15 - 2014-02-24 16:36 - 00003332 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1572351143-274932609-3859850883-1001
2015-12-22 22:14 - 2014-06-17 08:31 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf8a38ddd2408e.job
2015-12-22 22:14 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-22 22:14 - 2013-05-16 09:38 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2015-12-22 22:13 - 2013-08-22 09:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2015-12-22 22:13 - 2013-08-22 07:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-22 22:12 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-22 21:19 - 2013-11-21 08:44 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A19C01D2-DDA3-4D45-9C25-740E5A78DD84}
2015-12-20 15:04 - 2015-06-28 08:03 - 00003064 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2015-12-20 15:04 - 2015-06-28 08:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2015-12-20 15:02 - 2013-03-28 22:20 - 00000000 ____D C:\ProgramData\McAfee
2015-12-18 09:36 - 2012-07-26 01:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-18 09:35 - 2015-04-14 19:25 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-12-18 09:35 - 2015-04-14 19:25 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-12-18 09:28 - 2013-03-28 22:20 - 00000000 ____D C:\Program Files\Common Files\mcafee
2015-12-18 09:28 - 2012-07-26 02:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-12-18 05:23 - 2013-08-22 09:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-18 05:22 - 2013-08-07 14:35 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-17 10:39 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-17 10:39 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-17 10:06 - 2013-09-18 15:44 - 00000000 ____D C:\Users\Janis\Documents\Cypress Pointe East Hospital
2015-12-16 14:29 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-16 13:24 - 2014-05-15 16:42 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-14 22:04 - 2013-05-06 12:12 - 00000000 ____D C:\Users\Janis\AppData\Local\Packages
2015-12-14 10:15 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache
2015-12-11 14:41 - 2014-09-24 01:15 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-11 14:36 - 2013-08-22 08:44 - 00381968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-11 14:35 - 2014-06-17 18:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-11 14:35 - 2013-11-04 15:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-11 14:35 - 2013-11-04 15:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-08 16:59 - 2013-11-04 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-08 16:57 - 2013-08-12 10:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-08 16:53 - 2013-05-07 07:04 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 16:31 - 2015-07-21 11:44 - 00003348 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2015-12-08 16:19 - 2014-06-17 08:31 - 00003888 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf8a38e0b30449
2015-12-08 16:19 - 2014-06-17 08:31 - 00003652 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1cf8a38ddd2408e
2015-12-01 11:19 - 2015-05-15 15:10 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 11:19 - 2015-05-15 15:10 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-28 10:06 - 2014-11-23 17:49 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-11-28 10:06 - 2014-11-23 17:47 - 00000000 ____D C:\Users\Janis\AppData\Local\Battle.net
2015-11-28 10:06 - 2014-11-23 17:46 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-22 16:47 - 2013-03-28 22:13 - 00000000 ____D C:\ProgramData\Dell
2015-11-22 16:47 - 2013-03-28 22:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-22 16:47 - 2012-05-08 05:37 - 00000000 ____D C:\DELL

==================== Files in the root of some directories =======

2013-03-28 22:20 - 2013-03-28 22:20 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-03-28 22:17 - 2013-03-28 22:18 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-03-28 22:18 - 2013-03-28 22:19 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-03-28 22:17 - 2013-03-28 22:17 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-03-28 22:19 - 2013-03-28 22:20 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Files to move or delete:
====================
C:\Users\Janis\BPMcount.exe

Some files in TEMP:
====================
C:\Users\Janis\AppData\Local\Temp\lowproc.exe
C:\Users\Janis\AppData\Local\Temp\rnsetup0.exe
C:\Users\Janis\AppData\Local\Temp\stubhelper.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-20 03:46

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Janis (2015-12-22 22:47:25)
Running from C:\Users\Janis\Desktop
Windows 8.1 (X64) (2014-10-22 19:08:21)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1572351143-274932609-3859850883-500 - Administrator - Disabled)
Guest (S-1-5-21-1572351143-274932609-3859850883-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1572351143-274932609-3859850883-1003 - Limited - Enabled)
Janis (S-1-5-21-1572351143-274932609-3859850883-1001 - Administrator - Enabled) => C:\Users\Janis

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-1572351143-274932609-3859850883-1001\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.3.1.0 - Auslogics Labs Pty Ltd)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.201.3 - Citrix Systems, Inc.)
Classic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.12.0 - Conexant)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 14.0.6120 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1572351143-274932609-3859850883-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 13.1.201.3 - Citrix Systems, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
Self-service Plug-in (x32 Version: 3.2.0.24226 - Citrix Systems, Inc.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SlimCleaner Plus (HKLM\...\{BA219F82-20BF-49AD-A279-E2D69D3B9D3F}) (Version: 1.0.26102 - SlimWare Utilities, Inc.)
Software Updater (HKLM-x32\...\{229E7A38-807F-4C7B-8757-B447549D30A7}) (Version: 4.1.6 - SEIKO EPSON CORPORATION) <==== ATTENTION
WD Drive Utilities (HKLM-x32\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{124310E8-7C49-4C33-B4F2-3CF43F3830B7}) (Version: 2.0.1.2 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{DD178D9D-89DD-4F15-9E56-57C85D1EDF36}) (Version: 2.0.1.2 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{bfb9000e-e7d4-490f-a873-ec2c9cab3b3d}) (Version: 2.0.1.2 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1572351143-274932609-3859850883-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

06-12-2015 04:41:17 Scheduled Checkpoint
14-12-2015 10:14:04 Scheduled Checkpoint
18-12-2015 09:34:35 Windows Update
22-12-2015 21:31:35 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02D37BF4-7FEB-4BB2-915F-D08A4081B0A6} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {2024250E-B53F-42C8-92EB-9285D848CEE2} - System32\Tasks\4682 => C:\WINDOWS\system32\wscript.exe [2014-10-28] (Microsoft Corporation) <==== ATTENTION
Task: {2B52F345-BF24-435F-8F78-A1005ECAD18E} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {2CCFD06E-BEB0-4CF1-B0F5-BF7472FC819B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {2DBD520F-4943-4D33-9743-97ACB8182D89} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {30D1C0E5-3470-4847-A55E-DE406176DDAC} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8a38e0b30449 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3810800D-C657-4E31-939D-DCEED3560777} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8a38ddd2408e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {38181E86-0DA8-4A8A-8319-5D18896BD9C7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
Task: {3BBBDA43-3567-402D-8062-1039E66C8185} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2015-11-15] (McAfee, Inc.)
Task: {402B4FA6-C98B-4BB3-BDD4-16567934D391} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {451D02D6-F327-419B-B68C-C7ED97707842} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2015-11-15] (McAfee, Inc.)
Task: {5A8A8EE1-D4F2-4090-B83D-DA3697D4D083} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {6AD5ECAC-8A92-4C6F-8353-8F3FADA71D51} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [2015-11-02] (McAfee, Inc.)
Task: {82D547EF-9A9D-4863-949F-5415C33C0FF1} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {8858367A-B898-4396-822C-1974741A1AB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {919B4935-F36C-4585-B494-7F07AEAF70B0} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1572351143-274932609-3859850883-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {92468B63-A5B5-4FCD-88C1-BA0F6A8EAE41} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {9BABB565-271C-41CA-A14A-A283542693FB} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1572351143-274932609-3859850883-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9C99817A-29F7-495E-BA94-4C356FFAA6FF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
Task: {A617FD13-A34C-4AC5-98E4-4D8B3E1AD1C8} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {AF036BF3-0E69-49A1-A633-0F30C14BB86F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1572351143-274932609-3859850883-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B1F74EB4-C943-4DF7-8589-AEDF6F9F6355} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1572351143-274932609-3859850883-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C1870DB1-FF74-4BD1-87CD-899967551184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C39E28A1-6E39-49C7-B542-F976D36E87FD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {CDB9F925-01AE-49D7-A442-88C196AF2D13} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {D991C192-6A36-4ADF-B14A-8B103277C764} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E1F73018-DF9A-43AB-AA35-E849A6D2B6A2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1572351143-274932609-3859850883-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E6499AF8-1A5A-433F-A569-3E33EECDF878} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {EC35DDE8-FC04-40BA-B6A4-8E006AB10D3C} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Janis) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {EE0F21DE-6FE9-4BB2-BE10-EE144E9123B9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-08] (Microsoft Corporation)
Task: {F320837C-A405-4844-A37E-A306CB657C90} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf8a38ddd2408e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf8a38e0b30449.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Janis).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-03-19 06:53 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-03-28 22:19 - 2012-04-24 20:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-10-30 03:23 - 2015-09-01 10:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-08-22 01:19 - 2013-08-22 00:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
2014-09-18 12:37 - 2014-07-02 20:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2015-12-11 15:29 - 2015-12-11 15:29 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\c89a3da49bf7bd161745f4228277ea00\PSIClient.ni.dll
2013-03-28 22:11 - 2012-07-18 13:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-09-18 12:37 - 2014-07-30 16:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-03-28 22:23 - 2012-11-25 23:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-09-18 12:37 - 2012-11-25 22:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1572351143-274932609-3859850883-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKU\S-1-5-21-1572351143-274932609-3859850883-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-1572351143-274932609-3859850883-1001\...\StartupApproved\Run: => "SlimCleaner Plus"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FDD65945-7834-4266-8598-5F2BE9761387}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
FirewallRules: [{6C917383-382A-4094-A092-09E056F249D9}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
FirewallRules: [{643F41FE-CBFD-47CC-A79D-49B1BAC8B60A}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [UDP Query User{D5900831-C560-492A-BB70-A091C04C6D10}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{5C06A137-7364-4B3C-B3E0-C581268EB6FE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{98A2FFCD-8EFE-4805-8592-54E14BA4415A}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3B69F53D-98A1-4171-9EC8-DA37B5D18F74}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{8FA34052-0EF7-4BC6-A8D1-05477EB02349}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{35814B38-E0E3-44C3-BD63-CC563A25D995}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{9DA2A88E-57EB-4351-AE57-4136B71C1B20}] => (Allow) C:\Users\Janis\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{82E74593-4D12-44BE-B51D-95669802AC2D}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudInstallWizard.exe
FirewallRules: [{08C1A80F-39C7-4B4D-8396-3DDB4FB501AC}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{8C979EDA-1480-41A8-91D5-64637B276E7E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{82A8F670-91B4-4B66-AF1C-9BA6C79C6412}] => (Allow) LPort=1900
FirewallRules: [{932128B4-1D5A-45F5-9EC0-C71357E86292}] => (Allow) LPort=2869
FirewallRules: [{5E1EB804-A01F-4340-A911-F7EAB3765776}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AA968DAB-D59A-4416-B05A-B6DC3CC4EFAA}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{8762A3CF-F41E-4CEB-A48C-F068602EDF86}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{9D8F537F-BD5B-4B02-8411-36E22430BF11}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{766CA18D-1C55-4D71-A10A-3969D6A2794F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{99629CEA-F54A-46AF-87B4-D9032C366B4B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{1312F9F6-BF92-4533-B281-120270439438}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{383610AA-A6FE-4CEA-AA32-C158A89EC60E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{5CA7099D-D83D-4FAD-99B8-8D99923BA768}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{4D10604A-DC83-40A2-8A82-DFC0CFE7D76F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A7CBFF40-9548-4780-AC7D-B742A2B9EAFA}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{58176319-070B-418A-B5B6-3B5AD09B0563}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{B802A663-3A53-4627-89A9-D6644C1DC95B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{DEE7EEF2-E79A-474A-9EB8-060A05AF6766}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C6A30A7-DDEE-4026-82BF-3990D127DA86}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7D025457-231B-4C2A-92B3-83FFFD8F248D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/22/2015 10:45:03 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (12/22/2015 10:15:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wfcrun32.exe, version: 13.1.201.3, time stamp: 0x4fbcdeaa
Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650afd4
Exception code: 0xc0000005
Fault offset: 0x00018ab9
Faulting process id: 0x16b8
Faulting application start time: 0xwfcrun32.exe0
Faulting application path: wfcrun32.exe1
Faulting module path: wfcrun32.exe2
Report Id: wfcrun32.exe3
Faulting package full name: wfcrun32.exe4
Faulting package-relative application ID: wfcrun32.exe5

Error: (12/22/2015 10:14:21 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (12/22/2015 10:14:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (12/22/2015 09:21:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 18dc

Start Time: 01d13d304f58fc91

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 42914237-a924-11e5-bebe-a41f726d87b3

Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am

Faulting package-relative application ID: App

Error: (12/22/2015 08:55:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a64

Start Time: 01d13cc810fb93cf

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 016cdb5a-a8bc-11e5-bebe-a41f726d87b3

Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am

Faulting package-relative application ID: App

Error: (12/20/2015 07:34:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 72c

Start Time: 01d13b8efe1324f6

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: f0c4e623-a782-11e5-bebe-a41f726d87b3

Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am

Faulting package-relative application ID: App

Error: (12/20/2015 02:32:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1f38

Start Time: 01d13b64db75d17d

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: cefe879b-a758-11e5-bebe-a41f726d87b3

Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am

Faulting package-relative application ID: App

Error: (12/18/2015 09:25:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: cb8

Start Time: 01d139a790fb25bf

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 847bb12a-a59b-11e5-bebe-a41f726d87b3

Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am

Faulting package-relative application ID: App

Error: (12/17/2015 10:07:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13d0

Start Time: 01d138e45680741e

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 4907bafb-a4d8-11e5-bebe-a41f726d87b3

Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am

Faulting package-relative application ID: App

System errors:
=============
Error: (12/22/2015 10:16:00 PM) (Source: DCOM) (EventID: 10010) (User: JANS)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (12/22/2015 10:14:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SlimWare Utility Service Launcher service failed to start due to the following error:
%%2

Error: (12/22/2015 09:42:10 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/22/2015 05:38:32 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/21/2015 04:47:01 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/20/2015 08:28:32 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/20/2015 07:41:51 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (12/20/2015 07:41:50 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (12/20/2015 07:41:21 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (12/20/2015 07:41:21 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3330 CPU @ 3.00GHz
Percentage of memory in use: 33%
Total physical RAM: 8063.54 MB
Available physical RAM: 5392.86 MB
Total Virtual: 9343.54 MB
Available Virtual: 6483.12 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.11 GB) (Free:833.47 GB) NTFS
Drive x: () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:13.82 GB) (Free:0.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F863C3B0)

Partition: GPT.

==================== End of Addition.txt ============================

Edited by jtg22, 27 December 2015 - 12:41 AM.

#2
pystryker

Posted 28 December 2015 - 09:22 PM

Trusted Helper

Malware Removal
3,912 posts

Hello

, sorry for the delay in getting to your topic. We do get quite busy around here. :thumbsup:

Could you please post the Malwarebytes Log for my review? I'm currently working on a fix for the machine, plus some further scans to check for anything more nefarious.

Things I need to see in your next post

MBAM Log

#3
jtg22

Posted 28 December 2015 - 09:31 PM

Member

Topic Starter
Member
111 posts

Hello.

Here's the MBM log that removed the most recent malware. Additionally, I'd also run it back in November (at home for Thanksgiving, but not near enough time to really do anything else), so I'll post that log too if needed. I'd simply forgotten about it when I'd made the post. It actually had 50+ items in it, but I don't recall any being flagged as outright malware.

I'm not sure if too much time has elapsed for that older MBM log to be of any value or not.

MBM log 1 - the one I'd mentioned in this post.

...........

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/22/2015
Scan Time: 10:02 PM
Logfile: mbm christmas scan.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.22.07
Rootkit Database: v2015.12.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Janis

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360450
Time Elapsed: 9 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 4
Rootkit.Fileless.MTGen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|^d8aa99a6, Quarantined, [5ac5d2d63e4de353468810719172da26],
Rootkit.Fileless.MTGen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|^d8aa99a6, Quarantined, [55cabdeb771478be389698e9fb089e62],
Rootkit.Fileless.MTGen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^21691d50, Quarantined, [7aa5a107d0bbd660259de899897a7789],
Rootkit.Fileless.MTGen, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^21691d50, Quarantined, [65ba55534645d2641da486fb0af96f91],

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.Revizer, C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.reklaam00.reklaam.co_0.localstorage, Quarantined, [1e01f1b77219e056023b67a4da2a758b],
PUP.Optional.Revizer, C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.reklaam00.reklaam.co_0.localstorage-journal, Quarantined, [63bcfdab14778ea8eb52ae5d83814ab6],

Physical Sectors: 0
(No malicious items detected)

(end)

........

MBM log 2 - the one from Thanksgiving

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/20/2015
Scan Time: 5:19 PM
Logfile: nov log.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.20.07
Rootkit Database: v2015.11.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Janis

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355330
Time Elapsed: 8 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 215
PUP.Optional.AudioToAudioToolBar, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FromDocToPDF_65Service, Quarantined, [b98e3c444f3cfc3a78fa4dde3bc51ae6],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{72d05120-df65-4c27-921e-899b5267fef2}, Quarantined, [e562621e404bf93d8f59621f9173f709],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{2c9d27d8-c81e-4968-8026-e725e01650c1}, Quarantined, [e562621e404bf93d8f59621f9173f709],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{A1F3E70D-04BA-47FB-ACCA-CC8FCFA74D41}, Quarantined, [e562621e404bf93d8f59621f9173f709],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1F3E70D-04BA-47FB-ACCA-CC8FCFA74D41}, Quarantined, [e562621e404bf93d8f59621f9173f709],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A1F3E70D-04BA-47FB-ACCA-CC8FCFA74D41}, Quarantined, [e562621e404bf93d8f59621f9173f709],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2c9d27d8-c81e-4968-8026-e725e01650c1}, Quarantined, [e562621e404bf93d8f59621f9173f709],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{2c9d27d8-c81e-4968-8026-e725e01650c1}, Quarantined, [e562621e404bf93d8f59621f9173f709],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2}, Quarantined, [e562621e404bf93d8f59621f9173f709],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{f236ca79-3123-4afb-9f74-e98117ad5625}, Quarantined, [f750b4cc8308d95d70785b2651b3df21],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F236CA79-3123-4AFB-9F74-E98117AD5625}, Quarantined, [f750b4cc8308d95d70785b2651b3df21],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625}, Quarantined, [f750b4cc8308d95d70785b2651b3df21],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625}, Quarantined, [f750b4cc8308d95d70785b2651b3df21],
PUP.Optional.MindSpark, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F236CA79-3123-4AFB-9F74-E98117AD5625}, Quarantined, [f750b4cc8308d95d70785b2651b3df21],
PUP.Optional.MindSpark, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F236CA79-3123-4AFB-9F74-E98117AD5625}, Quarantined, [f750b4cc8308d95d70785b2651b3df21],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625}\INPROCSERVER32, Quarantined, [f750b4cc8308d95d70785b2651b3df21],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{a235e1e3-6296-4710-af39-104a7faa6c7c}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{c66a678d-5e6c-4af9-8f57-c6192f42cf74}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{bc7e25d7-4681-46a3-af5a-9a1b865783ed}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{74c02d12-faee-4834-80d2-5b7d2480ad61}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{36B445BF-1B84-466A-A623-A360A8CFF8C3}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{463A3C2B-3B87-4FAD-A9A6-CD1B93ED836C}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{4AD8E6E4-3DFE-458D-845D-55F516C7C3B0}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{C7879E06-4C3F-4061-B619-7CFD072E4F26}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{DAAD8A57-6BD6-48D0-9034-093AD607C39A}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{36B445BF-1B84-466A-A623-A360A8CFF8C3}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{463A3C2B-3B87-4FAD-A9A6-CD1B93ED836C}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4AD8E6E4-3DFE-458D-845D-55F516C7C3B0}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C7879E06-4C3F-4061-B619-7CFD072E4F26}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DAAD8A57-6BD6-48D0-9034-093AD607C39A}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{36B445BF-1B84-466A-A623-A360A8CFF8C3}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{463A3C2B-3B87-4FAD-A9A6-CD1B93ED836C}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4AD8E6E4-3DFE-458D-845D-55F516C7C3B0}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C7879E06-4C3F-4061-B619-7CFD072E4F26}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{DAAD8A57-6BD6-48D0-9034-093AD607C39A}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{74c02d12-faee-4834-80d2-5b7d2480ad61}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{74c02d12-faee-4834-80d2-5b7d2480ad61}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.SettingsPlugin.1, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.SettingsPlugin, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.SettingsPlugin, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.SettingsPlugin, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.SettingsPlugin.1, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.SettingsPlugin.1, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FromDocToPDF_65bar Uninstall Internet Explorer, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}\INPROCSERVER32, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{ae84501a-2cb6-41d6-b3a7-9679bdbdfa0b}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{4d8aeb1d-4ed4-44ac-a039-4775b2575db0}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{9CB19259-5D60-49A7-8AF7-2B7CAF36C124}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{A7C6FA4E-F2A1-4D4B-90CB-2757143E7AAB}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{F39D8ED3-A6F6-427F-8AF8-BC9784FA70D8}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9CB19259-5D60-49A7-8AF7-2B7CAF36C124}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A7C6FA4E-F2A1-4D4B-90CB-2757143E7AAB}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F39D8ED3-A6F6-427F-8AF8-BC9784FA70D8}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9CB19259-5D60-49A7-8AF7-2B7CAF36C124}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A7C6FA4E-F2A1-4D4B-90CB-2757143E7AAB}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F39D8ED3-A6F6-427F-8AF8-BC9784FA70D8}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4d8aeb1d-4ed4-44ac-a039-4775b2575db0}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{4d8aeb1d-4ed4-44ac-a039-4775b2575db0}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.ToolbarProtector.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.ToolbarProtector, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.ToolbarProtector, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.ToolbarProtector, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.ToolbarProtector.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.ToolbarProtector.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{afa196f4-80e5-47ad-b7bc-c671487d36fb}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{bf6fdbb8-7cd5-402d-ab4f-e4f13d3490c8}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{37E2C8D2-3EF0-46D4-AD11-A8DA53942034}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{CF9608AD-4ECF-4A16-B122-B374299DE7B5}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{F05D47B2-7C9F-401D-A083-3AA4A4711F4F}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{37E2C8D2-3EF0-46D4-AD11-A8DA53942034}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CF9608AD-4ECF-4A16-B122-B374299DE7B5}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F05D47B2-7C9F-401D-A083-3AA4A4711F4F}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{37E2C8D2-3EF0-46D4-AD11-A8DA53942034}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{CF9608AD-4ECF-4A16-B122-B374299DE7B5}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F05D47B2-7C9F-401D-A083-3AA4A4711F4F}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{bf6fdbb8-7cd5-402d-ab4f-e4f13d3490c8}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{bf6fdbb8-7cd5-402d-ab4f-e4f13d3490c8}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{cd1d181e-c654-4ca5-9d09-b3648537fd7d}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{6191571e-f7ee-47c3-b229-2dfac70db5d2}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{62D88F68-AC05-4FBF-AC16-E76B3B7B6531}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{E70DAE92-1A31-4AB8-9FCF-52FBDA0CC66A}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{62D88F68-AC05-4FBF-AC16-E76B3B7B6531}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E70DAE92-1A31-4AB8-9FCF-52FBDA0CC66A}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{62D88F68-AC05-4FBF-AC16-E76B3B7B6531}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E70DAE92-1A31-4AB8-9FCF-52FBDA0CC66A}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6191571e-f7ee-47c3-b229-2dfac70db5d2}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{6191571e-f7ee-47c3-b229-2dfac70db5d2}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.FeedManager.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.FeedManager, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.FeedManager, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.FeedManager, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.FeedManager.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.FeedManager.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.HTMLMenu.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.HTMLMenu, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.HTMLMenu, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.HTMLMenu, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.HTMLMenu.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.HTMLMenu.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4ffa72ec-9fd9-4b2b-92a5-68b60885fd8a}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{840ae8ae-d547-433e-985c-6bf6c74f5084}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{A9141680-DC75-4DD7-B86D-9CC2A83DCB9B}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC65C7F9-115F-42A6-BC49-BF7A60A5314E}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A9141680-DC75-4DD7-B86D-9CC2A83DCB9B}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC65C7F9-115F-42A6-BC49-BF7A60A5314E}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A9141680-DC75-4DD7-B86D-9CC2A83DCB9B}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FC65C7F9-115F-42A6-BC49-BF7A60A5314E}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{840ae8ae-d547-433e-985c-6bf6c74f5084}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{840ae8ae-d547-433e-985c-6bf6c74f5084}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4FFA72EC-9FD9-4B2B-92A5-68B60885FD8A}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{017d68f2-19b3-41ae-9d8a-8b09dbd25479}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.MultipleButton.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.MultipleButton, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.MultipleButton, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.MultipleButton, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.MultipleButton.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.MultipleButton.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3700b685-d795-4e17-9b78-73bcee5d4086}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.ScriptButton.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.ScriptButton, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.ScriptButton, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.ScriptButton, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.ScriptButton.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.ScriptButton.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3e6260ac-bc6f-44b4-942b-1568c367543a}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{1747ae4d-0a83-4336-84d4-48500bf1554f}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{314D051A-F3B4-4B7A-AAB4-1122FB82A0B5}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{316A2A46-F832-49B3-95E0-D460BD88D6B4}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{C64B02A7-77F8-4EC9-B2C3-78EBBFFC00EE}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{F4F94932-9CDB-45F4-BD4A-C77B5074D353}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{314D051A-F3B4-4B7A-AAB4-1122FB82A0B5}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{316A2A46-F832-49B3-95E0-D460BD88D6B4}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C64B02A7-77F8-4EC9-B2C3-78EBBFFC00EE}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F4F94932-9CDB-45F4-BD4A-C77B5074D353}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{314D051A-F3B4-4B7A-AAB4-1122FB82A0B5}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{316A2A46-F832-49B3-95E0-D460BD88D6B4}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C64B02A7-77F8-4EC9-B2C3-78EBBFFC00EE}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F4F94932-9CDB-45F4-BD4A-C77B5074D353}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1747ae4d-0a83-4336-84d4-48500bf1554f}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1747ae4d-0a83-4336-84d4-48500bf1554f}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{cbbea4b9-b183-47ac-8b1f-fd526ac99a8d}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.PseudoTransparentPlugin.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.PseudoTransparentPlugin, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.PseudoTransparentPlugin, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.PseudoTransparentPlugin, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.PseudoTransparentPlugin.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.PseudoTransparentPlugin.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{e1c4699e-5e74-4f30-a4a2-378e45d44f07}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{3efec319-72e8-42aa-ac38-8cf8a0661cdd}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{777CEBBF-A763-42BE-ABBF-FF264689666B}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{87509D74-1F24-4B10-A14E-0AACF713CE14}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{777CEBBF-A763-42BE-ABBF-FF264689666B}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{87509D74-1F24-4B10-A14E-0AACF713CE14}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{777CEBBF-A763-42BE-ABBF-FF264689666B}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{87509D74-1F24-4B10-A14E-0AACF713CE14}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3efec319-72e8-42aa-ac38-8cf8a0661cdd}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{3efec319-72e8-42aa-ac38-8cf8a0661cdd}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.HTMLPanel.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.HTMLPanel, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.HTMLPanel, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.HTMLPanel, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.HTMLPanel.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.HTMLPanel.1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\FromDocToPDF_65, Quarantined, [0b3cacd4a9e2ee48ff52c8c100038e72],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{36B445BF-1B84-466A-A623-A360A8CFF8C3}, Quarantined, [2a1dfb85fc8f112599db9eeb9b68d22e],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}, Quarantined, [ba8d5b251972c96d6d073356fa091be5],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A3B975A0-F679-444E-9D94-6D292FA53140}, Quarantined, [3d0af38d602b55e1aec61475fe052bd5],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E1035F55-4C0C-4EFC-9AAE-38F421FCE726}, Quarantined, [bc8b6917038895a1d2a293f61ee548b8],
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}, Quarantined, [fd4a92eee8a3ee48701e9d0d669d41bf],
PUP.Optional.MindSpark, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\FromDocToPDF_65, Quarantined, [af989be5612ad660ed83e3a53cc7ae52],
PUP.Optional.MindSpark, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\APPDATALOW\SOFTWARE\FromDocToPDF_65, Quarantined, [97b0453bb4d70f27428d27601ee55ea2],
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1D3B7FF0-D1E0-4290-A9AB-51E4B765ED73}, Quarantined, [e4639ce472192412a48be4903ec52ed2],
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21EFF149-6560-4028-97B2-65AAFB26464B}, Quarantined, [6addb8c8523920168aa4690ba16213ed],
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{40BE1B1F-CFA1-4DE0-9890-A049805D4FD7}, Quarantined, [5cebcab66d1e46f042ec4d2701026b95],
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B3F02B0-E377-4462-BF29-574EF1855F49}, Quarantined, [63e4f68ab8d338feaa85e58fcc37a060],
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{675641AB-6595-470C-85EB-641432DD125D}, Quarantined, [ab9cccb4444781b5c26c1f557a890af6],
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{78293599-2743-4B3A-A61F-CF3BDD56E161}, Quarantined, [3611413f7912b68056d8f57f7c87fe02],
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{854E492B-4B58-49AF-B355-1810E1C860F7}, Quarantined, [c87ff18f404b69cdee407004b84b22de],
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9EFCECD7-47EC-4EBB-A796-B8164B552035}, Quarantined, [380fa4dcd6b5270f002ef480c93a3cc4],
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AF6557DA-D61D-4E89-946B-2E7FA0AD9D4B}, Quarantined, [2a1d265a8dfeef47022ccfa57d86c739],
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CE4414C5-84C8-470E-A764-BBF85026B812}, Quarantined, [281fc8b8b1da94a278b789ebe221f709],
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EE379603-C249-4D20-8B5F-2ED04B27FC77}, Quarantined, [25220e72cfbc9e98b27dacc8fa09d22e],
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F055CB7B-2B1E-44DE-BEE0-F7DA75C040C3}, Quarantined, [6addfa861576d56135fa5f155da6c937],
PUP.Optional.ASK, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}, Quarantined, [90b7522ee4a702340682f5b55da6b24e],

Registry Values: 25
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FromDocToPDF EPM Support, "C:\PROGRA~2\FROMDO~1\bar\1.bin\65medint.exe" t8EPMSup.dll,S, Quarantined, [083f631d1a71d56133b58ff20ff50000]
PUP.Optional.MindSpark, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}, gjÆl^ùJWÆ /BÏt, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{36b445bf-1b84-466a-a623-a360a8cff8c3}|AppPath, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin, Quarantined, [2a1dfb85fc8f112599db9eeb9b68d22e]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6cbf5c01-c876-481b-867e-111cb1d2a7d6}|AppPath, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin, Quarantined, [ba8d5b251972c96d6d073356fa091be5]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a3b975a0-f679-444e-9d94-6d292fa53140}|AppPath, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin, Quarantined, [3d0af38d602b55e1aec61475fe052bd5]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}|AppPath, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin, Quarantined, [0d3a4d331972bf77eb893950fa097789]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e1035f55-4c0c-4efc-9aae-38f421fce726}|AppPath, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin, Quarantined, [bc8b6917038895a1d2a293f61ee548b8]
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}|DisplayName, Ask Web Search, Quarantined, [fd4a92eee8a3ee48701e9d0d669d41bf]
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}|URL, http://search.tb.ask...={searchTerms},Quarantined, [4afd562ac7c41f177e0f8525ca3926da]
PUP.Optional.MindSpark, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FromDocToPDF_65Service|ImagePath, C:\PROGRA~2\FROMDO~1\bar\1.bin\65barsvc.exe, Quarantined, [3611d3ad107bd26463796b1e788ba25e]
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1D3B7FF0-D1E0-4290-A9AB-51E4B765ED73}|AppName, SuperLyrics-16-enabler.exe-codedownloader.exe, Quarantined, [e4639ce472192412a48be4903ec52ed2]
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21EFF149-6560-4028-97B2-65AAFB26464B}|AppName, SuperLyrics-16-enabler.exe-buttonutil.exe, Quarantined, [6addb8c8523920168aa4690ba16213ed]
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{40BE1B1F-CFA1-4DE0-9890-A049805D4FD7}|AppName, SuperLyrics-16-enabler.exe-buttonutil.exe, Quarantined, [5cebcab66d1e46f042ec4d2701026b95]
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B3F02B0-E377-4462-BF29-574EF1855F49}|AppName, SuperLyrics-16-enabler.exe-codedownloader.exe, Quarantined, [63e4f68ab8d338feaa85e58fcc37a060]
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{675641AB-6595-470C-85EB-641432DD125D}|AppName, SuperLyrics-16-enabler.exe-buttonutil.exe, Quarantined, [ab9cccb4444781b5c26c1f557a890af6]
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{78293599-2743-4B3A-A61F-CF3BDD56E161}|AppName, SuperLyrics-16-enabler.exe-buttonutil.exe, Quarantined, [3611413f7912b68056d8f57f7c87fe02]
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{854E492B-4B58-49AF-B355-1810E1C860F7}|AppName, SuperLyrics-16-enabler.exe-buttonutil.exe, Quarantined, [c87ff18f404b69cdee407004b84b22de]
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9EFCECD7-47EC-4EBB-A796-B8164B552035}|AppName, SuperLyrics-16-enabler.exe-buttonutil.exe, Quarantined, [380fa4dcd6b5270f002ef480c93a3cc4]
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AF6557DA-D61D-4E89-946B-2E7FA0AD9D4B}|AppName, SuperLyrics-16-enabler.exe-buttonutil.exe, Quarantined, [2a1d265a8dfeef47022ccfa57d86c739]
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CE4414C5-84C8-470E-A764-BBF85026B812}|AppName, SuperLyrics-16-enabler.exe-codedownloader.exe, Quarantined, [281fc8b8b1da94a278b789ebe221f709]
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EE379603-C249-4D20-8B5F-2ED04B27FC77}|AppName, SuperLyrics-16-enabler.exe-codedownloader.exe, Quarantined, [25220e72cfbc9e98b27dacc8fa09d22e]
PUP.Optional.CrossRider, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F055CB7B-2B1E-44DE-BEE0-F7DA75C040C3}|AppName, SuperLyrics-16-enabler.exe-codedownloader.exe, Quarantined, [6addfa861576d56135fa5f155da6c937]
PUP.Optional.ASK, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}|DisplayName, Ask Web Search, Quarantined, [90b7522ee4a702340682f5b55da6b24e]
PUP.Optional.ASK, HKU\S-1-5-21-1572351143-274932609-3859850883-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}|URL, http://search.tb.ask...={searchTerms},Quarantined, [2225027ea6e551e590f718922dd640c0]

Registry Data: 0
(No malicious items detected)

Folders: 39
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\css, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\fonts, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\images, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\js, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\swf, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\css, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\fonts, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\js, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\swf, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\images, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\js, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Settings, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Cache, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\History, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin, Delete-on-Reboot, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists, Delete-on-Reboot, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\Apa, Delete-on-Reboot, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\Apa\Bar, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\Apa\Dialog, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\ie_default_search_provider, Delete-on-Reboot, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\ie_enable, Delete-on-Reboot, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar, Delete-on-Reboot, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\assists, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\gen1, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\Message, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\Settings, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65, Delete-on-Reboot, [64e38af6afdc74c2399bd0a77290669a],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65, Quarantined, [62e5f9870388b581225e572139c905fb],

Files: 193
PUP.Optional.AudioToAudioToolBar, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe, Delete-on-Reboot, [b98e3c444f3cfc3a78fa4dde3bc51ae6],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegratorStub.dll, Delete-on-Reboot, [c0871c646b20ec4a8c5c59282bd9f60a],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator.exe, Delete-on-Reboot, [d770710f1873ae88d414760bae56fe02],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65dlghk.dll, Delete-on-Reboot, [e562621e404bf93d8f59621f9173f709],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll, Delete-on-Reboot, [f750b4cc8308d95d70785b2651b3df21],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\ToolbarGuard.dll, Delete-on-Reboot, [b3947e02414a5cda42a66021e61e18e8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\HiddenToolbarReminder.dll, Delete-on-Reboot, [66e1621e6f1c62d406e2fc857f8554ac],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe, Delete-on-Reboot, [aa9d2f51a6e50135a93fc1c0b252ac54],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65medint.exe, Quarantined, [083f631d1a71d56133b58ff20ff50000],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll, Quarantined, [fa4dcab6becdb2848563bbc6ee1634cc],
PUP.Optional.InstallCore, C:\Users\Janis\AppData\Roaming\0W1L1G1Q1F2W1Bzz0D1F2W1G1I1F1T1Q1B\Adobe Flash Player Packages\uninstaller.exe, Quarantined, [b2952858ccbf91a54352d56653ae649c],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\CouponXplorer Installer(4df60413).exe, Quarantined, [54f3fa86f09b7eb88068fb86d13314ec],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\UrlFolderExtension.ufm, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\UrlFolderExtension.uf1, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\App.html, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\Background.html, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\lang-en.js, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\manifest.json, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\css\App.min.css, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\css\nl.css, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\css\PDFConverter.css, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\fonts\cabin.eot, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\fonts\cabin.woff, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\images\ArrowConverting.gif, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\images\DocToPDF.bmp, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\images\DocToPDF.ico, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\images\DocToPDF.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\images\HP_logo.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\images\icon.bmp, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\images\icon.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\images\logo.bmp, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\images\logo.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\images\PageToPDF.bmp, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\images\PageToPDF.ico, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\images\PageToPDF.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\images\PDFToDOC.bmp, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\images\PDFToDOC.ico, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\images\PDFToDOC.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\images\pdf_rate.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\images\rateUISprite.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\images\spinner.gif, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\images\sprite.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\js\Background.js, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\js\Review.js, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\js\Widget.js, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\swf\UploadButton.swf, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.3.0\swf\UploadButtonIE6.swf, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\App.html, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\Background.html, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\lang-en.js, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\manifest.json, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\css\App.min.css, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\css\nl.css, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\css\PDFConverter.css, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\fonts\cabin.eot, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\fonts\cabin.woff, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images\ArrowConverting.gif, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images\DocToPDF.bmp, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images\DocToPDF.ico, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images\DocToPDF.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images\HP_logo.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images\icon.bmp, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images\icon.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images\logo.bmp, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images\logo.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images\PageToPDF.bmp, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images\PageToPDF.ico, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images\PageToPDF.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images\PDFToDOC.bmp, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images\PDFToDOC.bmp,hot,flags=none.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images\PDFToDOC.ico, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images\PDFToDOC.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images\pdf_rate.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images\rateUISprite.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images\spinner.gif, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\images\sprite.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\js\Background.js, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\js\Review.js, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\js\Widget.js, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\swf\UploadButton.swf, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.3.0\swf\UploadButtonIE6.swf, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\background.html, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\lang-en.js, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\manifest.json, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\images\logo-unbranded.bmp, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\images\logo-unbranded.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\images\logo.bmp, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\images\logo.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\images\TranslationBuddyLogo.bmp, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\images\TranslationBuddyLogo.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\images\TranslationBuddy_SpeechBubble.bmp, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\images\TranslationBuddy_SpeechBubble.png, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\js\Background.js, Quarantined, [6dda08787c0fd2642ccedda93bc8fb05],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Settings\ToolbarStructure.json, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Settings\prevcfg2.htm, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Cache\22E8A261, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Cache\22E8A54F.bmp, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Cache\22E8A5DC.bmp, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Cache\22E8A659.bmp, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Cache\22E8A6A7.bmp, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Cache\22E8A705.bmp, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Cache\22E8A743.cab, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Cache\22E8A908.bmp, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Cache\22E8A956.cab, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Cache\22E8AA41.bmp, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Cache\22E8AAAE.cab, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Cache\22E8AB1C.bmp, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Cache\22E8AB79.bmp, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Cache\22E8AC64.bmp, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Cache\5279048E, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Cache\files.ini, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\History\search3, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\8_step1.gif, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\anemone.js, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\bd_grad.gif, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\common.reg, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\HiddenToolbarReminder.htm, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\hpguard.js, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\hpp_ok.png, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\hpp_x.png, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\index.htm, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\localizedStrings.js, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\mid_dots.gif, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\mws_logo.gif, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\rebut4b.htm, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\rebut4b_border_bottom.png, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\rebut4b_border_left.png, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\rebut4b_border_right.png, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\rebut4b_border_top.png, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\rebut4b_btn.png, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\rebut4b_corner_bl.png, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\rebut4b_corner_br.png, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\rebut4b_corner_tl.png, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\rebut4b_corner_tr.png, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\rebut4b_gradient.png, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\rebut4b_x.png, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\stop.gif, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\tbguard1.htm, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\tbguard2.htm, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Users\Janis\AppData\LocalLow\FromDocToPDF_65\bar\Message\common\tp_grad.gif, Quarantined, [aa9dc5bb3f4c1b1b9af12a5d32d19d63],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\logo.bmp, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegratorStub64.dll, Delete-on-Reboot, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\HkFxMgr64.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bprtct.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65datact.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65dlghk64.dll, Delete-on-Reboot, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65feedmg.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65highin.exe, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65htmlmu.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65httpct.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65idle.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65mlbtn.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65Plugin.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65regiet.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65script.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65skin.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65skplay.exe, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65tpinst.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AssistMonitor.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AssistMonitor64.dll, Delete-on-Reboot, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\CrExt.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\CrExtP65.exe, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\DpnMngr.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\FF-NativeMessagingDispatcher.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\HkFxMgr.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\InstallEnabler.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\installKeys.js, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\t8EPMSup.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8EXTEX.DLL, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8EXTPEX.DLL, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8HTML.DLL, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\t8Res.dll, Delete-on-Reboot, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8TICKER.DLL, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\ToolbarGuard64.dll, Delete-on-Reboot, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\TPIManagerConsole.exe, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\Verify.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\Apa\arbiter.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\Apa\arbiter64.dll, Delete-on-Reboot, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\Apa\Bar\assist.exe, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\Apa\Bar\config.xml, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\Apa\Dialog\assist.exe, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\Apa\Dialog\config.xml, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\ie_default_search_provider\arbiter.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\ie_default_search_provider\arbiter64.dll, Delete-on-Reboot, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\ie_default_search_provider\assist.exe, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\ie_default_search_provider\config.xml, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\ie_enable\arbiter.dll, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\ie_enable\arbiter64.dll, Delete-on-Reboot, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\ie_enable\config.xml, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\assists\common.t8s, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\gen1\common.t8s, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\Message\common.t8s, Quarantined, [eb5c532d781366d06ba910a147bc58a8],
PUP.Optional.MindSpark, C:\Program Files (x86)\FromDocToPDF_65\bar\Settings\s_pid.dat, Quarantined, [eb5c532d781366d06ba910a147bc58a8],

Physical Sectors: 0
(No malicious items detected)

(end)

Edited by jtg22, 28 December 2015 - 09:34 PM.

#4
pystryker

Posted 28 December 2015 - 09:34 PM

Trusted Helper

Malware Removal
3,912 posts

Hello and thank you for the log. It looks like MBAM did a good job of clearing a lot of junk away. Let's remove what is left with FRST and some other tools and get some fresh scans. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Fix with FRST

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
Right-click in the open notepad and select Paste).
Save it on the desktop as fixlist.txt

NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1572351143-274932609-3859850883-1001 - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll No File
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
CHR DefaultSearchURL: Default -> hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-26&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
CHR DefaultSearchKeyword: Default -> securesearch
S2 SlimService; "C:\Program Files\SlimService\SlimServiceFactory.exe" [X]
Task: {2024250E-B53F-42C8-92EB-9285D848CEE2} - System32\Tasks\4682 => C:\WINDOWS\system32\wscript.exe [2014-10-28] (Microsoft Corporation) <==== ATTENTION
Task: {92468B63-A5B5-4FCD-88C1-BA0F6A8EAE41} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 3: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop

Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
Please Check the following options:
- Reset Proxy Settings
- Reset Winsock Settings
- Reset TCP/IP Settings
- Reset Firewall Settings
- Reset IPSec Settings
- Reset BITS Queue
- Reset Internet Explorer Policies
- Reset Chrome Policies
Close any open windows or browsers.
Pause your Anti-Virus program if it is running.
Once it starts, click on the Scan button.
Let the scan complete itself. This may take a few minutes.
Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
- Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\

Step 4: Fresh FRST Scan

Start Farbar's Recovery Scan Tool and press the Scan button.
FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log

#5
jtg22

Posted 28 December 2015 - 10:22 PM

Member

Topic Starter
Member
111 posts

Hello again,

Here are the logs you requested. Also, this time around, there wasn't an error message from running FRST. AdwCleaner did have the top option ("delete tracers" or something to that effect) checked already when I ran it - was I correct to leave it checked?

Logs:

.....

FRST fix log:

Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Janis (2015-12-28 21:43:18) Run:1
Running from C:\Users\Janis\Desktop
Loaded Profiles: Janis (Available Profiles: Janis)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1572351143-274932609-3859850883-1001 - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll No File
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
CHR DefaultSearchURL: Default -> hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-26&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
CHR DefaultSearchKeyword: Default -> securesearch
S2 SlimService; "C:\Program Files\SlimService\SlimServiceFactory.exe" [X]
Task: {2024250E-B53F-42C8-92EB-9285D848CEE2} - System32\Tasks\4682 => C:\WINDOWS\system32\wscript.exe [2014-10-28] (Microsoft Corporation) <==== ATTENTION
Task: {92468B63-A5B5-4FCD-88C1-BA0F6A8EAE41} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-1572351143-274932609-3859850883-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4c60e5ab-5c68-4c59-abaa-885010b24b32} => value removed successfully
"HKCR\Wow6432Node\CLSID\{4c60e5ab-5c68-4c59-abaa-885010b24b32}" => key removed successfully
Firefox SearchEngineOrder.1 removed successfully
Firefox SelectedSearchEngine removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
SlimService => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2024250E-B53F-42C8-92EB-9285D848CEE2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2024250E-B53F-42C8-92EB-9285D848CEE2}" => key removed successfully
C:\WINDOWS\System32\Tasks\4682 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4682" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92468B63-A5B5-4FCD-88C1-BA0F6A8EAE41}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92468B63-A5B5-4FCD-88C1-BA0F6A8EAE41}" => key removed successfully
C:\WINDOWS\System32\Tasks\0 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{EC847B09-C3FF-4B5C-BDE9-BA73B32AE662} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 1.9 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 21:44:55 ====

.....

Junkware Removal Tool Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 x64
Ran by Janis (Administrator) on Mon 12/28/2015 at 21:51:53.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 8

Successfully deleted: C:\ProgramData\ad-aware browsing protection (Folder)
Successfully deleted: C:\Users\Janis\AppData\Local\adawarebp (Folder)
Successfully deleted: C:\Users\Janis\AppData\Local\downloaded installers (Folder)
Successfully deleted: C:\WINDOWS\couponprinter.ocx (File)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\SlimCleaner Plus (Scheduled Scan - Janis) (Task)
Successfully deleted: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Janis).job (Task)

Registry: 2

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0318271451048540mcinstcleanup (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8DA70481-9BB5-444B-8167-8F0BF45420C1} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/28/2015 at 21:53:43.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.....

AdwCleaner Log:

# AdwCleaner v5.026 - Logfile created 28/12/2015 at 22:03:44
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Janis - JANS
# Running from : C:\Users\Janis\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{131a1f72-5c50-43cf-ba3e-3ac75df1188b}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9FD6C2C1-C847-410A-995A-AEE5F27F0674}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1b4cf49b-8b69-4a90-8b51-d2088e1ec1ba}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{d0584866-e0cd-41c8-93ec-5cd3e02e0f9d}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{131a1f72-5c50-43cf-ba3e-3ac75df1188b}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1b4cf49b-8b69-4a90-8b51-d2088e1ec1ba}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{342c5ca1-0a51-476e-bebb-923bdb3309b8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b0f55b80-947d-4ba0-ad42-3f3923a87ed9}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d0584866-e0cd-41c8-93ec-5cd3e02e0f9d}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ead4279d-844b-4e80-a125-be6a16647f18}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9FD6C2C1-C847-410A-995A-AEE5F27F0674}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1b4cf49b-8b69-4a90-8b51-d2088e1ec1ba}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{d0584866-e0cd-41c8-93ec-5cd3e02e0f9d}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : [x64] HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com

***** [ Web browsers ] *****

[-] [C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Proxy settings cleared
:: Winsock settings cleared
:: TCP/IP settings cleared
:: Firewall settings cleared
:: IPSec settings cleared
:: BITS queue cleared
:: Chrome policies deleted

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3596 bytes] ##########

.....

FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by Janis (administrator) on JANS (28-12-2015 22:11:01)
Running from C:\Users\Janis\Desktop
Loaded Profiles: Janis (Available Profiles: Janis)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\caudiofilteragent64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.8.190.0\McCSPServiceHost.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-28] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [723904 2015-11-10] (McAfee, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5687152 2013-04-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [371896 2012-05-23] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-02-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [421888 2014-12-07] (Apple Inc.)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Startup: C:\Users\Janis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-07-27] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E1B1A205-AC8F-48DC-B4E4-A54C4787FA7B}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1572351143-274932609-3859850883-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1572351143-274932609-3859850883-1001 -> DefaultScope {8DA70481-9BB5-444B-8167-8F0BF45420C1} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-04] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-04] (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-11-04] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-11-04] (Oracle Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-11-10] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-11-10] (McAfee, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-05-23] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Janis\AppData\Roaming\Mozilla\Firefox\Profiles\6cgocorf.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-11-04] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-11-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-05-23] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-11-04] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-11-10] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-02-24] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-02-24] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-03-20] (Coupons, Inc.)
FF SearchPlugin: C:\Users\Janis\AppData\Roaming\Mozilla\Firefox\Profiles\6cgocorf.default\searchplugins\McSiteAdvisor.xml [2015-12-28]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-02-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-12-22] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-26&ent=hp&u=AE44D1B629480618BC6ED75383D29F5D
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.yahoo.com/"
CHR Profile: C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-01]
CHR Extension: (Google Drive) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-27]
CHR Extension: (YouTube) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-01]
CHR Extension: (Google Search) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-01]
CHR Extension: (SiteAdvisor) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-09-05]
CHR Extension: (Google Docs Offline) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Xfinity) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2014-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-20]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-20]
CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-11] (Conexant Systems, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-11-10] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.190.0\McCSPServiceHost.exe [1694152 2015-10-27] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-04-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2013-11-04] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-28 22:11 - 2015-12-28 22:11 - 00028258 _____ C:\Users\Janis\Desktop\FRST.txt
2015-12-28 22:09 - 2015-12-28 22:09 - 00003691 _____ C:\Users\Janis\Desktop\AdwCleaner[C2].txt
2015-12-28 22:03 - 2015-12-28 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-12-28 21:55 - 2015-12-28 21:55 - 01743360 _____ C:\Users\Janis\Desktop\AdwCleaner.exe
2015-12-28 21:53 - 2015-12-28 21:53 - 00001439 _____ C:\Users\Janis\Desktop\JRT.txt
2015-12-28 21:50 - 2015-12-28 21:50 - 01599336 _____ (Malwarebytes) C:\Users\Janis\Desktop\JRT.exe
2015-12-28 21:43 - 2015-12-28 21:44 - 00004034 _____ C:\Users\Janis\Desktop\Fixlog.txt
2015-12-28 21:30 - 2015-12-28 21:30 - 00079546 _____ C:\Users\Janis\Desktop\nov log.txt
2015-12-26 19:33 - 2015-12-26 19:33 - 00000000 ____D C:\Users\Janis\AppData\Local\Macromedia
2015-12-26 19:32 - 2015-12-28 21:46 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-26 19:32 - 2015-12-28 21:45 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-22 23:15 - 2015-12-23 13:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-22 22:44 - 2015-12-28 22:11 - 00000000 ____D C:\FRST
2015-12-22 22:43 - 2015-12-22 22:43 - 02370560 _____ (Farbar) C:\Users\Janis\Desktop\FRST64.exe
2015-12-22 22:24 - 2015-12-22 22:24 - 00002045 _____ C:\Users\Janis\Desktop\mbm christmas scan.txt
2015-12-08 16:17 - 2015-11-05 02:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-08 16:15 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-08 16:15 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-08 16:15 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-12-08 16:15 - 2015-11-11 09:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-12-08 16:15 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-08 16:15 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-12-08 16:15 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-08 16:15 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-12-08 16:15 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-08 16:15 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-08 16:15 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-08 16:15 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-08 16:15 - 2015-11-09 17:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-12-08 16:15 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-12-08 16:15 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-08 16:15 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-08 16:15 - 2015-11-09 17:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-08 16:15 - 2015-11-09 17:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-12-08 16:15 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-08 16:15 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-08 16:15 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-12-08 16:15 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-08 16:15 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-08 16:15 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-08 16:15 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-08 16:15 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-08 16:15 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-12-08 16:15 - 2015-11-08 15:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-12-08 16:15 - 2015-11-08 15:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-12-08 16:15 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-12-08 16:15 - 2015-11-08 15:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-08 16:15 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-08 16:15 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-08 16:15 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-08 16:15 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-08 16:15 - 2015-11-08 14:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-12-08 16:15 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-08 16:15 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-08 16:15 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-12-08 16:14 - 2015-11-22 00:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-08 16:14 - 2015-11-22 00:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-08 16:14 - 2015-11-22 00:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-12-08 16:14 - 2015-11-22 00:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-12-08 16:14 - 2015-11-22 00:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-12-08 16:14 - 2015-11-22 00:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-12-08 16:14 - 2015-11-22 00:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-08 16:14 - 2015-11-21 12:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-12-08 16:14 - 2015-11-21 11:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-12-08 16:14 - 2015-11-21 10:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-08 16:14 - 2015-11-21 10:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-08 16:14 - 2015-11-21 10:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-08 16:14 - 2015-11-21 10:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-08 16:14 - 2015-11-20 16:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-08 16:14 - 2015-11-20 12:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-08 16:14 - 2015-11-20 10:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-08 16:14 - 2015-11-20 10:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-12-08 16:14 - 2015-11-20 10:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-12-08 16:14 - 2015-11-20 10:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-12-08 16:14 - 2015-11-20 10:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-12-08 16:14 - 2015-11-20 10:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-12-08 16:14 - 2015-11-20 10:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-12-08 16:14 - 2015-11-20 10:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-12-08 16:14 - 2015-11-20 10:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-12-08 16:14 - 2015-11-20 10:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-12-08 16:14 - 2015-11-20 10:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-12-08 16:14 - 2015-11-08 18:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-08 16:14 - 2015-11-08 16:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-08 16:14 - 2015-11-08 15:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-12-08 16:14 - 2015-11-08 15:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-12-08 16:14 - 2015-11-08 15:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-08 16:14 - 2015-11-08 14:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-12-08 16:14 - 2015-11-08 14:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-08 16:14 - 2015-11-08 14:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-08 16:14 - 2015-10-28 09:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-08 16:14 - 2015-10-28 09:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-08 16:14 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-08 16:14 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-08 16:14 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-08 16:14 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-08 16:14 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-08 16:14 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-08 16:14 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-08 16:14 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-08 16:14 - 2015-10-22 10:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-08 16:14 - 2015-10-22 10:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-12-08 16:14 - 2015-10-22 09:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-08 16:14 - 2015-10-22 09:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-12-08 16:14 - 2015-10-22 08:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-08 16:14 - 2015-10-22 08:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-12-08 16:14 - 2015-10-11 00:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-08 16:14 - 2015-10-11 00:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-12-08 16:14 - 2015-10-11 00:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-12-08 16:14 - 2015-10-11 00:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-12-08 16:14 - 2015-10-11 00:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-12-08 16:14 - 2015-10-10 12:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-12-08 16:14 - 2015-10-10 12:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-12-08 16:14 - 2015-10-10 11:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-12-08 16:14 - 2015-10-08 10:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-12-08 16:14 - 2015-10-08 09:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-12-08 16:14 - 2015-10-05 12:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-12-08 16:14 - 2015-10-05 12:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-12-08 16:14 - 2015-10-03 13:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-12-08 16:14 - 2015-10-03 13:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-28 22:10 - 2013-08-22 07:36 - 00000000 ____D C:\Windows
2015-12-28 22:09 - 2013-03-28 22:23 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-12-28 22:08 - 2015-06-17 15:04 - 00003278 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1572351143-274932609-3859850883-1001
2015-12-28 22:08 - 2014-10-22 13:10 - 00000000 ____D C:\Users\Janis\OneDrive
2015-12-28 22:08 - 2014-06-17 08:31 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf8a38ddd2408e.job
2015-12-28 22:08 - 2014-02-24 16:36 - 00003332 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1572351143-274932609-3859850883-1001
2015-12-28 22:07 - 2013-05-16 09:38 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2015-12-28 22:06 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-28 22:06 - 2013-08-22 07:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-28 22:03 - 2015-07-27 11:22 - 00000000 ____D C:\AdwCleaner
2015-12-28 22:03 - 2014-10-22 13:08 - 00000008 __RSH C:\Users\Janis\ntuser.pol
2015-12-28 22:03 - 2014-10-22 10:01 - 00000000 ____D C:\Users\Janis
2015-12-28 22:02 - 2013-05-06 12:21 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1572351143-274932609-3859850883-1001
2015-12-28 21:50 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-28 21:43 - 2013-08-08 10:17 - 00000000 ____D C:\Users\Janis\AppData\LocalLow\Temp
2015-12-28 21:29 - 2015-11-20 17:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-28 21:24 - 2014-06-17 08:31 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf8a38e0b30449.job
2015-12-28 18:54 - 2013-11-21 08:44 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A19C01D2-DDA3-4D45-9C25-740E5A78DD84}
2015-12-28 02:53 - 2014-11-23 17:47 - 00000000 ____D C:\Users\Janis\AppData\Local\Battle.net
2015-12-28 01:54 - 2014-11-23 17:49 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-12-28 01:53 - 2014-11-23 17:46 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-12-27 21:20 - 2013-05-06 12:12 - 00000000 ____D C:\Users\Janis\AppData\Local\Packages
2015-12-26 19:32 - 2013-11-09 05:39 - 00000000 ____D C:\Users\Janis\AppData\Local\Adobe
2015-12-25 07:03 - 2015-06-28 08:03 - 00003064 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2015-12-25 07:03 - 2015-06-28 08:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2015-12-25 07:02 - 2013-03-28 22:20 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-12-24 14:38 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-23 21:22 - 2014-11-23 17:47 - 00000000 ____D C:\Users\Janis\AppData\Roaming\Battle.net
2015-12-23 21:22 - 2014-11-23 17:46 - 00000000 ____D C:\ProgramData\Battle.net
2015-12-23 13:19 - 2014-06-17 18:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-22 22:13 - 2013-08-22 09:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2015-12-20 15:02 - 2013-03-28 22:20 - 00000000 ____D C:\ProgramData\McAfee
2015-12-18 09:36 - 2012-07-26 01:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-18 09:35 - 2015-04-14 19:25 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-12-18 09:35 - 2015-04-14 19:25 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-12-18 09:28 - 2013-03-28 22:20 - 00000000 ____D C:\Program Files\Common Files\mcafee
2015-12-18 09:28 - 2012-07-26 02:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-12-18 05:23 - 2013-08-22 09:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-18 05:22 - 2013-08-07 14:35 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-17 10:39 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-17 10:39 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-17 10:06 - 2013-09-18 15:44 - 00000000 ____D C:\Users\Janis\Documents\Cypress Pointe East Hospital
2015-12-16 13:24 - 2014-05-15 16:42 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-14 10:15 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache
2015-12-11 14:41 - 2014-09-24 01:15 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-11 14:36 - 2013-08-22 08:44 - 00381968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-11 14:35 - 2013-11-04 15:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-11 14:35 - 2013-11-04 15:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-08 16:59 - 2013-11-04 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-08 16:57 - 2013-08-12 10:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-08 16:53 - 2013-05-07 07:04 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 16:31 - 2015-07-21 11:44 - 00003348 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2015-12-08 16:19 - 2014-06-17 08:31 - 00003888 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf8a38e0b30449
2015-12-08 16:19 - 2014-06-17 08:31 - 00003652 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1cf8a38ddd2408e
2015-12-01 11:19 - 2015-05-15 15:10 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 11:19 - 2015-05-15 15:10 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-03-28 22:20 - 2013-03-28 22:20 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-03-28 22:17 - 2013-03-28 22:18 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-03-28 22:18 - 2013-03-28 22:19 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-03-28 22:17 - 2013-03-28 22:17 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-03-28 22:19 - 2013-03-28 22:20 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Files to move or delete:
====================
C:\Users\Janis\BPMcount.exe

Some files in TEMP:
====================
C:\Users\Janis\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-28 22:02

==================== End of FRST.txt ============================

.....

Addition Log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Janis (2015-12-28 22:11:40)
Running from C:\Users\Janis\Desktop
Windows 8.1 (X64) (2014-10-22 19:08:21)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1572351143-274932609-3859850883-500 - Administrator - Disabled)
Guest (S-1-5-21-1572351143-274932609-3859850883-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1572351143-274932609-3859850883-1003 - Limited - Enabled)
Janis (S-1-5-21-1572351143-274932609-3859850883-1001 - Administrator - Enabled) => C:\Users\Janis

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-1572351143-274932609-3859850883-1001\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.3.1.0 - Auslogics Labs Pty Ltd)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.201.3 - Citrix Systems, Inc.)
Classic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.12.0 - Conexant)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 14.0.6120 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1572351143-274932609-3859850883-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 13.1.201.3 - Citrix Systems, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
Self-service Plug-in (x32 Version: 3.2.0.24226 - Citrix Systems, Inc.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SlimCleaner Plus (HKLM\...\{BA219F82-20BF-49AD-A279-E2D69D3B9D3F}) (Version: 1.0.26102 - SlimWare Utilities, Inc.)
Software Updater (HKLM-x32\...\{229E7A38-807F-4C7B-8757-B447549D30A7}) (Version: 4.1.6 - SEIKO EPSON CORPORATION) <==== ATTENTION
WD Drive Utilities (HKLM-x32\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{124310E8-7C49-4C33-B4F2-3CF43F3830B7}) (Version: 2.0.1.2 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{DD178D9D-89DD-4F15-9E56-57C85D1EDF36}) (Version: 2.0.1.2 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{bfb9000e-e7d4-490f-a873-ec2c9cab3b3d}) (Version: 2.0.1.2 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1572351143-274932609-3859850883-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

14-12-2015 10:14:04 Scheduled Checkpoint
18-12-2015 09:34:35 Windows Update
22-12-2015 21:31:35 Windows Update
28-12-2015 21:43:18 Restore Point Created by FRST
28-12-2015 21:51:55 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2015-12-28 21:43 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02D37BF4-7FEB-4BB2-915F-D08A4081B0A6} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {23B93CEA-8CE8-484B-86FE-60C7F661855F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-08] (Microsoft Corporation)
Task: {2B52F345-BF24-435F-8F78-A1005ECAD18E} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {2CCFD06E-BEB0-4CF1-B0F5-BF7472FC819B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {2DBD520F-4943-4D33-9743-97ACB8182D89} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {30D1C0E5-3470-4847-A55E-DE406176DDAC} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8a38e0b30449 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3810800D-C657-4E31-939D-DCEED3560777} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8a38ddd2408e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3A24A579-E7E6-4AAF-9CCA-DC76BEB8131B} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [2015-11-02] (McAfee, Inc.)
Task: {402B4FA6-C98B-4BB3-BDD4-16567934D391} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {46600A92-1FC6-40FB-A8C0-6D157853F311} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {5386E5FC-E0F2-46AE-8B67-B329E93CE07A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1572351143-274932609-3859850883-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {5A8A8EE1-D4F2-4090-B83D-DA3697D4D083} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {6269CE11-9F28-4E63-ADB4-2FBF32545DE9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
Task: {82D547EF-9A9D-4863-949F-5415C33C0FF1} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {8858367A-B898-4396-822C-1974741A1AB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {919B4935-F36C-4585-B494-7F07AEAF70B0} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1572351143-274932609-3859850883-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9BABB565-271C-41CA-A14A-A283542693FB} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1572351143-274932609-3859850883-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {AF839E53-7A7B-43DC-8F8B-E188419DD970} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1572351143-274932609-3859850883-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C1870DB1-FF74-4BD1-87CD-899967551184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C39E28A1-6E39-49C7-B542-F976D36E87FD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {C8BDE528-3E95-4F7F-BE0D-3CA194E8EC2B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
Task: {CDB9F925-01AE-49D7-A442-88C196AF2D13} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {D991C192-6A36-4ADF-B14A-8B103277C764} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E1F73018-DF9A-43AB-AA35-E849A6D2B6A2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1572351143-274932609-3859850883-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {FE0C8D02-6B98-4A13-A406-996B70D6D199} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf8a38ddd2408e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf8a38e0b30449.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-03-19 06:53 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-03-28 22:19 - 2012-04-24 20:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-10-30 03:23 - 2015-09-01 10:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-08-22 01:19 - 2013-08-22 00:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
2013-08-22 01:19 - 2013-08-22 00:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
2013-08-22 01:19 - 2013-08-22 00:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd
2015-12-11 15:29 - 2015-12-11 15:29 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\c89a3da49bf7bd161745f4228277ea00\PSIClient.ni.dll
2013-03-28 22:11 - 2012-07-18 13:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1572351143-274932609-3859850883-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKU\S-1-5-21-1572351143-274932609-3859850883-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-1572351143-274932609-3859850883-1001\...\StartupApproved\Run: => "SlimCleaner Plus"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/28/2015 10:03:43 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler4

Error: (12/28/2015 09:51:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1018

Start Time: 01d141eb8a1c1e37

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 7eac20da-addf-11e5-bec1-a41f726d87b3

Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am

Faulting package-relative application ID: App

Error: (12/28/2015 09:47:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wfcrun32.exe, version: 13.1.201.3, time stamp: 0x4fbcdeaa
Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650afd4
Exception code: 0xc0000005
Fault offset: 0x00018ab9
Faulting process id: 0x15c8
Faulting application start time: 0xwfcrun32.exe0
Faulting application path: wfcrun32.exe1
Faulting module path: wfcrun32.exe2
Report Id: wfcrun32.exe3
Faulting package full name: wfcrun32.exe4
Faulting package-relative application ID: wfcrun32.exe5

Error: (12/28/2015 09:46:42 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (12/28/2015 09:43:49 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (12/28/2015 09:43:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {69c3c5b5-938f-413d-b029-c2a651f21d5a}

Error: (12/28/2015 03:14:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.1.5828, time stamp: 0x56723a12
Faulting module name: mozglue.dll, version: 43.0.1.5828, time stamp: 0x56722c0b
Exception code: 0x80000003
Fault offset: 0x0000ed63
Faulting process id: 0x27ac
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (12/27/2015 12:43:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c18

Start Time: 01d140d5cec0790f

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: c25520c6-acc9-11e5-bec0-a41f726d87b3

Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am

Faulting package-relative application ID: App

Error: (12/25/2015 05:59:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d9c

Start Time: 01d13f0b0e2e0e42

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 01af97b3-aaff-11e5-bec0-a41f726d87b3

Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am

Faulting package-relative application ID: App

Error: (12/25/2015 03:15:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1284

Start Time: 01d13ef424ce92bf

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 1952cd62-aae8-11e5-bec0-a41f726d87b3

Faulting package full name: Allrecipes.Allrecipes_1.20.0.781_neutral__f8zhmzza100am

Faulting package-relative application ID: App

System errors:
=============
Error: (12/28/2015 10:04:12 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (12/28/2015 10:03:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (12/28/2015 10:03:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/28/2015 10:03:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault service terminated unexpectedly. It has done this 1 time(s).

Error: (12/28/2015 10:03:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/28/2015 10:03:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (12/28/2015 10:03:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/28/2015 10:03:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Wizard service terminated unexpectedly. It has done this 1 time(s).

Error: (12/28/2015 10:03:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Customer Connect service terminated unexpectedly. It has done this 1 time(s).

Error: (12/28/2015 10:03:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3330 CPU @ 3.00GHz
Percentage of memory in use: 21%
Total physical RAM: 8063.54 MB
Available physical RAM: 6341.91 MB
Total Virtual: 9343.54 MB
Available Virtual: 7484.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.11 GB) (Free:837.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F863C3B0)

Partition: GPT.

==================== End of Addition.txt ============================

#6
pystryker

Posted 28 December 2015 - 10:35 PM

Trusted Helper

Malware Removal
3,912 posts

Here are the logs you requested. Also, this time around, there wasn't an error message from running FRST. AdwCleaner did have the top option ("delete tracers" or something to that effect) checked already when I ran it - was I correct to leave it checked?

Hello

No worries on the AdwCleaner option, it's fine. The logs look good, let's run a scan for any rootkits on the machine. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with TDSSKiller

Please download TDSSKiller to the desktop.

Alternate download is here.

Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
When the main GUI(graphical user interface) window opens, click on Change Parameters
Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
A Report will have been created by TDSSKiller in your root directory C:\
To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
Post the contents of that log in your next reply please.

Note: Do not have TDSSKiller remove anything if found at this point in time!

Things I need to see in your next post:

TDSSKiller Log

#7
jtg22

Posted 28 December 2015 - 10:48 PM

Member

Topic Starter
Member
111 posts

Hello again,

Here's the TDSSKiller log:

22:43:32.0240 0x0390 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
22:43:32.0240 0x0390 UEFI system
22:43:38.0257 0x0390 ============================================================
22:43:38.0257 0x0390 Current date / time: 2015/12/28 22:43:38.0257
22:43:38.0257 0x0390 SystemInfo:
22:43:38.0257 0x0390
22:43:38.0257 0x0390 OS Version: 6.3.9600 ServicePack: 0.0
22:43:38.0257 0x0390 Product type: Workstation
22:43:38.0257 0x0390 ComputerName: JANS
22:43:38.0257 0x0390 UserName: Janis
22:43:38.0257 0x0390 Windows directory: C:\WINDOWS
22:43:38.0257 0x0390 System windows directory: C:\WINDOWS
22:43:38.0257 0x0390 Running under WOW64
22:43:38.0257 0x0390 Processor architecture: Intel x64
22:43:38.0257 0x0390 Number of processors: 4
22:43:38.0257 0x0390 Page size: 0x1000
22:43:38.0257 0x0390 Boot type: Normal boot
22:43:38.0257 0x0390 ============================================================
22:43:38.0476 0x0390 KLMD registered as C:\WINDOWS\system32\drivers\99747260.sys
22:43:38.0601 0x0390 System UUID: {1A783B66-D0C0-4D3C-D318-B02AD66CCF6D}
22:43:38.0898 0x0390 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:43:38.0914 0x0390 ============================================================
22:43:38.0914 0x0390 \Device\Harddisk0\DR0:
22:43:38.0914 0x0390 GPT partitions:
22:43:38.0914 0x0390 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {7ABAE0E5-472C-4D91-8927-A5370CC0D313}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0xFA000
22:43:38.0914 0x0390 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {796BADD3-6BBF-4D9F-B631-466EB71A4965}, UniqueGUID: {4DEB9004-92D5-43DC-A7C9-14935D63D3F6}, Name: Basic data partition, StartLBA 0xFC000, BlocksNum 0x14000
22:43:38.0914 0x0390 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {3AE89ECD-09AA-4221-AE2F-A9FF47F8D223}, Name: Microsoft reserved partition, StartLBA 0x110000, BlocksNum 0x40000
22:43:38.0914 0x0390 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {F3235B4B-7923-4EE4-A8B6-0CACB48ED5ED}, Name: Basic data partition, StartLBA 0x150000, BlocksNum 0xFA000
22:43:38.0914 0x0390 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {1D7CBA99-5E51-46CA-AA5B-62B722412446}, Name: Basic data partition, StartLBA 0x24A000, BlocksNum 0x72837000
22:43:38.0914 0x0390 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {0A8F5CA0-D1C4-4601-A395-3E7693840777}, Name: , StartLBA 0x72A81000, BlocksNum 0xE1000
22:43:38.0914 0x0390 \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {D1E7F2B2-AAE5-41E8-A62B-C22ECB988EAD}, Name: Microsoft recovery partition, StartLBA 0x72B62000, BlocksNum 0x1BA45B0
22:43:38.0914 0x0390 MBR partitions:
22:43:38.0914 0x0390 ============================================================
22:43:38.0945 0x0390 C: <-> \Device\Harddisk0\DR0\Partition5
22:43:38.0945 0x0390 ============================================================
22:43:38.0945 0x0390 Initialize success
22:43:38.0945 0x0390 ============================================================
22:44:41.0167 0x1324 ============================================================
22:44:41.0167 0x1324 Scan started
22:44:41.0167 0x1324 Mode: Manual; SigCheck; TDLFS;
22:44:41.0167 0x1324 ============================================================
22:44:41.0167 0x1324 KSN ping started
22:44:43.0558 0x1324 KSN ping finished: true
22:44:44.0777 0x1324 ================ Scan system memory ========================
22:44:44.0777 0x1324 System memory - ok
22:44:44.0777 0x1324 ================ Scan services =============================
22:44:44.0886 0x1324 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
22:44:44.0933 0x1324 1394ohci - ok
22:44:44.0964 0x1324 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
22:44:44.0980 0x1324 3ware - ok
22:44:45.0011 0x1324 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
22:44:45.0027 0x1324 ACPI - ok
22:44:45.0043 0x1324 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
22:44:45.0058 0x1324 acpiex - ok
22:44:45.0058 0x1324 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
22:44:45.0074 0x1324 acpipagr - ok
22:44:45.0089 0x1324 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
22:44:45.0105 0x1324 AcpiPmi - ok
22:44:45.0183 0x1324 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
22:44:45.0199 0x1324 acpitime - ok
22:44:45.0293 0x1324 [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:44:45.0308 0x1324 AdobeARMservice - ok
22:44:45.0418 0x1324 [ C3E7E1F3C85A6788F3BA078BA214341E, A3D72ACE045730DC1C8A6F4E3937C5C765AB447BF7C573BEC53DE8148EB4A1C8 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:44:45.0418 0x1324 AdobeFlashPlayerUpdateSvc - ok
22:44:45.0449 0x1324 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
22:44:45.0480 0x1324 ADP80XX - ok
22:44:45.0496 0x1324 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
22:44:45.0511 0x1324 AeLookupSvc - ok
22:44:45.0543 0x1324 [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD             C:\WINDOWS\system32\drivers\afd.sys
22:44:45.0558 0x1324 AFD - ok
22:44:45.0574 0x1324 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
22:44:45.0589 0x1324 agp440 - ok
22:44:45.0605 0x1324 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
22:44:45.0621 0x1324 ahcache - ok
22:44:45.0636 0x1324 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
22:44:45.0652 0x1324 ALG - ok
22:44:45.0652 0x1324 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
22:44:45.0652 0x1324 AmdK8 - ok
22:44:45.0668 0x1324 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
22:44:45.0668 0x1324 AmdPPM - ok
22:44:45.0683 0x1324 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
22:44:45.0699 0x1324 amdsata - ok
22:44:45.0699 0x1324 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
22:44:45.0714 0x1324 amdsbs - ok
22:44:45.0730 0x1324 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
22:44:45.0730 0x1324 amdxata - ok
22:44:45.0746 0x1324 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
22:44:45.0761 0x1324 AppID - ok
22:44:45.0777 0x1324 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
22:44:45.0777 0x1324 AppIDSvc - ok
22:44:45.0793 0x1324 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
22:44:45.0808 0x1324 Appinfo - ok
22:44:45.0824 0x1324 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
22:44:45.0839 0x1324 AppReadiness - ok
22:44:45.0886 0x1324 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
22:44:45.0918 0x1324 AppXSvc - ok
22:44:45.0918 0x1324 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
22:44:45.0933 0x1324 arcsas - ok
22:44:45.0933 0x1324 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
22:44:45.0949 0x1324 atapi - ok
22:44:46.0043 0x1324 [ 2C7676F892E88FD190F08D98048C7C6C, 44C13C103F61DA4D1A3823D37344F8C9465A611A9560808CE928925FB69604F7 ] athr            C:\WINDOWS\system32\DRIVERS\athw8x.sys
22:44:46.0105 0x1324 athr - ok
22:44:46.0136 0x1324 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
22:44:46.0152 0x1324 AudioEndpointBuilder - ok
22:44:46.0168 0x1324 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
22:44:46.0199 0x1324 Audiosrv - ok
22:44:46.0199 0x1324 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
22:44:46.0215 0x1324 AxInstSV - ok
22:44:46.0230 0x1324 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
22:44:46.0246 0x1324 b06bdrv - ok
22:44:46.0261 0x1324 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
22:44:46.0261 0x1324 BasicDisplay - ok
22:44:46.0261 0x1324 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
22:44:46.0277 0x1324 BasicRender - ok
22:44:46.0293 0x1324 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
22:44:46.0293 0x1324 bcmfn2 - ok
22:44:46.0324 0x1324 [ 4B6F61BD394DCEDA9B06D702836531C2, 83C739467BD9A00FE09BCE83BB9409EA2DA62FCDD2384F9EE98626226223E918 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
22:44:46.0340 0x1324 BDESVC - ok
22:44:46.0355 0x1324 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
22:44:46.0371 0x1324 Beep - ok
22:44:46.0402 0x1324 [ 8F2AD111B47A190F325EE7495D3C1803, C61F1506E74A9EFBB61B8A06B30886B6E891C33211F755F30B924EBA202ECEC5 ] BFE             C:\WINDOWS\System32\bfe.dll
22:44:46.0418 0x1324 BFE - ok
22:44:46.0465 0x1324 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
22:44:46.0480 0x1324 BITS - ok
22:44:46.0496 0x1324 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
22:44:46.0511 0x1324 bowser - ok
22:44:46.0511 0x1324 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
22:44:46.0527 0x1324 BrokerInfrastructure - ok
22:44:46.0543 0x1324 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
22:44:46.0543 0x1324 Browser - ok
22:44:46.0558 0x1324 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
22:44:46.0574 0x1324 BthAvrcpTg - ok
22:44:46.0590 0x1324 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
22:44:46.0605 0x1324 BthHFEnum - ok
22:44:46.0605 0x1324 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
22:44:46.0605 0x1324 bthhfhid - ok
22:44:46.0621 0x1324 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
22:44:46.0636 0x1324 BthHFSrv - ok
22:44:46.0652 0x1324 [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
22:44:46.0652 0x1324 BTHMODEM - ok
22:44:46.0668 0x1324 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
22:44:46.0683 0x1324 bthserv - ok
22:44:46.0683 0x1324 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
22:44:46.0699 0x1324 cdfs - ok
22:44:46.0715 0x1324 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
22:44:46.0715 0x1324 cdrom - ok
22:44:46.0730 0x1324 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
22:44:46.0746 0x1324 CertPropSvc - ok
22:44:46.0777 0x1324 [ D7BB4B5C3339D23901BD6265171918D5, 77F8BD68ED0DC6F5B248A98B424D2F22CDA7EDF515F3B1F6BA02B4FC8BE84DF6 ] cfwids          C:\WINDOWS\system32\drivers\cfwids.sys
22:44:46.0777 0x1324 cfwids - ok
22:44:46.0777 0x1324 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
22:44:46.0793 0x1324 circlass - ok
22:44:46.0808 0x1324 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
22:44:46.0824 0x1324 CLFS - ok
22:44:47.0058 0x1324 [ 7A36AD856A17AFB1EBAAD3C5BF1362A1, 9779501A2B733B6F2855E421115C0123AC3A67715E7E7C85ACED58939DC0883D ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
22:44:47.0121 0x1324 ClickToRunSvc - ok
22:44:47.0136 0x1324 [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
22:44:47.0152 0x1324 CLVirtualDrive - ok
22:44:47.0152 0x1324 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
22:44:47.0168 0x1324 CmBatt - ok
22:44:47.0199 0x1324 [ 0DE32A0BB1FE2A773666572F79584520, C417C12476B937265BEDC9A2C3C3F6C50FD19AEC096362337B0921627A2A92EA ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
22:44:47.0215 0x1324 CNG - ok
22:44:47.0277 0x1324 [ 115F8A91E5A7E6E3A3D86D648F72D629, C63A3B4F4A3201DC75AA63500A5F526EA0BAEBD8CAF14C72B3DA51A736F6F84C ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDRT64.sys
22:44:47.0309 0x1324 CnxtHdAudService - ok
22:44:47.0309 0x1324 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
22:44:47.0324 0x1324 CompositeBus - ok
22:44:47.0324 0x1324 COMSysApp - ok
22:44:47.0324 0x1324 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
22:44:47.0340 0x1324 condrv - ok
22:44:47.0371 0x1324 [ 15FBADDC84ED202E59A4F1B201CC692C, A50092155B18DAD51049A72503002F08C1BB2DFDA239C4D3555360C163F2F782 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
22:44:47.0371 0x1324 cphs - ok
22:44:47.0387 0x1324 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
22:44:47.0402 0x1324 CryptSvc - ok
22:44:47.0418 0x1324 [ F02D7FD231AF76C69A8F09C619DEE384, 8A491BB0BFBD99804262A23E2687C58323A4042748CF201A32E35079FEDAF218 ] ctxusbm         C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
22:44:47.0434 0x1324 ctxusbm - ok
22:44:47.0449 0x1324 [ 9A59DF2CA690019FEA3B265D5A7EB619, F15D51B3C78A213BA6D6FF7CEA58549673CEAFE97C0A6C90C93591637CE4D5B2 ] CxUtilSvc       C:\Program Files\Conexant\SA3\CxUtilSvc.exe
22:44:47.0465 0x1324 CxUtilSvc - ok
22:44:47.0480 0x1324 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
22:44:47.0496 0x1324 dam - ok
22:44:47.0512 0x1324 [ FCAF82CBCEF4471A742C48BC48A580E0, 4431FF46127884CE28A4FDCDE72A14FDAD95B4C84577A26DA4FC1782396DD089 ] dc3d            C:\WINDOWS\System32\drivers\dc3d.sys
22:44:47.0512 0x1324 dc3d - ok
22:44:47.0559 0x1324 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
22:44:47.0574 0x1324 DcomLaunch - ok
22:44:47.0590 0x1324 [ B56714DED87E29377F1EE930691DADA2, B3C3BC4F546A786A93823C1471D560BF678A9C95237065E3B99B2B80E6C28131 ] DDDriver        C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys
22:44:47.0605 0x1324 DDDriver - ok
22:44:47.0637 0x1324 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
22:44:47.0652 0x1324 defragsvc - ok
22:44:47.0699 0x1324 [ 84B7E11D6AC61D93722D602FD3A50287, 5BDAAD9A6D02F1F88AB86EFD71C91F3008B01FB1DA85C27AE2D31BA05D38FFF0 ] Dell Customer Connect C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
22:44:47.0715 0x1324 Dell Customer Connect - ok
22:44:47.0824 0x1324 [ FD2B661335F35AC52B23488CCF2162B7, 2A7878E36F0D73F174ACE7CF7191DFA20AB326A5113F961D987CA4F54B4B2C4D ] DellDataVault   C:\Program Files\Dell\DellDataVault\DellDataVault.exe
22:44:47.0871 0x1324 DellDataVault - ok
22:44:47.0902 0x1324 [ 6B572F7A4BF21250BBCF7071F565C4AF, E55244C9A4B4D7AFF0732BD66EE15A4CDDB0B3A1A8D9750E595A1966A9599B6F ] DellDataVaultWiz C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
22:44:47.0918 0x1324 DellDataVaultWiz - ok
22:44:47.0918 0x1324 [ DC3BD578642252FD9569B9CD75CEF81E, 63F44BC19389C19BA9F9E974BF2E5236AF7F66D9076943B9CF46775264BBE413 ] DellProf        C:\WINDOWS\system32\drivers\DellProf.sys
22:44:47.0934 0x1324 DellProf - ok
22:44:47.0934 0x1324 [ DC253191A553DACA7684CFB5B03A4268, 2D651A059F1334671E875EB4FC642383DCC00710809255DA29F96C41EC2C8205 ] DellRbtn        C:\WINDOWS\System32\drivers\DellRbtn.sys
22:44:47.0949 0x1324 DellRbtn - ok
22:44:47.0981 0x1324 [ 44C694C2B542DB3CDAEBDB1FF3233F4D, 888CA6F60ECF508DE4D414FCAB680BC7A103237701D47840552F6CCA64FF7176 ] DellUpdate      C:\Program Files (x86)\Dell Update\DellUpService.exe
22:44:47.0996 0x1324 DellUpdate - ok
22:44:48.0027 0x1324 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
22:44:48.0043 0x1324 DeviceAssociationService - ok
22:44:48.0059 0x1324 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
22:44:48.0074 0x1324 DeviceInstall - ok
22:44:48.0090 0x1324 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
22:44:48.0106 0x1324 Dfsc - ok
22:44:48.0121 0x1324 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
22:44:48.0137 0x1324 Dhcp - ok
22:44:48.0199 0x1324 [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
22:44:48.0231 0x1324 DiagTrack - ok
22:44:48.0246 0x1324 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
22:44:48.0246 0x1324 disk - ok
22:44:48.0262 0x1324 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
22:44:48.0277 0x1324 dmvsc - ok
22:44:48.0293 0x1324 [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
22:44:48.0293 0x1324 Dnscache - ok
22:44:48.0309 0x1324 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
22:44:48.0324 0x1324 dot3svc - ok
22:44:48.0340 0x1324 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
22:44:48.0356 0x1324 DPS - ok
22:44:48.0356 0x1324 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
22:44:48.0371 0x1324 drmkaud - ok
22:44:48.0371 0x1324 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
22:44:48.0387 0x1324 DsmSvc - ok
22:44:48.0434 0x1324 [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
22:44:48.0481 0x1324 DXGKrnl - ok
22:44:48.0496 0x1324 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
22:44:48.0496 0x1324 Eaphost - ok
22:44:48.0559 0x1968 Object required for P2P: [ C3E7E1F3C85A6788F3BA078BA214341E ] AdobeFlashPlayerUpdateSvc
22:44:48.0574 0x1324 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
22:44:48.0637 0x1324 ebdrv - ok
22:44:48.0668 0x1324 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
22:44:48.0668 0x1324 EFS - ok
22:44:48.0684 0x1324 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
22:44:48.0684 0x1324 EhStorClass - ok
22:44:48.0699 0x1324 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
22:44:48.0699 0x1324 EhStorTcgDrv - ok
22:44:48.0746 0x1324 [ 1E0764A8A8F39BAAEB271DA597422584, 0FEC21BF69925496E11DCDBB3409F63C0F7970FF2B68391CD6E3EF6F566FD2A3 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
22:44:48.0777 0x1324 EpsonCustomerParticipation - ok
22:44:48.0793 0x1324 [ 20ECD0A490A121CB34F553FAD1DBBD39, 17C9DA33E78FBC7582B0AA53C611929B80FBBE1343B84A179D515B51C964D218 ] EpsonScanSvc    C:\Windows\system32\EscSvc64.exe
22:44:48.0793 0x1324 EpsonScanSvc - ok
22:44:48.0809 0x1324 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
22:44:48.0824 0x1324 ErrDev - ok
22:44:48.0840 0x1324 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
22:44:48.0856 0x1324 EventSystem - ok
22:44:48.0871 0x1324 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
22:44:48.0887 0x1324 exfat - ok
22:44:48.0887 0x1324 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
22:44:48.0902 0x1324 fastfat - ok
22:44:48.0934 0x1324 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
22:44:48.0949 0x1324 Fax - ok
22:44:48.0949 0x1324 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
22:44:48.0965 0x1324 fdc - ok
22:44:48.0981 0x1324 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
22:44:48.0981 0x1324 fdPHost - ok
22:44:48.0996 0x1324 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
22:44:49.0012 0x1324 FDResPub - ok
22:44:49.0012 0x1324 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
22:44:49.0027 0x1324 fhsvc - ok
22:44:49.0027 0x1324 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
22:44:49.0043 0x1324 FileInfo - ok
22:44:49.0059 0x1324 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
22:44:49.0059 0x1324 Filetrace - ok
22:44:49.0059 0x1324 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
22:44:49.0074 0x1324 flpydisk - ok
22:44:49.0106 0x1324 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
22:44:49.0121 0x1324 FltMgr - ok
22:44:49.0152 0x1324 [ 2F225BC85B84C04EA01BAB8D8DACFA83, 1F6E20C8F0FFD3FA60BDF556FB8392FE014E6519C3F314D1D22D394DB2A040CA ] FontCache       C:\WINDOWS\system32\FntCache.dll
22:44:49.0184 0x1324 FontCache - ok
22:44:49.0262 0x1324 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:44:49.0277 0x1324 FontCache3.0.0.0 - ok
22:44:49.0293 0x1324 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
22:44:49.0309 0x1324 FsDepends - ok
22:44:49.0324 0x1324 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:44:49.0340 0x1324 Fs_Rec - ok
22:44:49.0371 0x1324 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
22:44:49.0387 0x1324 fvevol - ok
22:44:49.0387 0x1324 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
22:44:49.0403 0x1324 FxPPM - ok
22:44:49.0403 0x1324 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
22:44:49.0418 0x1324 gagp30kx - ok
22:44:49.0434 0x1324 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
22:44:49.0434 0x1324 gencounter - ok
22:44:49.0449 0x1324 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
22:44:49.0465 0x1324 GPIOClx0101 - ok
22:44:49.0496 0x1324 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
22:44:49.0528 0x1324 gpsvc - ok
22:44:49.0559 0x1324 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:44:49.0574 0x1324 gupdate - ok
22:44:49.0574 0x1324 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:44:49.0590 0x1324 gupdatem - ok
22:44:49.0606 0x1324 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
22:44:49.0606 0x1324 HDAudBus - ok
22:44:49.0606 0x1324 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
22:44:49.0621 0x1324 HidBatt - ok
22:44:49.0637 0x1324 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
22:44:49.0653 0x1324 HidBth - ok
22:44:49.0653 0x1324 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
22:44:49.0653 0x1324 hidi2c - ok
22:44:49.0684 0x1324 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
22:44:49.0684 0x1324 HidIr - ok
22:44:49.0699 0x1324 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
22:44:49.0715 0x1324 hidserv - ok
22:44:49.0715 0x1324 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
22:44:49.0731 0x1324 HidUsb - ok
22:44:49.0746 0x1324 [ E7AF59F1E0352F5EBEC4ECD32103D405, 0E02E031799F407A1BCE926D46471E7EFB8820359CBDE73759219B86C1882EB8 ] HipShieldK      C:\WINDOWS\system32\drivers\HipShieldK.sys
22:44:49.0762 0x1324 HipShieldK - ok
22:44:49.0762 0x1324 [ FCE2251FE4464DCAA2F4684F19A8EE9B, 8062CD636DEFA8E160427BC2C61BC5C0DAA5396E16ABE9353B27C217FDE70B04 ] hitmanpro37     C:\Windows\system32\drivers\hitmanpro37.sys
22:44:49.0778 0x1324 hitmanpro37 - ok
22:44:49.0778 0x1324 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
22:44:49.0793 0x1324 hkmsvc - ok
22:44:49.0809 0x1324 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
22:44:49.0824 0x1324 HomeGroupListener - ok
22:44:49.0856 0x1324 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
22:44:49.0871 0x1324 HomeGroupProvider - ok
22:44:49.0934 0x1324 [ 47F727600D00D12E15748FCCAF29E6FA, 404D41E2EC61C7D14DAF866C7D86385E73C07F2B17AC90A8768009840292E3AD ] HomeNetSvc      C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
22:44:49.0949 0x1324 HomeNetSvc - ok
22:44:49.0949 0x1324 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
22:44:49.0965 0x1324 HpSAMD - ok
22:44:49.0996 0x1324 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
22:44:50.0028 0x1324 HTTP - ok
22:44:50.0028 0x1324 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
22:44:50.0043 0x1324 hwpolicy - ok
22:44:50.0043 0x1324 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
22:44:50.0059 0x1324 hyperkbd - ok
22:44:50.0059 0x1324 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
22:44:50.0059 0x1324 HyperVideo - ok
22:44:50.0090 0x1324 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
22:44:50.0090 0x1324 i8042prt - ok
22:44:50.0106 0x1324 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
22:44:50.0121 0x1324 iaLPSSi_GPIO - ok
22:44:50.0121 0x1324 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
22:44:50.0137 0x1324 iaLPSSi_I2C - ok
22:44:50.0168 0x1324 [ 459016E8A4FA6426EDB5A9456A6E5E58, 92B73EE5559ABD8783EC5AF8A2B6EBDE0D937745B4BEDBEA6DF06DD8606AE56C ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
22:44:50.0184 0x1324 iaStorA - ok
22:44:50.0199 0x1324 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
22:44:50.0215 0x1324 iaStorAV - ok
22:44:50.0278 0x1324 [ 0AB254994A460550258446950BB58311, BD10811912680DD3B814B7D1303785C996D892C79108110A2257E9BD0C28245C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
22:44:50.0293 0x1324 IAStorDataMgrSvc - ok
22:44:50.0324 0x1324 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
22:44:50.0340 0x1324 iaStorV - ok
22:44:50.0340 0x1324 IEEtwCollectorService - ok
22:44:50.0449 0x1324 [ C38AFE18A40ADF005647090DD3AC24F3, 302810C31B005DD4C9143233AB5B4F332C62AD866A7C7AB0E8F8F81AE1766B11 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
22:44:50.0528 0x1324 igfx - ok
22:44:50.0574 0x1324 [ 7A510A9AFC7955DEE63F8DC243E31292, 13906F6212F4C116BE224F2A8AFFF089ACFED8F543E26FC6208FF38463366173 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
22:44:50.0590 0x1324 igfxCUIService1.0.0.0 - ok
22:44:50.0637 0x1324 [ AF8A43C376F83A4A1E7DA16461EDE114, EBA10519B074888355A4FC11D52FF1E6A52F88F754B7F1F9863A8313638645CB ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
22:44:50.0684 0x1324 IKEEXT - ok
22:44:50.0684 0x1324 [ FC7C456AF9B9811499EDBD10616832EE, CA2D8B0E672D3AE449C2FF0B9E142D74E8C72FD877D11162A9F7CC51AF58220F ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
22:44:50.0699 0x1324 intaud_WaveExtensible - ok
22:44:50.0731 0x1324 [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
22:44:50.0746 0x1324 IntcDAud - ok
22:44:50.0778 0x1324 [ B353F1834FCD36D77BE3F74992C147D4, BFBC42B500FC7D6D2B523F988DD54156D2B6132CBE366EB591BF45556959A8E9 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
22:44:50.0809 0x1324 Intel® Capability Licensing Service Interface - ok
22:44:50.0824 0x1324 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
22:44:50.0824 0x1324 intelide - ok
22:44:50.0856 0x1324 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
22:44:50.0871 0x1324 intelpep - ok
22:44:50.0871 0x1324 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
22:44:50.0887 0x1324 intelppm - ok
22:44:50.0903 0x1324 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:44:50.0918 0x1324 IpFilterDriver - ok
22:44:50.0949 0x1324 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
22:44:50.0981 0x1324 iphlpsvc - ok
22:44:50.0981 0x1324 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
22:44:50.0996 0x1324 IPMIDRV - ok
22:44:51.0012 0x1324 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
22:44:51.0012 0x1324 IPNAT - ok
22:44:51.0028 0x1324 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
22:44:51.0043 0x1324 IRENUM - ok
22:44:51.0043 0x1324 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
22:44:51.0043 0x1324 isapnp - ok
22:44:51.0059 0x1324 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
22:44:51.0074 0x1324 iScsiPrt - ok
22:44:51.0074 0x1324 [ A90C843F4FDD7A07129BA73C6BE13976, A76DEA9F09E3B2F18D3B646A0DD39E2773EC62E2F3C55421BA61C12190D78C1C ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
22:44:51.0090 0x1324 iwdbus - ok
22:44:51.0121 0x1324 [ 5B7DE9D87B9D2713BDD6A53678DC2A49, E7A0D68FA2ED2730640F40FF59338BE173C8973BFC38286E6320CA332A39C204 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
22:44:51.0121 0x1324 jhi_service - ok
22:44:51.0137 0x1324 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
22:44:51.0153 0x1324 kbdclass - ok
22:44:51.0168 0x1324 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
22:44:51.0168 0x1324 kbdhid - ok
22:44:51.0168 0x1324 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
22:44:51.0184 0x1324 kdnic - ok
22:44:51.0199 0x1324 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
22:44:51.0199 0x1324 KeyIso - ok
22:44:51.0231 0x1324 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
22:44:51.0231 0x1324 KSecDD - ok
22:44:51.0246 0x1968 Object send P2P result: true
22:44:51.0262 0x1324 [ 35C19AF2116F67914712D7C4CBE47B8C, 5F976726880A6E51D7ABFA7E3EF7294C6FB7F383DC5710A2C2EC8DD26DAEC204 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
22:44:51.0262 0x1324 KSecPkg - ok
22:44:51.0278 0x1324 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
22:44:51.0293 0x1324 ksthunk - ok
22:44:51.0309 0x1324 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
22:44:51.0324 0x1324 KtmRm - ok
22:44:51.0340 0x1324 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
22:44:51.0356 0x1324 LanmanServer - ok
22:44:51.0371 0x1324 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
22:44:51.0387 0x1324 LanmanWorkstation - ok
22:44:51.0403 0x1324 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
22:44:51.0418 0x1324 lfsvc - ok
22:44:51.0434 0x1324 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
22:44:51.0449 0x1324 lltdio - ok
22:44:51.0449 0x1324 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
22:44:51.0465 0x1324 lltdsvc - ok
22:44:51.0481 0x1324 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
22:44:51.0496 0x1324 lmhosts - ok
22:44:51.0496 0x1324 [ E70FD0D2C95F559A17321D831875593D, 57839ADA7CC6606D98B43FC2F4EC6F5E9B75A2F3EC937C11322201128A161E0D ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:44:51.0512 0x1324 LMS - ok
22:44:51.0528 0x1324 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
22:44:51.0543 0x1324 LSI_SAS - ok
22:44:51.0543 0x1324 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
22:44:51.0559 0x1324 LSI_SAS2 - ok
22:44:51.0559 0x1324 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
22:44:51.0574 0x1324 LSI_SAS3 - ok
22:44:51.0574 0x1324 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
22:44:51.0590 0x1324 LSI_SSS - ok
22:44:51.0606 0x1324 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\WINDOWS\System32\lsm.dll
22:44:51.0637 0x1324 LSM - ok
22:44:51.0653 0x1324 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
22:44:51.0668 0x1324 luafv - ok
22:44:51.0684 0x1324 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
22:44:51.0684 0x1324 MBAMProtector - ok
22:44:51.0731 0x1324 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
22:44:51.0746 0x1324 MBAMService - ok
22:44:51.0762 0x1324 [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
22:44:51.0762 0x1324 MBAMWebAccessControl - ok
22:44:51.0793 0x1324 [ 5096855DA1FB50A028ACA15B5CC358D9, 15A84A1FD6856CFFF6D9C5D0F5F29A71781033A5E388B3E310306600600D1221 ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
22:44:51.0809 0x1324 McAfee SiteAdvisor Service - ok
22:44:51.0871 0x1324 [ 62C2E5AB62EABACCB7CA53A7C24D2638, 99CA9D139C471F445B59D40EE9213A2BE81CE0E317D1EFCCC514EDE1EA768343 ] McAPExe         C:\Program Files\McAfee\MSC\McAPExe.exe
22:44:51.0887 0x1324 McAPExe - ok
22:44:51.0918 0x1324 [ 1E3AF124A3405EEE594BB9FFD4640F48, 7916D86433A6A305CC9699A8901795E74A22C99A2C6B091BAC951E30F7510FF7 ] McAWFwk         C:\Program Files\mcafee\msc\McAWFwk.exe
22:44:51.0918 0x1324 McAWFwk - ok
22:44:51.0996 0x1324 [ D02EF4F75F84FF46011AA7C1DC08D1A2, F8568188B45A2C1CF2C4B83373F46AEAF590F576297D3DFBE21127D3AA21A988 ] mccspsvc        C:\Program Files\Common Files\McAfee\CSP\1.8.190.0\McCSPServiceHost.exe
22:44:52.0028 0x1324 mccspsvc - ok
22:44:52.0059 0x1324 [ 47F727600D00D12E15748FCCAF29E6FA, 404D41E2EC61C7D14DAF866C7D86385E73C07F2B17AC90A8768009840292E3AD ] McMPFSvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
22:44:52.0059 0x1324 McMPFSvc - ok
22:44:52.0075 0x1324 [ 47F727600D00D12E15748FCCAF29E6FA, 404D41E2EC61C7D14DAF866C7D86385E73C07F2B17AC90A8768009840292E3AD ] McNaiAnn        C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
22:44:52.0090 0x1324 McNaiAnn - ok
22:44:52.0137 0x1324 [ 1E911C91938467BC94389711BE4CDFF6, 2FD6679D0AB2982B19A4498ACF1F628FBD7638249D03ADB141308955A86FB288 ] McODS           C:\Program Files\mcafee\VirusScan\mcods.exe
22:44:52.0168 0x1324 McODS - ok
22:44:52.0184 0x1324 [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] McOobeSv        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:44:52.0200 0x1324 McOobeSv - ok
22:44:52.0215 0x1324 [ 47F727600D00D12E15748FCCAF29E6FA, 404D41E2EC61C7D14DAF866C7D86385E73C07F2B17AC90A8768009840292E3AD ] mcpltsvc        C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
22:44:52.0231 0x1324 mcpltsvc - ok
22:44:52.0246 0x1324 [ 47F727600D00D12E15748FCCAF29E6FA, 404D41E2EC61C7D14DAF866C7D86385E73C07F2B17AC90A8768009840292E3AD ] McProxy         C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
22:44:52.0262 0x1324 McProxy - ok
22:44:52.0278 0x1324 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
22:44:52.0293 0x1324 megasas - ok
22:44:52.0309 0x1324 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
22:44:52.0325 0x1324 megasr - ok
22:44:52.0340 0x1324 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
22:44:52.0356 0x1324 MEIx64 - ok
22:44:52.0371 0x1324 [ 67CD258ECEA02ADA4D57592AE720F452, D4A1A4CC2749BF2FA798D7A2661D367F45124BE08A31ABBBA58B48BCE83EE62C ] mfeaack         C:\WINDOWS\system32\drivers\mfeaack.sys
22:44:52.0387 0x1324 mfeaack - ok
22:44:52.0403 0x1324 [ E3084E1F0A542DF32312B7D2FE52D6E1, D0988DAB235A8D1F51C2DCB33BCECB047C3F3CED309267691D750BC41F578B36 ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
22:44:52.0418 0x1324 mfeavfk - ok
22:44:52.0434 0x1324 [ B6573DD495385DDB9B304812C23D17AA, 8DD70B450B59B155348C54F67E16715DA7518F59F345F29C50CC5C64741153FC ] mfeelamk        C:\WINDOWS\system32\drivers\mfeelamk.sys
22:44:52.0434 0x1324 mfeelamk - ok
22:44:52.0465 0x1324 [ 0A8120FB835F5FC47609F7C7744343C2, 2748C15997BCF0C47F784C2F037730370B0FCF79FE03CC2ACA8A98B2956D5DC8 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
22:44:52.0465 0x1324 mfefire - ok
22:44:52.0496 0x1324 [ 5203A63B8FDB8E072BDFA036D63589C3, F81601F50DE177D10B804D69321225DCCCD9C61394A43A6EC647F71FCFE4921F ] mfefirek        C:\WINDOWS\system32\drivers\mfefirek.sys
22:44:52.0512 0x1324 mfefirek - ok
22:44:52.0543 0x1324 [ 578AE1184B6342A06E7020BE866472D5, 53CB9E37EBDFA1137F56860ABE6EE0F82532733254D654A4982087E0D3FE765E ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
22:44:52.0559 0x1324 mfehidk - ok
22:44:52.0575 0x1324 [ 29CAAED140D5A9E837E1188FA2EF0FD0, 51E806B927B1F0C0E0FB3DEA9F8ED99350F74285276660FF68F4460D2D8D3E1A ] mfemms          C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
22:44:52.0590 0x1324 mfemms - ok
22:44:52.0606 0x1324 [ 9DC97E684A0F4AAF726D54B6B252315C, 1420F084ABC20619F9A8D1D5A30ADEA0A21432D0327634C97A58FA62452DC781 ] mfencbdc        C:\WINDOWS\system32\DRIVERS\mfencbdc.sys
22:44:52.0621 0x1324 mfencbdc - ok
22:44:52.0637 0x1324 [ 984C0003040946578022D3A5405652D9, E52E5EB4F2A50573854BB8BC37326B75138278E6F96E32937AFB01AB359307A9 ] mfencrk         C:\WINDOWS\system32\DRIVERS\mfencrk.sys
22:44:52.0637 0x1324 mfencrk - ok
22:44:52.0668 0x1324 [ FB4F8875C0927BB29EC052D09950AE96, 78B8ECD9A16F94FE1C1FD23B17250A2089789AC9E33B162F0ECAB9893B6B1142 ] mfesapsn        C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys
22:44:52.0668 0x1324 mfesapsn - ok
22:44:52.0700 0x1324 [ C76DEBD4675A90C6A9CECA4E12F9295C, 91AACFC1C1B345D212354C33383A654C6D51BF3F676455C7068B7DD96E8F2476 ] mfevtp          C:\Windows\system32\mfevtps.exe
22:44:52.0715 0x1324 mfevtp - ok
22:44:52.0731 0x1324 [ F0E1B2EF49D967B17256F2334E93005A, 05A34ED584CD4D4E8722638D76F6E24B3EDAC605ABBBAB7812958AFA0CAA3B88 ] mfewfpk         C:\WINDOWS\system32\drivers\mfewfpk.sys
22:44:52.0746 0x1324 mfewfpk - ok
22:44:52.0762 0x1324 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
22:44:52.0778 0x1324 MMCSS - ok
22:44:52.0793 0x1324 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
22:44:52.0809 0x1324 Modem - ok
22:44:52.0840 0x1324 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
22:44:52.0840 0x1324 monitor - ok
22:44:52.0856 0x1324 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
22:44:52.0856 0x1324 mouclass - ok
22:44:52.0871 0x1324 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
22:44:52.0887 0x1324 mouhid - ok
22:44:52.0903 0x1324 [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
22:44:52.0903 0x1324 mountmgr - ok
22:44:52.0934 0x1324 [ EB4B5C8AB9DA5585CCC975CD3D072115, BEED5B7478F92C9FB1BBB62FFCEB5321A5C12A7C1AA9B20151BF22064589CD46 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:44:52.0950 0x1324 MozillaMaintenance - ok
22:44:52.0965 0x1324 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
22:44:52.0965 0x1324 mpsdrv - ok
22:44:53.0012 0x1324 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
22:44:53.0043 0x1324 MpsSvc - ok
22:44:53.0059 0x1324 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
22:44:53.0059 0x1324 MRxDAV - ok
22:44:53.0090 0x1324 [ 89DE71940A0E7F5BA617AE08321EF5C3, BD056C9E18E902D6F118E59A6AC68415BFA0690A02D2B360F6C111CE3B5EAC67 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:44:53.0106 0x1324 mrxsmb - ok
22:44:53.0121 0x1324 [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
22:44:53.0137 0x1324 mrxsmb10 - ok
22:44:53.0168 0x1324 [ EE16457030175F449BAB0ABD279F4B6A, DF627054136079553A24AD12DC7374F1ACEEAD782EFFDC278996AD7BCCE98877 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
22:44:53.0168 0x1324 mrxsmb20 - ok
22:44:53.0184 0x1324 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
22:44:53.0200 0x1324 MsBridge - ok
22:44:53.0215 0x1324 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
22:44:53.0231 0x1324 MSDTC - ok
22:44:53.0246 0x1324 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
22:44:53.0262 0x1324 Msfs - ok
22:44:53.0262 0x1324 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
22:44:53.0278 0x1324 msgpiowin32 - ok
22:44:53.0293 0x1324 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
22:44:53.0293 0x1324 mshidkmdf - ok
22:44:53.0309 0x1324 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
22:44:53.0309 0x1324 mshidumdf - ok
22:44:53.0325 0x1324 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
22:44:53.0325 0x1324 msisadrv - ok
22:44:53.0340 0x1324 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
22:44:53.0356 0x1324 MSiSCSI - ok
22:44:53.0356 0x1324 msiserver - ok
22:44:53.0371 0x1324 [ 47F727600D00D12E15748FCCAF29E6FA, 404D41E2EC61C7D14DAF866C7D86385E73C07F2B17AC90A8768009840292E3AD ] MSK80Service    C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
22:44:53.0387 0x1324 MSK80Service - ok
22:44:53.0387 0x1324 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:44:53.0403 0x1324 MSKSSRV - ok
22:44:53.0418 0x1324 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
22:44:53.0418 0x1324 MsLldp - ok
22:44:53.0434 0x1324 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:44:53.0434 0x1324 MSPCLOCK - ok
22:44:53.0450 0x1324 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
22:44:53.0450 0x1324 MSPQM - ok
22:44:53.0465 0x1324 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
22:44:53.0481 0x1324 MsRPC - ok
22:44:53.0496 0x1324 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
22:44:53.0496 0x1324 mssmbios - ok
22:44:53.0512 0x1324 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
22:44:53.0512 0x1324 MSTEE - ok
22:44:53.0512 0x1324 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
22:44:53.0528 0x1324 MTConfig - ok
22:44:53.0543 0x1324 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
22:44:53.0543 0x1324 Mup - ok
22:44:53.0559 0x1324 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
22:44:53.0575 0x1324 mvumis - ok
22:44:53.0590 0x1324 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
22:44:53.0606 0x1324 napagent - ok
22:44:53.0621 0x1324 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
22:44:53.0637 0x1324 NativeWifiP - ok
22:44:53.0653 0x1324 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
22:44:53.0668 0x1324 NcaSvc - ok
22:44:53.0684 0x1324 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
22:44:53.0700 0x1324 NcbService - ok
22:44:53.0715 0x1324 [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
22:44:53.0715 0x1324 NcdAutoSetup - ok
22:44:53.0746 0x1324 [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
22:44:53.0778 0x1324 NDIS - ok
22:44:53.0793 0x1324 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
22:44:53.0809 0x1324 NdisCap - ok
22:44:53.0809 0x1324 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
22:44:53.0825 0x1324 NdisImPlatform - ok
22:44:53.0840 0x1324 [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:44:53.0840 0x1324 NdisTapi - ok
22:44:53.0856 0x1324 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:44:53.0872 0x1324 Ndisuio - ok
22:44:53.0872 0x1324 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
22:44:53.0887 0x1324 NdisVirtualBus - ok
22:44:53.0903 0x1324 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:44:53.0918 0x1324 NdisWan - ok
22:44:53.0918 0x1324 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:44:53.0934 0x1324 NdisWanLegacy - ok
22:44:53.0934 0x1324 [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
22:44:53.0950 0x1324 NDProxy - ok
22:44:53.0965 0x1324 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
22:44:53.0981 0x1324 Ndu - ok
22:44:53.0997 0x1324 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
22:44:53.0997 0x1324 NetBIOS - ok
22:44:54.0012 0x1324 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
22:44:54.0028 0x1324 NetBT - ok
22:44:54.0043 0x1324 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
22:44:54.0043 0x1324 Netlogon - ok
22:44:54.0059 0x1324 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
22:44:54.0075 0x1324 Netman - ok
22:44:54.0106 0x1324 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
22:44:54.0122 0x1324 netprofm - ok
22:44:54.0153 0x1324 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:44:54.0168 0x1324 NetTcpPortSharing - ok
22:44:54.0184 0x1324 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
22:44:54.0200 0x1324 netvsc - ok
22:44:54.0231 0x1324 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
22:44:54.0247 0x1324 NlaSvc - ok
22:44:54.0247 0x1324 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
22:44:54.0262 0x1324 Npfs - ok
22:44:54.0278 0x1324 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
22:44:54.0293 0x1324 npsvctrig - ok
22:44:54.0309 0x1324 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
22:44:54.0325 0x1324 nsi - ok
22:44:54.0340 0x1324 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
22:44:54.0340 0x1324 nsiproxy - ok
22:44:54.0418 0x1324 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
22:44:54.0465 0x1324 Ntfs - ok
22:44:54.0481 0x1324 [ 96ACBF3DDC38A52FEE115F577F36568F, DB8CB01971208C8D7A306A5FEDA39A3802195123E6B801DFB905B0E1934D3C96 ] NuidFltr        C:\WINDOWS\System32\drivers\NuidFltr.sys
22:44:54.0497 0x1324 NuidFltr - ok
22:44:54.0497 0x1324 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
22:44:54.0512 0x1324 Null - ok
22:44:54.0528 0x1324 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
22:44:54.0528 0x1324 nvraid - ok
22:44:54.0543 0x1324 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
22:44:54.0559 0x1324 nvstor - ok
22:44:54.0559 0x1324 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
22:44:54.0575 0x1324 nv_agp - ok
22:44:54.0606 0x1324 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:44:54.0606 0x1324 ose - ok
22:44:54.0637 0x1324 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
22:44:54.0653 0x1324 p2pimsvc - ok
22:44:54.0668 0x1324 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
22:44:54.0684 0x1324 p2psvc - ok
22:44:54.0700 0x1324 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
22:44:54.0715 0x1324 Parport - ok
22:44:54.0731 0x1324 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
22:44:54.0747 0x1324 partmgr - ok
22:44:54.0778 0x1324 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
22:44:54.0793 0x1324 PcaSvc - ok
22:44:54.0793 0x1324 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
22:44:54.0809 0x1324 pci - ok
22:44:54.0825 0x1324 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
22:44:54.0825 0x1324 pciide - ok
22:44:54.0840 0x1324 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
22:44:54.0840 0x1324 pcmcia - ok
22:44:54.0856 0x1324 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
22:44:54.0856 0x1324 pcw - ok
22:44:54.0872 0x1324 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
22:44:54.0887 0x1324 pdc - ok
22:44:54.0918 0x1324 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
22:44:54.0934 0x1324 PEAUTH - ok
22:44:54.0981 0x1324 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
22:44:54.0997 0x1324 PerfHost - ok
22:44:55.0028 0x1324 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
22:44:55.0075 0x1324 pla - ok
22:44:55.0090 0x1324 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
22:44:55.0090 0x1324 PlugPlay - ok
22:44:55.0106 0x1324 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
22:44:55.0122 0x1324 PNRPAutoReg - ok
22:44:55.0122 0x1324 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
22:44:55.0137 0x1324 PNRPsvc - ok
22:44:55.0153 0x1324 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
22:44:55.0168 0x1324 PolicyAgent - ok
22:44:55.0184 0x1324 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
22:44:55.0200 0x1324 Power - ok
22:44:55.0309 0x1324 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
22:44:55.0372 0x1324 PrintNotify - ok
22:44:55.0372 0x1324 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
22:44:55.0387 0x1324 Processor - ok
22:44:55.0403 0x1324 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
22:44:55.0418 0x1324 ProfSvc - ok
22:44:55.0434 0x1324 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
22:44:55.0450 0x1324 Psched - ok
22:44:55.0465 0x1324 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
22:44:55.0481 0x1324 QWAVE - ok
22:44:55.0497 0x1324 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
22:44:55.0512 0x1324 QWAVEdrv - ok
22:44:55.0512 0x1324 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:44:55.0528 0x1324 RasAcd - ok
22:44:55.0543 0x1324 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
22:44:55.0543 0x1324 RasAuto - ok
22:44:55.0575 0x1324 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
22:44:55.0590 0x1324 RasMan - ok
22:44:55.0606 0x1324 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:44:55.0606 0x1324 RasPppoe - ok
22:44:55.0637 0x1324 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:44:55.0653 0x1324 rdbss - ok
22:44:55.0668 0x1324 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
22:44:55.0668 0x1324 rdpbus - ok
22:44:55.0684 0x1324 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
22:44:55.0700 0x1324 RDPDR - ok
22:44:55.0715 0x1324 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
22:44:55.0731 0x1324 RdpVideoMiniport - ok
22:44:55.0747 0x1324 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
22:44:55.0747 0x1324 rdyboost - ok
22:44:55.0778 0x1324 [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
22:44:55.0793 0x1324 RealNetworks Downloader Resolver Service - ok
22:44:55.0809 0x1324 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
22:44:55.0840 0x1324 ReFS - ok
22:44:55.0856 0x1324 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
22:44:55.0872 0x1324 RemoteAccess - ok
22:44:55.0887 0x1324 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:44:55.0887 0x1324 RemoteRegistry - ok
22:44:55.0950 0x1324 [ 41DDCF1ADD1FB7DE23DCF671740DDBE6, 87ECB5C883CEFF76D126A5B4D92E069C9298FA5B62CC981870F9ECCA13C074F1 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
22:44:55.0965 0x1324 RichVideo - ok
22:44:55.0981 0x1324 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
22:44:55.0997 0x1324 RpcEptMapper - ok
22:44:56.0012 0x1324 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
22:44:56.0028 0x1324 RpcLocator - ok
22:44:56.0059 0x1324 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
22:44:56.0090 0x1324 RpcSs - ok
22:44:56.0106 0x1324 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
22:44:56.0122 0x1324 rspndr - ok
22:44:56.0153 0x1324 [ 9CF8593B62102545CB1652A1D8748FDD, 818639795720A7567CCE01EBC24A0119BFDCEA1B7A5ED4A11B5012D763C1B5CC ] RSUSBSTOR       C:\WINDOWS\System32\Drivers\RtsUStor.sys
22:44:56.0153 0x1324 RSUSBSTOR - ok
22:44:56.0184 0x1324 [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
22:44:56.0200 0x1324 RTL8168 - ok
22:44:56.0215 0x1324 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
22:44:56.0215 0x1324 s3cap - ok
22:44:56.0231 0x1324 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
22:44:56.0231 0x1324 SamSs - ok
22:44:56.0262 0x1324 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
22:44:56.0278 0x1324 sbp2port - ok
22:44:56.0294 0x1324 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
22:44:56.0309 0x1324 SCardSvr - ok
22:44:56.0325 0x1324 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
22:44:56.0340 0x1324 ScDeviceEnum - ok
22:44:56.0356 0x1324 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
22:44:56.0372 0x1324 scfilter - ok
22:44:56.0403 0x1324 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
22:44:56.0434 0x1324 Schedule - ok
22:44:56.0450 0x1324 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
22:44:56.0465 0x1324 SCPolicySvc - ok
22:44:56.0481 0x1324 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
22:44:56.0497 0x1324 sdbus - ok
22:44:56.0497 0x1324 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
22:44:56.0512 0x1324 sdstor - ok
22:44:56.0512 0x1324 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
22:44:56.0544 0x1324 secdrv - ok
22:44:56.0544 0x1324 [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\WINDOWS\system32\seclogon.dll
22:44:56.0559 0x1324 seclogon - ok
22:44:56.0575 0x1324 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
22:44:56.0575 0x1324 SENS - ok
22:44:56.0606 0x1324 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
22:44:56.0622 0x1324 SensrSvc - ok
22:44:56.0637 0x1324 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
22:44:56.0637 0x1324 SerCx - ok
22:44:56.0653 0x1324 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
22:44:56.0653 0x1324 SerCx2 - ok
22:44:56.0653 0x1324 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
22:44:56.0669 0x1324 Serenum - ok
22:44:56.0669 0x1324 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
22:44:56.0684 0x1324 Serial - ok
22:44:56.0700 0x1324 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
22:44:56.0715 0x1324 sermouse - ok
22:44:56.0731 0x1324 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
22:44:56.0747 0x1324 SessionEnv - ok
22:44:56.0747 0x1324 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
22:44:56.0762 0x1324 sfloppy - ok
22:44:56.0840 0x1324 [ 9F9D5D67E746D9B509EE8E23B3723652, B6C8191FFADFB356753A8DDB99CF196FB0C3C3C5399B42BA1678742E04508628 ] SftService      C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
22:44:56.0887 0x1324 SftService - ok
22:44:56.0903 0x1324 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
22:44:56.0919 0x1324 SharedAccess - ok
22:44:56.0950 0x1324 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:44:56.0965 0x1324 ShellHWDetection - ok
22:44:56.0981 0x1324 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
22:44:56.0981 0x1324 SiSRaid2 - ok
22:44:56.0997 0x1324 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
22:44:56.0997 0x1324 SiSRaid4 - ok
22:44:57.0012 0x1324 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
22:44:57.0028 0x1324 smphost - ok
22:44:57.0122 0x1324 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
22:44:57.0137 0x1324 SNMPTRAP - ok
22:44:57.0169 0x1324 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
22:44:57.0184 0x1324 spaceport - ok
22:44:57.0200 0x1324 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
22:44:57.0200 0x1324 SpbCx - ok
22:44:57.0231 0x1324 [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
22:44:57.0278 0x1324 Spooler - ok
22:44:57.0419 0x1324 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
22:44:57.0544 0x1324 sppsvc - ok
22:44:57.0575 0x1324 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
22:44:57.0590 0x1324 srv - ok
22:44:57.0606 0x1324 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
22:44:57.0622 0x1324 srv2 - ok
22:44:57.0637 0x1324 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
22:44:57.0653 0x1324 srvnet - ok
22:44:57.0669 0x1324 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
22:44:57.0684 0x1324 SSDPSRV - ok
22:44:57.0700 0x1324 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
22:44:57.0715 0x1324 SstpSvc - ok
22:44:57.0715 0x1324 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
22:44:57.0715 0x1324 stexstor - ok
22:44:57.0747 0x1324 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
22:44:57.0778 0x1324 stisvc - ok
22:44:57.0794 0x1324 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
22:44:57.0794 0x1324 storahci - ok
22:44:57.0809 0x1324 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
22:44:57.0825 0x1324 storflt - ok
22:44:57.0825 0x1324 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
22:44:57.0840 0x1324 stornvme - ok
22:44:57.0856 0x1324 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
22:44:57.0872 0x1324 StorSvc - ok
22:44:57.0872 0x1324 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
22:44:57.0887 0x1324 storvsc - ok
22:44:57.0934 0x1324 [ 8FA3C188F04B9288B35DC7DBA9E3956D, 3E74C795393BE67CEE4E3D08889A0EDD90452766645A4F6E47AD153CD6A3EB72 ] SupportAssistAgent C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
22:44:57.0950 0x1324 SupportAssistAgent - ok
22:44:57.0966 0x1324 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
22:44:57.0981 0x1324 svsvc - ok
22:44:57.0997 0x1324 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
22:44:57.0997 0x1324 swenum - ok
22:44:58.0028 0x1324 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
22:44:58.0044 0x1324 swprv - ok
22:44:58.0090 0x1324 [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain         C:\WINDOWS\system32\sysmain.dll
22:44:58.0122 0x1324 SysMain - ok
22:44:58.0137 0x1324 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
22:44:58.0137 0x1324 SystemEventsBroker - ok
22:44:58.0169 0x1324 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
22:44:58.0184 0x1324 TabletInputService - ok
22:44:58.0200 0x1324 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
22:44:58.0215 0x1324 TapiSrv - ok
22:44:58.0294 0x1324 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
22:44:58.0341 0x1324 Tcpip - ok
22:44:58.0419 0x1324 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:44:58.0466 0x1324 TCPIP6 - ok
22:44:58.0497 0x1324 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
22:44:58.0497 0x1324 tcpipreg - ok
22:44:58.0528 0x1324 [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
22:44:58.0544 0x1324 tdx - ok
22:44:58.0559 0x1324 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
22:44:58.0559 0x1324 terminpt - ok
22:44:58.0606 0x1324 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\WINDOWS\System32\termsrv.dll
22:44:58.0622 0x1324 TermService - ok
22:44:58.0653 0x1324 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
22:44:58.0653 0x1324 Themes - ok
22:44:58.0669 0x1324 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
22:44:58.0684 0x1324 THREADORDER - ok
22:44:58.0700 0x1324 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
22:44:58.0716 0x1324 TimeBroker - ok
22:44:58.0731 0x1324 [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
22:44:58.0747 0x1324 TPM - ok
22:44:58.0762 0x1324 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
22:44:58.0778 0x1324 TrkWks - ok
22:44:58.0794 0x1324 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
22:44:58.0809 0x1324 TrustedInstaller - ok
22:44:58.0825 0x1324 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
22:44:58.0825 0x1324 TsUsbFlt - ok
22:44:58.0841 0x1324 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
22:44:58.0856 0x1324 TsUsbGD - ok
22:44:58.0872 0x1324 [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
22:44:58.0887 0x1324 tunnel - ok
22:44:58.0903 0x1324 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
22:44:58.0903 0x1324 uagp35 - ok
22:44:58.0919 0x1324 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
22:44:58.0934 0x1324 UASPStor - ok
22:44:58.0950 0x1324 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
22:44:58.0966 0x1324 UCX01000 - ok
22:44:58.0981 0x1324 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
22:44:58.0997 0x1324 udfs - ok
22:44:58.0997 0x1324 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
22:44:58.0997 0x1324 UEFI - ok
22:44:59.0012 0x1324 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
22:44:59.0028 0x1324 UI0Detect - ok
22:44:59.0044 0x1324 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
22:44:59.0044 0x1324 uliagpkx - ok
22:44:59.0059 0x1324 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
22:44:59.0059 0x1324 umbus - ok
22:44:59.0075 0x1324 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
22:44:59.0075 0x1324 UmPass - ok
22:44:59.0091 0x1324 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
22:44:59.0106 0x1324 UmRdpService - ok
22:44:59.0184 0x1324 [ C485FB802F6C4A306B8F89BA087E5CA2, DE2E0F4A22D63EC54E23491962282ED3B01C7EB9941774A0C5633A776EAD499A ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:44:59.0200 0x1324 UNS - ok
22:44:59.0231 0x1324 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
22:44:59.0247 0x1324 upnphost - ok
22:44:59.0247 0x1324 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
22:44:59.0262 0x1324 usbccgp - ok
22:44:59.0262 0x1324 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
22:44:59.0278 0x1324 usbcir - ok
22:44:59.0294 0x1324 [ BBFD17B6B954FC9FA02E62D604052069, 47D2B7228EABA7F37F69A1756B69FFFB19F0C2CC2869C5BF674E4FD9257488A2 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
22:44:59.0294 0x1324 usbehci - ok
22:44:59.0325 0x1324 [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
22:44:59.0341 0x1324 usbhub - ok
22:44:59.0356 0x1324 [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
22:44:59.0372 0x1324 USBHUB3 - ok
22:44:59.0372 0x1324 [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
22:44:59.0387 0x1324 usbohci - ok
22:44:59.0403 0x1324 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
22:44:59.0419 0x1324 usbprint - ok
22:44:59.0434 0x1324 [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan         C:\WINDOWS\System32\drivers\usbscan.sys
22:44:59.0434 0x1324 usbscan - ok
22:44:59.0466 0x1324 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
22:44:59.0466 0x1324 USBSTOR - ok
22:44:59.0481 0x1324 [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
22:44:59.0497 0x1324 usbuhci - ok
22:44:59.0512 0x1324 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
22:44:59.0528 0x1324 USBXHCI - ok
22:44:59.0544 0x1324 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
22:44:59.0544 0x1324 VaultSvc - ok
22:44:59.0559 0x1324 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
22:44:59.0575 0x1324 vdrvroot - ok
22:44:59.0606 0x1324 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
22:44:59.0637 0x1324 vds - ok
22:44:59.0637 0x1324 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
22:44:59.0653 0x1324 VerifierExt - ok
22:44:59.0684 0x1324 [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
22:44:59.0700 0x1324 vhdmp - ok
22:44:59.0716 0x1324 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
22:44:59.0731 0x1324 viaide - ok
22:44:59.0747 0x1324 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
22:44:59.0747 0x1324 vmbus - ok
22:44:59.0762 0x1324 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
22:44:59.0778 0x1324 VMBusHID - ok
22:44:59.0794 0x1324 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
22:44:59.0809 0x1324 vmicguestinterface - ok
22:44:59.0825 0x1324 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
22:44:59.0841 0x1324 vmicheartbeat - ok
22:44:59.0856 0x1324 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
22:44:59.0872 0x1324 vmickvpexchange - ok
22:44:59.0872 0x1324 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
22:44:59.0887 0x1324 vmicrdv - ok
22:44:59.0903 0x1324 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
22:44:59.0919 0x1324 vmicshutdown - ok
22:44:59.0934 0x1324 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
22:44:59.0950 0x1324 vmictimesync - ok
22:44:59.0950 0x1324 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
22:44:59.0966 0x1324 vmicvss - ok
22:44:59.0981 0x1324 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
22:44:59.0981 0x1324 volmgr - ok
22:44:59.0997 0x1324 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
22:45:00.0012 0x1324 volmgrx - ok
22:45:00.0028 0x1324 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
22:45:00.0059 0x1324 volsnap - ok
22:45:00.0075 0x1324 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
22:45:00.0075 0x1324 vpci - ok
22:45:00.0091 0x1324 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
22:45:00.0106 0x1324 vsmraid - ok
22:45:00.0137 0x1324 [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\WINDOWS\system32\vssvc.exe
22:45:00.0169 0x1324 VSS - ok
22:45:00.0200 0x1324 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
22:45:00.0200 0x1324 VSTXRAID - ok
22:45:00.0247 0x1324 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
22:45:00.0262 0x1324 vwifibus - ok
22:45:00.0294 0x1324 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
22:45:00.0309 0x1324 vwififlt - ok
22:45:00.0325 0x1324 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
22:45:00.0325 0x1324 vwifimp - ok
22:45:00.0341 0x1324 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
22:45:00.0356 0x1324 W32Time - ok
22:45:00.0372 0x1324 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
22:45:00.0387 0x1324 WacomPen - ok
22:45:00.0419 0x1324 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
22:45:00.0450 0x1324 wbengine - ok
22:45:00.0481 0x1324 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
22:45:00.0497 0x1324 WbioSrvc - ok
22:45:00.0512 0x1324 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
22:45:00.0528 0x1324 Wcmsvc - ok
22:45:00.0544 0x1324 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
22:45:00.0559 0x1324 wcncsvc - ok
22:45:00.0575 0x1324 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
22:45:00.0591 0x1324 WcsPlugInService - ok
22:45:00.0669 0x1324 [ 1A3F1BC1E48804867CA30469442DA00E, 55A1617496E2602F472F0211D709401B6948232767E53F60B5EF7F0DF26E403C ] WDBackup        C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
22:45:00.0700 0x1324 WDBackup - ok
22:45:00.0700 0x1324 [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
22:45:00.0716 0x1324 WdBoot - ok
22:45:00.0731 0x1324 [ 0978D90C8B61F73E926F7194CBCA331C, 0A8C60DB9569F799727441DD57ADE70D8320E42F0739A638107AC0FE70B89547 ] WDDriveService C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
22:45:00.0747 0x1324 WDDriveService - ok
22:45:00.0794 0x1324 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
22:45:00.0825 0x1324 Wdf01000 - ok
22:45:00.0825 0x1324 [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
22:45:00.0841 0x1324 WdFilter - ok
22:45:00.0856 0x1324 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
22:45:00.0872 0x1324 WdiServiceHost - ok
22:45:00.0872 0x1324 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
22:45:00.0888 0x1324 WdiSystemHost - ok
22:45:00.0903 0x1324 [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
22:45:00.0903 0x1324 WdNisDrv - ok
22:45:00.0934 0x1324 WdNisSvc - ok
22:45:00.0950 0x1324 [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient       C:\WINDOWS\System32\webclnt.dll
22:45:00.0966 0x1324 WebClient - ok
22:45:00.0981 0x1324 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
22:45:00.0997 0x1324 Wecsvc - ok
22:45:01.0013 0x1324 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
22:45:01.0028 0x1324 WEPHOSTSVC - ok
22:45:01.0044 0x1324 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
22:45:01.0075 0x1324 wercplsupport - ok
22:45:01.0091 0x1324 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
22:45:01.0106 0x1324 WerSvc - ok
22:45:01.0122 0x1324 [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
22:45:01.0138 0x1324 WFPLWFS - ok
22:45:01.0153 0x1324 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
22:45:01.0169 0x1324 WiaRpc - ok
22:45:01.0184 0x1324 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
22:45:01.0200 0x1324 WIMMount - ok
22:45:01.0200 0x1324 WinDefend - ok
22:45:01.0231 0x1324 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
22:45:01.0247 0x1324 WinHttpAutoProxySvc - ok
22:45:01.0278 0x1324 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
22:45:01.0294 0x1324 Winmgmt - ok
22:45:01.0356 0x1324 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
22:45:01.0403 0x1324 WinRM - ok
22:45:01.0450 0x1324 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
22:45:01.0481 0x1324 WlanSvc - ok
22:45:01.0528 0x1324 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
22:45:01.0560 0x1324 wlidsvc - ok
22:45:01.0575 0x1324 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
22:45:01.0591 0x1324 WmiAcpi - ok
22:45:01.0606 0x1324 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
22:45:01.0622 0x1324 wmiApSrv - ok
22:45:01.0638 0x1324 WMPNetworkSvc - ok
22:45:01.0653 0x1324 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
22:45:01.0653 0x1324 Wof - ok
22:45:01.0700 0x1324 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
22:45:01.0747 0x1324 workfolderssvc - ok
22:45:01.0763 0x1324 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
22:45:01.0763 0x1324 wpcfltr - ok
22:45:01.0778 0x1324 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
22:45:01.0794 0x1324 WPCSvc - ok
22:45:01.0810 0x1324 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
22:45:01.0825 0x1324 WPDBusEnum - ok
22:45:01.0841 0x1324 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
22:45:01.0856 0x1324 WpdUpFltr - ok
22:45:01.0856 0x1324 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
22:45:01.0872 0x1324 ws2ifsl - ok
22:45:01.0872 0x1324 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
22:45:01.0888 0x1324 wscsvc - ok
22:45:01.0888 0x1324 WSearch - ok
22:45:01.0966 0x1324 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
22:45:02.0028 0x1324 WSService - ok
22:45:02.0122 0x1324 [ 688DAAE720E39DA86822785195646663, DB6E0F89496BB74EDF8378E6AE06364B19249701F6ACD176A0DCA1951E81A63D ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
22:45:02.0185 0x1324 wuauserv - ok
22:45:02.0200 0x1324 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
22:45:02.0216 0x1324 WudfPf - ok
22:45:02.0231 0x1324 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
22:45:02.0231 0x1324 WUDFRd - ok
22:45:02.0247 0x1324 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP    C:\WINDOWS\System32\drivers\WUDFRd.sys
22:45:02.0247 0x1324 WUDFSensorLP - ok
22:45:02.0263 0x1324 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
22:45:02.0278 0x1324 wudfsvc - ok
22:45:02.0278 0x1324 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\WINDOWS\System32\drivers\WUDFRd.sys
22:45:02.0294 0x1324 WUDFWpdFs - ok
22:45:02.0325 0x1324 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
22:45:02.0341 0x1324 WwanSvc - ok
22:45:02.0356 0x1324 [ 67BB3DC074C640AD609B19E0BBA42BDC, 452CCC94F361A9BE5C032DEA16742B788AF1BA44277E9C8B27A259347C0AB358 ] ZAtheros Wlan Agent C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
22:45:02.0356 0x1324 ZAtheros Wlan Agent - detected UnsignedFile.Multi.Generic ( 1 )
22:45:02.0544 0x1a10 Object required for P2P: [ 5096855DA1FB50A028ACA15B5CC358D9 ] McAfee SiteAdvisor Service
22:45:04.0794 0x1324 Detect skipped due to KSN trusted
22:45:04.0794 0x1324 ZAtheros Wlan Agent - ok
22:45:04.0794 0x1324 ================ Scan global ===============================
22:45:04.0841 0x1324 [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\WINDOWS\system32\basesrv.dll
22:45:04.0872 0x1324 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
22:45:04.0888 0x1324 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
22:45:04.0919 0x1324 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
22:45:04.0919 0x1324 [ Global ] - ok
22:45:04.0919 0x1324 ================ Scan MBR ==================================
22:45:04.0935 0x1324 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
22:45:05.0013 0x1324 \Device\Harddisk0\DR0 - ok
22:45:05.0013 0x1324 ================ Scan VBR ==================================
22:45:05.0044 0x1324 [ 6C26FE0495B1690B186283BC46C0B935 ] \Device\Harddisk0\DR0\Partition1
22:45:05.0091 0x1324 \Device\Harddisk0\DR0\Partition1 - ok
22:45:05.0091 0x1324 [ 8E356A69496F961DC39F3E043C82D804 ] \Device\Harddisk0\DR0\Partition2
22:45:05.0154 0x1324 \Device\Harddisk0\DR0\Partition2 - ok
22:45:05.0154 0x1324 [ 768B2B0E72C7A4F2F52D8A0BF6385181 ] \Device\Harddisk0\DR0\Partition3
22:45:05.0154 0x1324 \Device\Harddisk0\DR0\Partition3 - ok
22:45:05.0169 0x1324 [ 9D41AC5546A3D60E3992A8F1AB0830A8 ] \Device\Harddisk0\DR0\Partition4
22:45:05.0232 0x1a10 Object send P2P result: true
22:45:05.0232 0x1a10 Object required for P2P: [ D02EF4F75F84FF46011AA7C1DC08D1A2 ] mccspsvc
22:45:05.0232 0x1324 \Device\Harddisk0\DR0\Partition4 - ok
22:45:05.0247 0x1324 [ 4DD1971829A7CB6F9FCED57E4F65CB41 ] \Device\Harddisk0\DR0\Partition5
22:45:05.0325 0x1324 \Device\Harddisk0\DR0\Partition5 - ok
22:45:05.0341 0x1324 [ 10DCC16D0B73853D81793418A3EFD7ED ] \Device\Harddisk0\DR0\Partition6
22:45:05.0357 0x1324 \Device\Harddisk0\DR0\Partition6 - ok
22:45:05.0372 0x1324 [ 7F59380CA35AEA9C2DFD055F01F4ADD2 ] \Device\Harddisk0\DR0\Partition7
22:45:05.0372 0x1324 \Device\Harddisk0\DR0\Partition7 - ok
22:45:05.0372 0x1324 ================ Scan generic autorun ======================
22:45:05.0497 0x1324 [ 4E2B3D1B77FD1D842BAB244D32F8B0D2, B45CAE370040E19FA2C93FB9892DD4C9330828C8F298EB8AEDD5C42B0E4B1A88 ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
22:45:05.0529 0x1324 cAudioFilterAgent - ok
22:45:05.0575 0x1324 [ 8970A59A838FF1CDC3D62D85823AA61E, 5842DAFD20C1A024CF8984652A08D12DBA1DE15788794D01FF6070D4E24D2479 ] C:\Program Files\CONEXANT\SA3\SACpl.exe
22:45:05.0638 0x1324 SmartAudio - detected UnsignedFile.Multi.Generic ( 1 )
22:45:07.0935 0x1a10 Object send P2P result: true
22:45:08.0076 0x1324 Detect skipped due to KSN trusted
22:45:08.0076 0x1324 SmartAudio - ok
22:45:08.0091 0x1324 [ E85BD90950497619C39D1F5068228CF4, BA5CD7035EC1ACDB214EB8D534B00EA409739DD2DDD01D92D98A1B3925FB428E ] C:\Windows\system32\igfxtray.exe
22:45:08.0107 0x1324 IgfxTray - ok
22:45:08.0138 0x1324 [ 4C7C4CADD2515329D9D40D7DC91C5930, 7F0BB59DF698C949217036F12579FFEDDD3444CFA26376824314E88E563EEF0D ] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe
22:45:08.0154 0x1324 IMSS - ok
22:45:08.0185 0x1324 [ E7861EAA7881E086B2DB88ADF4279D4B, D040BCEC5B7519357D4E28653FC0F9F4FEAA88D291726A0763EA5E84C8C5D840 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
22:45:08.0185 0x1324 IAStorIcon - ok
22:45:08.0216 0x1324 [ 11B51011F52328395588E9434275DF76, 2BFD4F945595DEAE731E4F780E7AD39062CEF24F5221613A2B6868B40D7C4D26 ] C:\Program Files\McAfee.com\Agent\mcagent.exe
22:45:08.0247 0x1324 mcui_exe - ok
22:45:08.0372 0x1324 [ A60A78E3B5952794BD5A7B204C3E57DF, 6D9564DE331DE4E961C6431FFEE2D9EB4DF2DD5C2F88E184213151DCE16E71CC ] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
22:45:08.0466 0x1324 WD Quick View - ok
22:45:08.0560 0x1324 [ 86F33213C450FED3C7E32F9473415E7E, 75F3B3739DD12D8B7F93BEA912B864BF8BAEFA061720A87CF1F55030334C2558 ] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
22:45:08.0576 0x1324 EEventManager - ok
22:45:08.0622 0x1324 [ 0B0E075EF0AE1CD8526D6D851E684224, 349E8ACF6E570A51C265AC19C4971C7BECA96820A8298D559E2DB6199C03C5A6 ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
22:45:08.0654 0x1324 FUFAXRCV - ok
22:45:08.0669 0x1324 [ 55436C4848E1EB25644C70EF78D53FF9, A8951914E7BDA419CA9A4EBF7285767DC7CEBAD498FADBD017B21F8329C1D131 ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
22:45:08.0685 0x1324 FUFAXSTM - ok
22:45:08.0732 0x1324 [ E30B5056C874308F22CF155CE3BAE3D2, 004EE5D751C29EE7CBF2ABF4A2D22699DB1A227A5F2258833747B775B04D4635 ] C:\Program Files (x86)\LTCM Client\ltcmClient.exe
22:45:08.0763 0x1324 LTCM Client - ok
22:45:08.0810 0x1324 [ 61C6C887A22065A630E46820BA6B8940, A08FA9DA790E8B8A8D8DF1D3CC040773AA5315C1EA3F8C37BFBCDA475ED2453B ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
22:45:08.0826 0x1324 ConnectionCenter - ok
22:45:08.0872 0x1324 [ F6158734F1E24C6C510155CF0D363911, 320900BA90AF14E254CFAFA70FB15A0E77506217E47A406FA1ED821D0206FE29 ] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
22:45:08.0904 0x1324 TkBellExe - ok
22:45:08.0951 0x1324 [ 0610E1989914B6DA54165A4F2C766721, CFFDCA465C9A6988A747C08346B9A122A4DB08AACE42B8AEB4AE410981044892 ] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
22:45:08.0982 0x1324 WD Drive Unlocker - ok
22:45:09.0013 0x1324 [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\qttask.exe
22:45:09.0029 0x1324 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
22:45:11.0466 0x1324 Detect skipped due to KSN trusted
22:45:11.0466 0x1324 QuickTime Task - ok
22:45:11.0466 0x1324 Waiting for KSN requests completion. In queue: 13
22:45:12.0482 0x1324 Waiting for KSN requests completion. In queue: 13
22:45:13.0498 0x1324 Waiting for KSN requests completion. In queue: 13
22:45:14.0529 0x1324 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
22:45:14.0529 0x1324 AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 14.0.0.0 ), 0x52000 ( disabled : updated )
22:45:14.0529 0x1324 FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 14.0.0.0 ), 0x52010 ( disabled )
22:45:14.0529 0x1324 Win FW state via NFP2: enabled ( trusted )
22:45:17.0014 0x1324 ============================================================
22:45:17.0014 0x1324 Scan finished
22:45:17.0014 0x1324 ============================================================
22:45:17.0014 0x1bfc Detected object count: 0
22:45:17.0014 0x1bfc Actual detected object count: 0
22:45:50.0111 0x0450 Deinitialize success

#8
pystryker

Posted 29 December 2015 - 06:14 AM

Trusted Helper

Malware Removal
3,912 posts

Hello

Looking good, let's continue! :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes

Start the progam and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

Go back to the Dashboard and select Scan Now

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.

Step 2: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->

Select the option YES, I accept the Terms of Use then click on Start
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked.
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on Start
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
Now click on Finish
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Step 3: SecurityCheck Scan

Download Security Check

by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I need to see in your next post:

ESET Scan Log
MBAM Log
SecurityCheck Log

#9
jtg22

Posted 29 December 2015 - 08:59 AM

Member

Topic Starter
Member
111 posts

Hello again,

I'm having trouble with the ESET scanner. It's telling me it can't get the updates it needs and is asking if proxy is configured. I've had the McAfee firewall deactivated for this (and all other steps really), so I'm not sure what else is causing the problem. I tried both the internet explorer and firefox versions of ESET, and both had the same problem.

In the meantime, here's the MBM log.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/29/2015
Scan Time: 8:22 AM
Logfile: decmbm.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.29.04
Rootkit Database: v2015.12.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Janis

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361458
Time Elapsed: 14 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

#10
pystryker

Posted 29 December 2015 - 05:45 PM

Trusted Helper

Malware Removal
3,912 posts

I'm having trouble with the ESET scanner. It's telling me it can't get the updates it needs and is asking if proxy is configured. I've had the McAfee firewall deactivated for this (and all other steps really), so I'm not sure what else is causing the problem. I tried both the internet explorer and firefox versions of ESET, and both had the same problem.

Hello

Try this in FireFox and let's see if that is the issue.

Step 1: Check FireFox Settings

1.) Click on Tools and then select Advanced

2.) Under Connection click the Settings button out beside Configure how Firefox connects to the Internet.

3.) Make sure that No Proxy is checked. Then click Ok.

Once this has been completed, please try the ESET steps again. If it doesn't work, please let me know and we'll go with another online scanner. :thumbsup:

Also, please don't forget to run the Security Check program. Step 3 in Post #8.

Things I need to see in your next post

ESET Scan Log

Security Check Log

#11
jtg22

Posted 29 December 2015 - 06:55 PM

Member

Topic Starter
Member
111 posts

Hello again,

Here are the logs you requested.

The firefox settings change you suggested worked. Is there any reason to go and change it back to its default settings?

It occurred to me that the mbm scans I did earlier this month and in November may have quarantined items rather than removing them. Should I tell mbm to clear out these items?

Finally, this computer usually has a McAfee firewall running. I've been disabling it for these scans, but I noticed that the security check listed a windows firewall as active. I'm not really sure why that is.

Anyway, the logs.

ESET:

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=faba5a7ca76a6744ba89bbfb4f95ce7f
# end=init
# utc_time=2015-12-29 02:40:24
# local_time=2015-12-29 08:40:24 (-0600, Central Standard Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=37126
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=37126
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=faba5a7ca76a6744ba89bbfb4f95ce7f
# end=init
# utc_time=2015-12-29 02:53:44
# local_time=2015-12-29 08:53:44 (-0600, Central Standard Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=37126
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
Update Finalize
Updated modules version: 27405
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=faba5a7ca76a6744ba89bbfb4f95ce7f
# end=init
# utc_time=2015-12-29 11:51:59
# local_time=2015-12-29 05:51:59 (-0600, Central Standard Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 27414
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=faba5a7ca76a6744ba89bbfb4f95ce7f
# end=updated
# utc_time=2015-12-29 11:52:35
# local_time=2015-12-29 05:52:35 (-0600, Central Standard Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=faba5a7ca76a6744ba89bbfb4f95ce7f
# engine=27414
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-12-30 12:41:41
# local_time=2015-12-29 06:41:41 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 10656177 41876237 0 0
# scanned=281037
# found=65
# cleaned=0
# scan_time=2945
sh=027ED167E88154604163B74A5D895EF0F2D85A8E ft=1 fh=f216ba1bb95cd0da vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupons\uninstall.exe.vir"
sh=466FB4817AB0DFB5ED15199BCC4C4D8462F948AB ft=1 fh=027005f88623457f vn="a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zbar.dll.vir"
sh=47588E8E5A2034DA062CD6E61D7072809C265366 ft=1 fh=bd6b7f873a46cf67 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zbarsvc.exe.vir"
sh=9F5A321AE114FC1A18879D9020B858F38D2B3E89 ft=1 fh=bf44e0c89f37d168 vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zbprtct.dll.vir"
sh=F099D51F0AD47D96B5A590BCDFC1CC1F8749DD65 ft=1 fh=a780294ee5143a96 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zdatact.dll.vir"
sh=21D7D87AD8231E253747555C0EF523281B301731 ft=1 fh=1ccff04835db7f03 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zdlghk.dll.vir"
sh=B53F3279B1FD544923C76A3DD70A1491C6C771C0 ft=1 fh=f6c7d42c7e589fa1 vn="a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zdlghk64.dll.vir"
sh=A70939B7F5D70B3362AF7E409FE5694CD0332F42 ft=1 fh=52cbc77cb56ac7b3 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zfeedmg.dll.vir"
sh=7A0D74B0F762389FC64212073902C53BAB06EF93 ft=1 fh=45fa6db7aba0514d vn="a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zhighin.exe.vir"
sh=3E6A3D2F7BED9458A6463483C84B5455EB6FD001 ft=1 fh=3d34a9c7920b0ace vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zhkstub.dll.vir"
sh=9EB7640F7FB0B699C6DF75E66C7E8C0D9E21F3CC ft=1 fh=38be5ef24383a5d0 vn="a variant of Win32/Toolbar.MyWebSearch.AT potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zhtmlmu.dll.vir"
sh=BDADBCED025A8A20B40049CC17414E198FEF4E81 ft=1 fh=f9bdd3e0e43cc208 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zhttpct.dll.vir"
sh=4CD512C5942F1DEEE5ACB26559BB9FC6B4A8204E ft=1 fh=a878d59d734b935e vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zidle.dll.vir"
sh=60906D0380A0B29D67B153784C4F78432FC99986 ft=1 fh=34ae1a71b9c6839b vn="a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zmedint.exe.vir"
sh=76657B4BFF0FD6BD949A0E15337FBABEFD8AB326 ft=1 fh=cac4f013d6372fb6 vn="Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zmlbtn.dll.vir"
sh=1F72EFEF3BCA27FFF74DBEF4C08762B2D9BA3E15 ft=1 fh=fd2482e65b8791ab vn="a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zPlugin.dll.vir"
sh=99E81D983023608B908F7A8390CE995C253030D7 ft=1 fh=d2071bce09b9bac6 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zreghk.dll.vir"
sh=4BA5E4C514C254C7248F6FA6B540A9ABC2805565 ft=1 fh=273cb58db048e71e vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zregiet.dll.vir"
sh=EDC6F99BCAC6616FC160FE0240F5101580F528D0 ft=1 fh=5f6023e1200c1318 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zscript.dll.vir"
sh=CA89F61D9A80272F560256F312A537F777A87AEF ft=1 fh=d92df48e556aedca vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zskin.dll.vir"
sh=77D0C33BAC54A50FB83438215C73F493CD7BBF9E ft=1 fh=d15ef7d26608f47d vn="a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zskplay.exe.vir"
sh=E7A14A77EAAE6CB9FC6CC487B1CE1CB70C063502 ft=1 fh=a479c3fc682024f1 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5zSrcAs.dll.vir"
sh=72489280930F183E34FE5AF817F207A5EB65F8D4 ft=1 fh=033eb58713fd33d4 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\5ztpinst.dll.vir"
sh=9736DD448F1751787A8457AFE3D789543A327C9C ft=1 fh=ea966f1845a5c441 vn="a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\APPINTEGRATOR.EXE.vir"
sh=A526A314F90D61F8132D8E2DB5982ABBFE022C1D ft=1 fh=3c4a262bc57b3aff vn="Win64/Toolbar.MyWebSearch.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\AppIntegrator64.exe.vir"
sh=4CA4CF526BAB3ACF1E6A649F6AAA232D2AC41868 ft=1 fh=bdd8282939c97a30 vn="a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\APPINTEGRATORSTUB.DLL.vir"
sh=D07B6FD168B29CE7BC7DDEC0EEEBA0E005EB9431 ft=1 fh=d76e053361562658 vn="a variant of Win64/Toolbar.MyWebSearch.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\AppIntegratorStub64.dll.vir"
sh=BAB6681DE94799B603E62C40D171D74C7842FB17 ft=1 fh=33cf14314fda0344 vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\ASSISTMONITOR.DLL.vir"
sh=899D23DE4C2379EDFBD2E9FE7F09550771D038D4 ft=1 fh=c3e98bbd9f35c6ba vn="a variant of Win64/Toolbar.MyWebSearch.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\ASSISTMONITOR64.DLL.vir"
sh=2AFE6690FA1CF56D287C31A9857578363F5A2D67 ft=1 fh=027fcd1b6271324d vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\CREXT.DLL.vir"
sh=DF8A6BBA205666A6F7C0ACBDF09BF6E8EB136EA0 ft=1 fh=8cd7f253e514d7ea vn="Win32/Toolbar.MyWebSearch.AR potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\CrExtP5z.exe.vir"
sh=94BC264068D497F6D2042E171E4D044B77028C7B ft=1 fh=93c4f6f450d54597 vn="Win32/Toolbar.MyWebSearch.AR potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\DPNMNGR.DLL.vir"
sh=73FCC496487920A14146D46A787454F89B5F793E ft=1 fh=5386ecf351ab8164 vn="a variant of Win32/Toolbar.MyWebSearch.AO potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\FF-NativeMessagingDispatcher.dll.vir"
sh=811ECD5DF9B0E23850C4204A6DDFB245873559B2 ft=1 fh=eca32475fc9beef3 vn="Win32/Toolbar.MyWebSearch.AR potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\HKFXMGR.DLL.vir"
sh=A6DE9AF875A9AD9D97330755826C48C2B332EA74 ft=1 fh=335223835e132def vn="Win64/Toolbar.MyWebSearch.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\HKFXMGR64.DLL.vir"
sh=FB594A15D77C57A0E0BB41FB17383D80877E6CEE ft=1 fh=ffe6c0c499ffa4e3 vn="Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\T8EPMSUP.DLL.vir"
sh=6DA69E00DCB0DA9D648EB5D63F895ED020447618 ft=1 fh=43b4b1abba357bad vn="Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\T8EXTEX.DLL.vir"
sh=388DD4FF1E3CF6BFCF34DED0C86E154C1D3EE73E ft=1 fh=35048c9d01a08485 vn="Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\T8EXTPEX.DLL.vir"
sh=139FBF5145FB3A0FEDA5EE93DF36BE7E00B90817 ft=1 fh=b2180dc33cd50010 vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\T8HTML.DLL.vir"
sh=A187B0341C1444615B4E0D4A6B8BED3F4599CA3A ft=1 fh=b7685368d5405ed9 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\T8TICKER.DLL.vir"
sh=0EB06DF026A32B1CA4B335088948B66247506EAF ft=1 fh=4f153c8941af29df vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\TOOLBARGUARD.DLL.vir"
sh=48873B11EC917BD1358D544DF131C74D0DFAE052 ft=1 fh=38dee7cd1cd56751 vn="a variant of Win64/Toolbar.MyWebSearch.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\TOOLBARGUARD64.DLL.vir"
sh=821FDFAA9ED88FEC13A4394C098B0097346AA7C7 ft=1 fh=70c9f9bbf2ee059c vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\TPIMANAGERCONSOLE.EXE.vir"
sh=E5EF5447933372B3B7237635F12D5CD1BE4EF5CC ft=1 fh=b94dd24e0709c2a4 vn="Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\VERIFY.DLL.vir"
sh=A6C707660A23BF1CA6AB60D4DE4E60C2BA794976 ft=1 fh=b653663677980fb3 vn="a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\assists\ie_default_search_provider\ARBITER.DLL.vir"
sh=A66AA13DA54773B2408FF28A24456E959EAFE46D ft=1 fh=86e6eee54614f6c8 vn="a variant of Win64/Toolbar.MyWebSearch.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\assists\ie_default_search_provider\ARBITER64.DLL.vir"
sh=1F5CB72E95336B2FE932CB549E75A2C523D1001C ft=1 fh=560481649e2dfeec vn="a variant of Win32/Toolbar.MyWebSearch.AF potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\assists\ie_default_search_provider\ASSIST.EXE.vir"
sh=0A8E345E03D2DA368C1792B4F619F64100BCF6AE ft=1 fh=4d6f7278f0aca2ee vn="a variant of Win32/Toolbar.MyWebSearch.AR potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\assists\ie_enable\ARBITER.DLL.vir"
sh=B5451BCDA721D129822FBB7A40997418F374EB72 ft=1 fh=fc7d835392c3df3e vn="a variant of Win32/Toolbar.MyWebSearch.AR potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\2.bin\assists\ie_enable\ARBITER64.DLL.vir"
sh=9027C045ABA4B4246B1DC4C831DE348190C1AE52 ft=1 fh=33e0ffc54b099ac6 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll"
sh=A57D81ECC6EC0F2472521463CF7AF370A79C83AE ft=1 fh=70e6f2a2b02f116f vn="a variant of Win32/Toolbar.Visicom.B potentially unwanted application" ac=I fn="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll"
sh=93726F317FFF4013C580FBC9D12F75468A8C1EF9 ft=1 fh=a547f944c4c4d942 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll"
sh=14618DA31EA7699542DFD99B1487535861F69F31 ft=1 fh=1887bac1b6dd0f0b vn="a variant of Win32/Toolbar.Visicom.C potentially unwanted application" ac=I fn="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe"
sh=AA13DC4EF0B2062F19D5EC66D31CDCAE09D99E3F ft=1 fh=1fd4fa099eece4da vn="a variant of Win32/Toolbar.Visicom.E potentially unwanted application" ac=I fn="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\uninstall.exe"
sh=9027C045ABA4B4246B1DC4C831DE348190C1AE52 ft=1 fh=33e0ffc54b099ac6 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll"
sh=9027C045ABA4B4246B1DC4C831DE348190C1AE52 ft=1 fh=33e0ffc54b099ac6 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Program Files (x86)\Mozilla Firefox\updated\browser\plugins\npMozCouponPrinter.dll"
sh=FF8EE7363F23024985290D8DE0388C7CBFAF2706 ft=1 fh=1bb7c2264c841428 vn="a variant of Win32/Toolbar.Visicom.C potentially unwanted application" ac=I fn="C:\ProgramData\comcastModemRelease\dtuser.exe"
sh=FF8EE7363F23024985290D8DE0388C7CBFAF2706 ft=1 fh=1bb7c2264c841428 vn="a variant of Win32/Toolbar.Visicom.C potentially unwanted application" ac=I fn="C:\Users\All Users\comcastModemRelease\dtuser.exe"
sh=9E4138C80F3E4C6EF19D4E1B6E3ED4263640F333 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Janis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.01\agent\stub_data\askrt_en.cab"
sh=7B6FFC5BB1935FDCE988C4E208074C130B6F24F4 ft=1 fh=aba64c05ef8ecac1 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Users\Janis\Downloads\couponprinter.exe"
sh=F50F2A7855CECF66E603C27A8DC97242FE253DBB ft=1 fh=aa34926681ed9975 vn="Win32/Systweak.D potentially unwanted application" ac=I fn="C:\Users\Janis\Downloads\rcp_dcomnew_sec_728.exe"
sh=E55DA6BAC6CA0E85E13D3FC2805B1C49D8045DD0 ft=1 fh=a341758a219db876 vn="Win32/Systweak.K potentially unwanted application" ac=I fn="C:\Users\Janis\Downloads\tall_080905405821162283.exe"
sh=E55DA6BAC6CA0E85E13D3FC2805B1C49D8045DD0 ft=1 fh=a341758a219db876 vn="Win32/Systweak.K potentially unwanted application" ac=I fn="C:\Users\Janis\Downloads\tall_080905410371799279.exe"
sh=E55DA6BAC6CA0E85E13D3FC2805B1C49D8045DD0 ft=1 fh=a341758a219db876 vn="Win32/Systweak.K potentially unwanted application" ac=I fn="C:\Users\Janis\Downloads\tall_080905411682126365.exe"
sh=E55DA6BAC6CA0E85E13D3FC2805B1C49D8045DD0 ft=1 fh=a341758a219db876 vn="Win32/Systweak.K potentially unwanted application" ac=I fn="C:\Users\Janis\Downloads\tall_080905423571152406.exe"

Security check

Results of screen317's Security Check version 1.014 --- 12/23/15
   x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 45
Java version 32-bit out of Date!
Adobe Flash Player    20.0.0.267
Adobe Reader XI
Mozilla Firefox (43.0.1)
Google Chrome (47.0.2526.106)
Google Chrome (47.0.2526.80)
Google Chrome (plugins...)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

#12
pystryker

Posted 29 December 2015 - 07:11 PM

Trusted Helper

Malware Removal
3,912 posts

Here are the logs you requested.

The firefox settings change you suggested worked. Is there any reason to go and change it back to its default settings?

It occurred to me that the mbm scans I did earlier this month and in November may have quarantined items rather than removing them. Should I tell mbm to clear out these items?

Finally, this computer usually has a McAfee firewall running. I've been disabling it for these scans, but I noticed that the security check listed a windows firewall as active. I'm not really sure why that is.

Hello

Good to hear, and no, no reason to go back to that setting. I believe some of the malware that we neutralized may have changed that setting. If you have a direct connection or wifi connection for connecting to the Internet, then no proxy is needed. :thumbsup:

Regarding the MBAM quarantine question. If they are showing in your quarantine, then yes, go ahead and delete them. Also, once we are finished, check the Windows firewall and disable it if you wish to continue running the McAfee firewall on the system. No need for two of them to hog system resources.

The ESET scan found a lot of items already quarantined, but a few that need to be removed. Let's take care of them and then update Java. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Fix with FRST

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
Right-click in the open notepad and select Paste).
Save it on the desktop as fixlist.txt

NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CHR HomePage: Default -> hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-26&ent=hp&u=AE44D1B629480618BC6ED75383D29F5D
FirewallRules: [{FDD65945-7834-4266-8598-5F2BE9761387}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
FirewallRules: [{6C917383-382A-4094-A092-09E056F249D9}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
C:\Program Files (x86)\Lavasoft
C:\Users\Janis\Downloads\rcp_dcomnew_sec_728.exe
C:\Users\Janis\Downloads\tall*.*
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Step 2: Java Warning and Update

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java

Please read this article about Java.

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version.

Things I need to see in your next post:

Fixlog.txt Log

#13
jtg22

Posted 29 December 2015 - 07:29 PM

Member

Topic Starter
Member
111 posts

Hello again,

Here's the FRST log. For the time being, I updated Java (though I'm very tempted to just uninstall and disable it).

Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Janis (2015-12-29 19:17:44) Run:2
Running from C:\Users\Janis\Desktop
Loaded Profiles: Janis (Available Profiles: Janis)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CHR HomePage: Default -> hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-26&ent=hp&u=AE44D1B629480618BC6ED75383D29F5D
FirewallRules: [{FDD65945-7834-4266-8598-5F2BE9761387}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
FirewallRules: [{6C917383-382A-4094-A092-09E056F249D9}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
C:\Program Files (x86)\Lavasoft
C:\Users\Janis\Downloads\rcp_dcomnew_sec_728.exe
C:\Users\Janis\Downloads\tall*.*
End
*****************

Restore point was successfully created.
Chrome HomePage => removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FDD65945-7834-4266-8598-5F2BE9761387} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6C917383-382A-4094-A092-09E056F249D9} => value not found.
C:\Program Files (x86)\Lavasoft => moved successfully
C:\Users\Janis\Downloads\rcp_dcomnew_sec_728.exe => moved successfully

=========== "C:\Users\Janis\Downloads\tall*.*" ==========

C:\Users\Janis\Downloads\tall_080905405821162283.exe => moved successfully
C:\Users\Janis\Downloads\tall_080905410371799279.exe => moved successfully
C:\Users\Janis\Downloads\tall_080905411682126365.exe => moved successfully
C:\Users\Janis\Downloads\tall_080905423571152406.exe => moved successfully

========= End -> "C:\Users\Janis\Downloads\tall*.*" ========

==== End of Fixlog 19:18:06 ====

#14
pystryker

Posted 29 December 2015 - 07:49 PM

Trusted Helper

Malware Removal
3,912 posts

Here's the FRST log. For the time being, I updated Java (though I'm very tempted to just uninstall and disable it).

Hello

The log looks good, and everything is updated. So let's remove my tools, create a clean restore point on the machine, and I think you'll be good. :thumbsup:

Step 1: Tool Removal with Delfix and Creation of a clean restore point

Download Delfix from here
Ensure Remove disinfection tools is ticked
Also tick:
- Create registry backup
- Purge system restore
- Reset System Settings
Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.
I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.

Step 2: Tips, Information, and Optional Installation of Unchecky

Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
Be careful of the websites you visit.
When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take your time and read each screen as you go.

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com
Click the very large Download button.
Click Save
Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)
Once open, click the Install button.

Then click Finish

Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:

Things I need to see in your next post

Delfix Log

#15
jtg22

Posted 29 December 2015 - 11:30 PM

Member

Topic Starter
Member
111 posts

Hello again,

Here's the Delfix Log. There was an error message that popped up in the middle of running it (basically the same as the one when I initially used the FRST tool last week), but the logs don't seem to show any errors. (It did delete a screencap I'd taken of the error from last week though - I guess it targets anything with the name FRST in it.)

There are a few followup things I'd like to discuss regarding getting this computer set up better. It's my parents' computer, and I'm wondering if there are any changes I can make to it to reduce the likelihood of them getting into this much malware again. Most of the stuff they do on this computer is checking facebook / email, news, and maybe some online shopping. My best guess for how they got so many malware items is just visiting too many clickbait articles, but I'm not 100% sure on this.

-What browser should I get them to start using. They currently use internet explorer. My preference would be Chrome or Firefox, but I'm not sure if there's a significant difference from a security standpoint. (The advice article in your post is from 2009. While I generally accept that Chrome and Firefox are better than IE, I'd like to be sure on this).

-They currently have McAfee as their anti-virus and firewall. Is this good enough, or should I switch them to MSE and the Windows firewall?

-My home computer has no-script running along with Firefox. Ideally, I'd like to have something similar set up on this computer; however, in the past, their response has been to declare the internet browser broken and just go back to internet explorer. Is there some sort of solution that's a happy medium to this (filters out adware, but doesn't shut down a website to the point that they either disable the program or go to it in a different browser)? (This is why I opted to keep Java - I don't want them thinking something doesn't work and then trying to fix it or work around it.)

-There's a Firefox addon I have on my home computer that rates a website's overall safety and puts a green, yellow, or red circle by the website to indicate how safe it is. I think it's a McAfee addon, but I'm not 100% sure. Is there something similar for either Chrome or Internet Explorer?

...

Here's the logfile

# DelFix v1.010 - Logfile created 29/12/2015 at 23:00:22
# Updated 26/04/2015 by Xplode
# Username : Janis - JANS
# Operating System : Windows 8.1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\logFileUI.txt
Deleted : C:\TDSSKiller.3.0.0.14_04.11.2013_10.51.13_log.txt
Deleted : C:\TDSSKiller.3.1.0.9_28.12.2015_22.43.32_log.txt
Deleted : C:\Users\Janis\Desktop\AdwCleaner.exe
Deleted : C:\Users\Janis\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Janis\Desktop\Fixlog.txt
Deleted : C:\Users\Janis\Desktop\FRST error pic.png
Deleted : C:\Users\Janis\Desktop\FRST64.exe
Deleted : C:\Users\Janis\Desktop\JRT.exe
Deleted : C:\Users\Janis\Desktop\SecurityCheck.exe
Deleted : C:\Users\Janis\Desktop\tdsskiller.exe
Deleted : C:\Users\Janis\Downloads\adwcleaner_4.208.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #63 [Windows Update | 12/18/2015 15:34:35]
Deleted : RP #64 [Windows Update | 12/23/2015 03:31:35]
Deleted : RP #66 [Restore Point Created by FRST | 12/29/2015 03:43:18]
Deleted : RP #67 [JRT Pre-Junkware Removal | 12/29/2015 03:51:55]
Deleted : RP #69 [Restore Point Created by FRST | 12/30/2015 01:17:45]
Deleted : RP #70 [Removed Java 7 Update 45 (64-bit) | 12/30/2015 01:21:37]
Deleted : RP #71 [Removed Java 7 Update 45 | 12/30/2015 01:22:06]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########